Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-6801

With "Enable project-based security" on for workspace. non logged in users can view the html

    XMLWordPrintable

Details

    Description

      When project based security is on and only authorised users are able to view the workspace. the html plugin should only display the html link to users who are logged in and have workspace access.

      We use this plugin to display code coverage data (lcov) which contains source code.

      Can security please be intergrated with this plugin?

      Attachments

        Activity

          mcrooney mcrooney added a comment -

          Hm, I imagined it is a report like Javadoc or JUnit, and I don't think those require security. However I can see where arbitrary html reports have the potential to be more sensitive. I don't actively work on this plugin anymore but I'd welcome a patch which added an option (off by default for compatibility) to require workspace permissions to view!

          mcrooney mcrooney added a comment - Hm, I imagined it is a report like Javadoc or JUnit, and I don't think those require security. However I can see where arbitrary html reports have the potential to be more sensitive. I don't actively work on this plugin anymore but I'd welcome a patch which added an option (off by default for compatibility) to require workspace permissions to view!

          People

            r2b2_nz Richard Bywater
            rajpra rajpra
            Votes:
            1 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated: