![]() |
|
|
|
|
Issue Type:
|
![Improvement]() Improvement
|
|
Assignee:
|
Jesse Glick
|
|
Components:
|
core |
|
Created:
|
26/Mar/13 2:07 PM
|
|
Description:
|
While many job types could reasonably be created by any user with Item.CREATE, some types inherently require more specialized permissions to create, configure, and run: backup jobs, Groovy script jobs, etc. While it is possible to check these other permissions "later", it would be much better to just forbid general users from creating such jobs to begin with—do not even show the option.
Proposal: add a method to TopLevelItemDescriptor, say boolean canCreate(ItemGroup parent, AccessControlled acl), checking whether the current user is allowed to create an instance of this job type in the selected folder. The default implementation would return true, but a subclass could perform an access check on the target folder.
ItemGroupMixIn would be responsible for calling the new method to prevent crafted form submissions from being accepted, but the main usage would be from e.g. View/newJob.jelly calling Items.all() and using <n:form>.
|
|
Project:
|
Jenkins
|
|
Labels:
|
permissions
api
|
|
Priority:
|
![Minor]() Minor
|
|
Reporter:
|
Jesse Glick
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit
https://groups.google.com/groups/opt_out.
