Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-66382

Job - Delete permission at Jenkins root level is needed to shelve the project

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: In Progress (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: shelve-project-plugin
    • Labels:
      None
    • Environment:
      * Jenkins 2.289.3
      * Shelve Project Plugin 3.2
    • Similar Issues:

      Description

      In the following scenario:

      • Choose `Project-based Matrix Authorization Strategy` Athorization strategy (and other like Role-Base strategy)
      • `user1` without the `job - delete` permission at the Jenkins root level.
      • `user1` with `job - delete` permission at the project (pipeline) level.

      The user is able to see the `delete project` link but not the `shelve project` link.

       

       

      Reviewing the source code, I found the following line:

       

      I believe the item that is currently visited should be checked and not the `Jenkins.getInstance()` item.

      This problem force us to grant job - deleting permission for all project if we want to shelve only one project.

        Attachments

          Activity

            People

            Assignee:
            pierrebtz Pierre Beitz
            Reporter:
            ironcerocloudbees Ignacio Roncero Bazarra
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: