Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64865

"Shelved Projects" is not visible for non-adminstrators with create permission

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      I'm using project based authorisation.

      The documentation on https://plugins.jenkins.io/shelve-project-plugin/ sais:
      "Shelving a project requires the DELETE permission. Unshelving a project requires the CREATE permission"

      I observed:
      With the "shelve project" Action everythin is ok.

      But: Non-administrator user do not see the navigation entry: "shelved projects", even if they have the create permission. Thus they cannot unpack their lately packed projects.

      I would expect that non-adminstrative users could restore projects if the have CREATE permission as it is written in the documentation.

      I think this is a side effect of issue "JENKINS-55462".
      and this commit:
      https://github.com/jenkinsci/shelve-project-plugin/commit/2cb2db06167ebe4b80075ad67cea0ee36b4e45ca#diff-98f696bcda8cb0891e558d0ad7ec5d575e5958be91f18490173b78ccbc74422a

      As issue JENKINS-55462 does not mention that "unshelved projects" option should be restricted to administrator I guess this side effect was not intentionally.

       

       

        Attachments

          Issue Links

            Activity

            Hide
            maluge Matthias Ludwig added a comment -

            Ok, I've understood. It was just an idea - I don't realy know the details.

            On my opionion we can close the ticket. Die you want to keep it open for the documentation part?

            Looking forward for any news of your great plugin. It realy helps to keep jobs clean.

            Thank you so much for your support! Great!

             

            Show
            maluge Matthias Ludwig added a comment - Ok, I've understood. It was just an idea - I don't realy know the details. On my opionion we can close the ticket. Die you want to keep it open for the documentation part? Looking forward for any news of your great plugin. It realy helps to keep jobs clean. Thank you so much for your support! Great!  
            Hide
            pierrebtz Pierre Beitz added a comment -

            Matthias Ludwig historically the plugin as a flaw in that when you unshelve something it does not rely on the Jenkins API to actually create the job but simply copy paste the job configuration in the `JENKINS_HOME` and reload the model. This leads to issues like https://issues.jenkins.io/browse/JENKINS-13123

            I had in my head for some time to rework this part, but I didn't progress well. The method you propose sadly would not work as the copy job methods relies on having a source job already loading in Jenkins. I think the proper approach would probably to use something equivalent to the create job from xml that you can for example see in the Jenkins Rest API. The thing is that it does not solve the problem of importing the history of the job... 

            Show
            pierrebtz Pierre Beitz added a comment - Matthias Ludwig  historically the plugin as a flaw in that when you unshelve something it does not rely on the Jenkins API to actually create the job but simply copy paste the job configuration in the `JENKINS_HOME` and reload the model. This leads to issues like https://issues.jenkins.io/browse/JENKINS-13123 .  I had in my head for some time to rework this part, but I didn't progress well. The method you propose sadly would not work as the copy job methods relies on having a source job already loading in Jenkins. I think the proper approach would probably to use something equivalent to the create job from xml that you can for example see in the Jenkins Rest API. The thing is that it does not solve the problem of importing the history of the job... 
            Hide
            maluge Matthias Ludwig added a comment -

            Pierre Beitz thank you for your clear answer. That helps. You'r doing this as volonteer, so no need for excuses.

            I'me not into jenkins programming, but I've read your comments, I understand why you decided that it needs admin privileges.

            I can solve this problem organizationally for me.

            Just one idea, I don't know if this is realistic or not.

            One can create Jenkins Jobs as copy of another element. Maybe it would be a solution to allow normal users to create job as copy of a shelved job. This would shift the right check to the "element creation" process. In my case this would help.

             

            Show
            maluge Matthias Ludwig added a comment - Pierre Beitz thank you for your clear answer. That helps. You'r doing this as volonteer, so no need for excuses. I'me not into jenkins programming, but I've read your comments, I understand why you decided that it needs admin privileges. I can solve this problem organizationally for me. Just one idea, I don't know if this is realistic or not. One can create Jenkins Jobs as copy of another element. Maybe it would be a solution to allow normal users to create job as copy of a shelved job. This would shift the right check to the "element creation" process. In my case this would help.  
            Hide
            pierrebtz Pierre Beitz added a comment -

            Matthias Ludwig sorry for the delay. Your analysis is correct, this is indeed the fix that made this, but it was not a mistake and was done on purpose. The explanation is in this comment I made at the time: https://issues.jenkins.io/browse/JENKINS-55462?focusedCommentId=358328&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-358328

             

            AFAICT the bug is with the documentation that should not mention "Unshelving a project requires the CREATE permission" but "Unshelving a project requires the ADMINISTER permission".

            Happy to discuss further if you see another way to mitigate the concern I'm raising in the linked comment.

            Show
            pierrebtz Pierre Beitz added a comment - Matthias Ludwig  sorry for the delay. Your analysis is correct, this is indeed the fix that made this, but it was not a mistake and was done on purpose. The explanation is in this comment I made at the time: https://issues.jenkins.io/browse/JENKINS-55462?focusedCommentId=358328&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-358328   AFAICT the bug is with the documentation that should not mention "Unshelving a project requires the CREATE permission" but "Unshelving a project requires the ADMINISTER permission". Happy to discuss further if you see another way to mitigate the concern I'm raising in the linked comment.

              People

              Assignee:
              pierrebtz Pierre Beitz
              Reporter:
              maluge Matthias Ludwig
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: