[JENKINS-8578] Permissions not enforced for Query and Trigger Gerrit Patches feature - Jenkins Jira

XML

Word

Printable

Details

Type: Improvement
Status: Closed (View Workflow)
Priority: Minor
Resolution: Fixed
Component/s: gerrit-trigger-plugin
Labels:
None

Similar Issues:

Show

Description

Our hudson is configured so that anonymous has no access (view, triggers build, nothing). Yet, without logging in, you can go to Query and Trigger Gerrit Patches, type in a query, and trigger builds. The UI says no jobs were triggered, but after logging back in, the job was indeed triggered. The Query and Trigger Gerrit Patches should at the minimum check that the logged in user has the Build permission for that specific job.

Attachments

Activity

Ascending order - Click to sort in descending order

Cody Cutrer added a comment - 2011-01-21 15:35

I suppose this is an improvement, not a bug, since it is possible to globally disable the feature, which would meet the security requirements (at the loss of a very very very useful feature).

Cody Cutrer added a comment - 2011-01-21 15:35 I suppose this is an improvement, not a bug, since it is possible to globally disable the feature, which would meet the security requirements (at the loss of a very very very useful feature).

rsandell added a comment - 2011-03-31 18:32

Commit: fa95ddbf47b42daf638c
Released in version 2.3.0

rsandell added a comment - 2011-03-31 18:32 Commit: fa95ddbf47b42daf638c Released in version 2.3.0

People

Assignee:: rsandell

Reporter:: Cody Cutrer

Votes:: 1 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2011-01-21 15:33

Updated:: 2011-03-31 18:32

Resolved:: 2011-03-31 18:32