|
|
|
Issue Type:
|
Bug
|
Assignee:
|
Alex Earl
|
Components:
|
email-ext |
Created:
|
25/Jul/14 12:49 PM
|
Description:
|
The permissions check is run in a system context (or not re-run for every page view), so it's ineffective.
The permission needs to be checked:
- in the action itself (e.g. the index.jelly) to fail when configure permission is missing
- as well as the action.jelly that needs to be added for this
|
Environment:
|
Email-ext 2.37.2.2 on Jenkins 1.554.3
|
Project:
|
Jenkins
|
Labels:
|
security
|
Priority:
|
Major
|
Reporter:
|
Daniel Beck
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit
https://groups.google.com/d/optout.