In the following scenario:
- Choose `Project-based Matrix Authorization Strategy` Athorization strategy (and other like Role-Base strategy)
- `user1` without the `job - delete` permission at the Jenkins root level.
- `user1` with `job - delete` permission at the project (pipeline) level.
The user is able to see the `delete project` link but not the `shelve project` link.
Reviewing the source code, I found the following line:
I believe the item that is currently visited should be checked and not the `Jenkins.getInstance()` item.
This problem force us to grant job - deleting permission for all project if we want to shelve only one project.
|Link||This issue relates to JENKINS-66419 [ JENKINS-66419 ]|
|Status||Open [ 1 ]||In Progress [ 3 ]|