[JIRA] [role-strategy-plugin] (JENKINS-19934) Add "Job Create" permission to project roles

Wed, 14 Jan 2015 08:15:46 -0800

mwebber commented on Improvement JENKINS-19934

This is simply not possible, as the permission to create items is given by the future item's container independent of the name of what you will create. You get access to the 'Create Item' page before having to specify a name, after all.

Of course! Thanks. That explains what I see. There is a bug in the current handling, but it's not what I originally reported.

Here's what I did:

  • Created a global role called "job-create", which has ONLY the "Job / Create" (and "Overall / Read") privileges.
  • Assigned user X to that global role.
  • Created a project role called "Dials-Administrator" with a jobname pattern of "(cctbx|dials|xia2).*". The role has all job permissions set.
  • Assigned user X to that project role.

What I wanted to happen:

  • User X could create a job whose name matched "(cctbx|dials|xia2).*"
  • User X could not create a job whose name did not match "(cctbx|dials|xia2).*"

What actually happend:

  • User X could see and click on "New Item"
  • User X attempted to created a new project with the name "dummy job"
  • User X got 
    HTTP ERROR 404
Problem accessing /job/dummy%20job/configure. Reason: Not Found




It looks like the user was prevented creating a job with a name they are not authorised to access. However, Jenkins actually went ahead and created the job (it's visible in the "All" tab), so it looks like the authorisation test is being done too late.



A friendlier error message would be nice, as well.



Hope that helps.
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to