Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55565

Folder-level nested views do not show "New Item" link when the Job/Create permission is not granted globally

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • core, nested-view-plugin
    • None
    • - Jenkins 2.138.2
      - Matrix Authorization Strategy Plugin 2.3
      - Folders Plugin 6.6

      The "New Item" Button is missing in Subviews of Nested Views when the Job/Create permission is not granted globally

       

      To reproduce:

       

      1. Create a Top-Level folder that sets "Do not inherit permission grant from other ACLs" then gives ALL the permission to a user or group.

      2. Create a Nested View in that folder.

      3. Create a List View in that Nested View.

       

      Now even the user has all the permissions the "New Item" button is missing in the List View, but it appears in the folder.

      Note: the "New Item"-Button also appears in a List View directly residing in the folder.

          [JENKINS-55565] Folder-level nested views do not show "New Item" link when the Job/Create permission is not granted globally

          Daniel Zeiter added a comment -

          JENKINS-46540 might be a similar issue.

          Daniel Zeiter added a comment - JENKINS-46540 might be a similar issue.

          Daniel Beck added a comment -

          I am able to reproduce this problem on Jenkins 2.138.x and Matrix Auth 2.4.

          Daniel Beck added a comment - I am able to reproduce this problem on Jenkins 2.138.x and Matrix Auth 2.4.

          Daniel Beck added a comment -

          This appears to be either a core bug, or a bug in nested view plugin.

          Core will only allow permissions to create jobs in views to users who have this permission globally:
          https://github.com/jenkinsci/jenkins/blob/a5a92af4bebc73298d2061e8e95227d4e416fc74/core/src/main/resources/hudson/model/View/sidepanel.jelly#L43

          It happens independent of "Do not inherit permission grant from other ACLs" – just don't grant the Item/Create permission globally.

          I expect this doesn't happen for folder-level non-nested views because AbstractFolder defines tasks-new.jelly and references tasks-create.jelly which has a folder-level permission check.

          nested-views plugin does not do that, so the fallback in core is used. Somewhere between the two, something goes wrong.

          Daniel Beck added a comment - This appears to be either a core bug, or a bug in nested view plugin. Core will only allow permissions to create jobs in views to users who have this permission globally: https://github.com/jenkinsci/jenkins/blob/a5a92af4bebc73298d2061e8e95227d4e416fc74/core/src/main/resources/hudson/model/View/sidepanel.jelly#L43 It happens independent of "Do not inherit permission grant from other ACLs" – just don't grant the Item/Create permission globally. I expect this doesn't happen for folder-level non-nested views because  AbstractFolder defines tasks-new.jelly and references tasks-create.jelly which has a folder-level permission check. nested-views plugin does not do that, so the fallback in core is used. Somewhere between the two, something goes wrong.

            Unassigned Unassigned
            scic Daniel Zeiter
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: