-
Bug
-
Resolution: Duplicate
-
Critical
-
None
-
-
1.0
I discovered some bugs in the Git Creation flow for users with restricted permissions:
- If the user lacks the "Credentials -> Create" permission, and then fills out a new permission,
the browser will receive a 404 error when POSTing to the credentials API. We probably need to hide the "New Credential" section for users lacking this permission. - If the user lacks the "Credentials -> View" permission, the API call to return the existing credentials will always return an empty array. We probably need to hide the "Existing Credentials" section in this case.
- If the user lacks both permissions, it would appear they are unable to use the API. We should probably restrict access to it entirely, similar to
JENKINS-41434.
- duplicates
-
JENKINS-42120 Revisit Git repository creation flow credential setup
-
- Resolved
-
- is blocked by
-
-
- Resolved
-
- relates to
-
-
- Closed
-
-
-
- Resolved
-
[JENKINS-41573] Git Creation needs to better handle users with restricted credential permissions
cliffmeyers can't think of anything myself here, but I am not very creative with this area so I wouldn't expect I could cook up any more edge cases.
michaelneale if you can think of any other snafus that might occur due to restricted permissions, would be great to add detail to this ticket.