Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-8578

Permissions not enforced for Query and Trigger Gerrit Patches feature

    XMLWordPrintable

Details

    Description

      Our hudson is configured so that anonymous has no access (view, triggers build, nothing). Yet, without logging in, you can go to Query and Trigger Gerrit Patches, type in a query, and trigger builds. The UI says no jobs were triggered, but after logging back in, the job was indeed triggered. The Query and Trigger Gerrit Patches should at the minimum check that the logged in user has the Build permission for that specific job.

      Attachments

        Activity

          rsandell rsandell added a comment -

          Commit: fa95ddbf47b42daf638c
          Released in version 2.3.0

          rsandell rsandell added a comment - Commit: fa95ddbf47b42daf638c Released in version 2.3.0
          ccutrer Cody Cutrer added a comment -

          I suppose this is an improvement, not a bug, since it is possible to globally disable the feature, which would meet the security requirements (at the loss of a very very very useful feature).

          ccutrer Cody Cutrer added a comment - I suppose this is an improvement, not a bug, since it is possible to globally disable the feature, which would meet the security requirements (at the loss of a very very very useful feature).

          People

            rsandell rsandell
            ccutrer Cody Cutrer
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: