[JENKINS-55462] "shelve project" button missing for all non-admin users

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: shelve-project-plugin
Labels:
- 2.4-fixed
Environment:
jenkins v2.150.1 running on Centos 7 with Project based authorisation

Similar Issues:
Powered by SuggestiMate

Show

Hello,

with project based authorisation, all non-admin user cannot see the Shelve Project button. the button will appear if we grant the administrator privileges to the user in Global Security.

I manually created a free style project for testing which behaves the same.

Jenkins and plugins are updated to the latest version.

Thanks for helping.

Roger

links to

PR#17

Roger Wang created issue - 2019-01-09 05:28

Roger Wang made changes - 2019-01-10 23:17

Priority

Original: Blocker [ 1 ]

New: Major [ 3 ]

Roger Wang added a comment - 2019-01-11 04:55

just add what we have tested:

granted all permissions except administrator to user, the shelve project button is missing.
change the authorisation to matrix based, the problem is still appeared.

Roger Wang added a comment - 2019-01-11 04:55 just add what we have tested: granted all permissions except administrator to user, the shelve project button is missing. change the authorisation to matrix based, the problem is still appeared.

Pierre Beitz added a comment - 2019-01-11 21:37

rogerwang I reproduced the issue, it seems the check for the delete permission is not correct. I'll work on a fix as soon as possible.

In the meantime, I confirm only the admin rights allows to shelve/unshelve.

This doesn't seem like a regression as the guilty code has been here for a long time.

Pierre Beitz added a comment - 2019-01-11 21:37 rogerwang I reproduced the issue, it seems the check for the delete permission is not correct. I'll work on a fix as soon as possible. In the meantime, I confirm only the admin rights allows to shelve/unshelve. This doesn't seem like a regression as the guilty code has been here for a long time.

Roger Wang made changes - 2019-01-21 02:16

Assignee

Original: Pierre Beitz [ pierrebtz ]

New: Roger Wang [ rogerwang ]

Roger Wang made changes - 2019-01-21 02:17

Assignee

Original: Roger Wang [ rogerwang ]

New: Pierre Awaragi [ pierre ]

Roger Wang made changes - 2019-01-21 02:18

Assignee

Original: Pierre Awaragi [ pierre ]

New: Pierre Beitz [ pierrebtz ]

Roger Wang added a comment - 2019-01-21 02:26

Hi Pierre,

For some reasons, it accidentally assign the case to me, so I assigned it back to you.

And just wondering anything I could do to speed up the crucial repairing task, as the Shelve Project feature is kind of essential requirement from our development team and we have to continue use the very old Jenkins until it is fixed.

Thank you very much for your help.

Roger

Roger Wang added a comment - 2019-01-21 02:26 Hi Pierre, For some reasons, it accidentally assign the case to me, so I assigned it back to you. And just wondering anything I could do to speed up the crucial repairing task, as the Shelve Project feature is kind of essential requirement from our development team and we have to continue use the very old Jenkins until it is fixed. Thank you very much for your help. Roger

Pierre Beitz added a comment - 2019-01-21 09:16

rogerwang I had a quick look, the fix in itself is quite simple but I see two issues:

I'm not sure how it could work in the past, could you please send me the Jenkins Core version + Shelve Plugin version that you worked for you so that I can dig deeper?
As I was saying, the fix is quite simple, but it would introduce an issue because of how the plugin is designed. It is due to the fact that anybody with the create permission on the root of Jenkins can see all the shelved projects. But somebody with the create permission on the root of Jenkins does not necessarily have the rights on a subfolder. Here is a simple example showing my case:

User A has the create permission on root, but cannot see content of folder B. Somebody shelves a job in B, B/job. User A can browse the shelved jobs (because of the create permission on root), therefore he can see the B/job which he is not supposed to see.

From my point of view, allowing users with the delete permission to shelve projects is ok, but allowing people with the create permission to see all the shelved project is not.

This means I can make a quick fix, so that users with the delete permission have the rights to shelve. But only administrators will have the rights to unshelve.

Pierre Beitz added a comment - 2019-01-21 09:16 rogerwang I had a quick look, the fix in itself is quite simple but I see two issues: I'm not sure how it could work in the past, could you please send me the Jenkins Core version + Shelve Plugin version that you worked for you so that I can dig deeper? As I was saying, the fix is quite simple, but it would introduce an issue because of how the plugin is designed. It is due to the fact that anybody with the create permission on the root of Jenkins can see all the shelved projects. But somebody with the create permission on the root of Jenkins does not necessarily have the rights on a subfolder. Here is a simple example showing my case: User A has the create permission on root, but cannot see content of folder B. Somebody shelves a job in B, B/job. User A can browse the shelved jobs (because of the create permission on root), therefore he can see the B/job which he is not supposed to see. From my point of view, allowing users with the delete permission to shelve projects is ok, but allowing people with the create permission to see all the shelved project is not. This means I can make a quick fix, so that users with the delete permission have the rights to shelve. But only administrators will have the rights to unshelve.

Roger Wang added a comment - 2019-01-25 00:27

Hi Pierre,

That is great news. I am still waiting our development's opinion for your suggestion. But, in my perspective, that should solve our problems for now if we can't have the permanent solution.

Besides that, the current Jenkins is v1.590 and Shelve Project plugin is v1.5.

Thank you for your help!

Cheers,

Roger

Roger Wang added a comment - 2019-01-25 00:27 Hi Pierre, That is great news. I am still waiting our development's opinion for your suggestion. But, in my perspective, that should solve our problems for now if we can't have the permanent solution. Besides that, the current Jenkins is v1.590 and Shelve Project plugin is v1.5. Thank you for your help! Cheers, Roger

Assignee:: Pierre Beitz

Reporter:: Roger Wang

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2019-01-09 05:28

Updated:: 2019-03-28 20:26

Resolved:: 2019-03-28 20:26

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Roger Wang added a comment - 2019-01-11 04:55

Expand comment: Roger Wang added a comment - 2019-01-11 04:55

Collapse comment: Pierre Beitz added a comment - 2019-01-11 21:37

Expand comment: Pierre Beitz added a comment - 2019-01-11 21:37

Collapse comment: Roger Wang added a comment - 2019-01-21 02:26

Expand comment: Roger Wang added a comment - 2019-01-21 02:26

Collapse comment: Pierre Beitz added a comment - 2019-01-21 09:16

Expand comment: Pierre Beitz added a comment - 2019-01-21 09:16

Collapse comment: Roger Wang added a comment - 2019-01-25 00:27

Expand comment: Roger Wang added a comment - 2019-01-25 00:27

People

Dates