Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-44136

Anonymous user can abort pipeline if choose abort in input

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Proceed and abort options treats different for anonymous user. 

      When user are not logged in and it comes to Proceed or Abort options in input step. It is supposed to be neither of them valid for such user. But current case : user can abort the whole pipeline.

      Should this be treated as a bug or the logic in canSettle() is correct?

        Attachments

          Activity

          zdtsw Wen Zhou created issue -
          Hide
          shaiton Kevin Raymond added a comment -

          On the other hand, an authenticated user who don't have the right to Proceed can Abort.

          We might imagine a long standing pipeline (several builds) it should not be aborted by a wrong user.

           

          Proceed and Abort should most probably use the same logic using the submitter parameter.

          Show
          shaiton Kevin Raymond added a comment - On the other hand, an authenticated user who don't have the right to Proceed can Abort. We might imagine a long standing pipeline (several builds) it should not be aborted by a wrong user.   Proceed and Abort should most probably use the same logic using the submitter parameter.
          jdawson Jessica Dawson made changes -
          Field Original Value New Value
          Comment [ I am still having this issue even after updating the input plugin to 2.8, which supposedly requires users to have the Build permission to interact with the input step. For me, the update prevents anonymous users from Proceeding, but it still lets them Abort. ]
          Hide
          abayer Andrew Bayer added a comment -

          This was fixed a little while ago in a security fix. Let me know if you're still having this problem with the latest version.

          Show
          abayer Andrew Bayer added a comment - This was fixed a little while ago in a security fix. Let me know if you're still having this problem with the latest version.
          abayer Andrew Bayer made changes -
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Resolved [ 5 ]

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            zdtsw Wen Zhou
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: