Roger Wang I had a quick look, the fix in itself is quite simple but I see two issues:
- I'm not sure how it could work in the past, could you please send me the Jenkins Core version + Shelve Plugin version that you worked for you so that I can dig deeper?
- As I was saying, the fix is quite simple, but it would introduce an issue because of how the plugin is designed. It is due to the fact that anybody with the create permission on the root of Jenkins can see all the shelved projects. But somebody with the create permission on the root of Jenkins does not necessarily have the rights on a subfolder. Here is a simple example showing my case:
User A has the create permission on root, but cannot see content of folder B. Somebody shelves a job in B, B/job. User A can browse the shelved jobs (because of the create permission on root), therefore he can see the B/job which he is not supposed to see.
From my point of view, allowing users with the delete permission to shelve projects is ok, but allowing people with the create permission to see all the shelved project is not.
This means I can make a quick fix, so that users with the delete permission have the rights to shelve. But only administrators will have the rights to unshelve.