-
Bug
-
Resolution: Fixed
-
Minor
-
jenkins 2.263.3
Shelve Project Plugin 3.1
I'm using project based authorisation.
The documentation on https://plugins.jenkins.io/shelve-project-plugin/ sais:
"Shelving a project requires the DELETE permission. Unshelving a project requires the CREATE permission"
I observed:
With the "shelve project" Action everythin is ok.
But: Non-administrator user do not see the navigation entry: "shelved projects", even if they have the create permission. Thus they cannot unpack their lately packed projects.
I would expect that non-adminstrative users could restore projects if the have CREATE permission as it is written in the documentation.
I think this is a side effect of issue "JENKINS-55462".
and this commit:
https://github.com/jenkinsci/shelve-project-plugin/commit/2cb2db06167ebe4b80075ad67cea0ee36b4e45ca#diff-98f696bcda8cb0891e558d0ad7ec5d575e5958be91f18490173b78ccbc74422a
As issue JENKINS-55462 does not mention that "unshelved projects" option should be restricted to administrator I guess this side effect was not intentionally.
- links to
[JENKINS-64865] "Shelved Projects" is not visible for non-adminstrators with create permission
Matthias Ludwig
added a comment - Pierre Beitz thank you for your clear answer. That helps. You'r doing this as volonteer, so no need for excuses.
I'me not into jenkins programming, but I've read your comments, I understand why you decided that it needs admin privileges.
I can solve this problem organizationally for me.
Just one idea, I don't know if this is realistic or not.
One can create Jenkins Jobs as copy of another element. Maybe it would be a solution to allow normal users to create job as copy of a shelved job. This would shift the right check to the "element creation" process. In my case this would help.
Matthias Ludwig
added a comment - Pierre Beitz thank you for your clear answer. That helps. You'r doing this as volonteer, so no need for excuses.
I'me not into jenkins programming, but I've read your comments, I understand why you decided that it needs admin privileges.
I can solve this problem organizationally for me.
Just one idea, I don't know if this is realistic or not.
One can create Jenkins Jobs as copy of another element. Maybe it would be a solution to allow normal users to create job as copy of a shelved job. This would shift the right check to the "element creation" process. In my case this would help.
maluge historically the plugin as a flaw in that when you unshelve something it does not rely on the Jenkins API to actually create the job but simply copy paste the job configuration in the `JENKINS_HOME` and reload the model. This leads to issues like https://issues.jenkins.io/browse/JENKINS-13123.
I had in my head for some time to rework this part, but I didn't progress well. The method you propose sadly would not work as the copy job methods relies on having a source job already loading in Jenkins. I think the proper approach would probably to use something equivalent to the create job from xml that you can for example see in the Jenkins Rest API. The thing is that it does not solve the problem of importing the history of the job...
Matthias Ludwig
added a comment - Ok, I've understood. It was just an idea - I don't realy know the details.
On my opionion we can close the ticket. Die you want to keep it open for the documentation part?
Looking forward for any news of your great plugin. It realy helps to keep jobs clean.
Thank you so much for your support! Great!
Matthias Ludwig
added a comment - Ok, I've understood. It was just an idea - I don't realy know the details.
On my opionion we can close the ticket. Die you want to keep it open for the documentation part?
Looking forward for any news of your great plugin. It realy helps to keep jobs clean.
Thank you so much for your support! Great!
maluge sorry for the delay. Your analysis is correct, this is indeed the fix that made this, but it was not a mistake and was done on purpose. The explanation is in this comment I made at the time: https://issues.jenkins.io/browse/JENKINS-55462?focusedCommentId=358328&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-358328
AFAICT the bug is with the documentation that should not mention "Unshelving a project requires the CREATE permission" but "Unshelving a project requires the ADMINISTER permission".
Happy to discuss further if you see another way to mitigate the concern I'm raising in the linked comment.