Norbert Thiebaud
created JENKINS-26427
Anonymous can delete data file
Issue Type:
Bug
Assignee:
Unassigned
Components:
cluster-stats-plugin
Created:
14/Jan/15 1:50 PM
Description:
While looking how to show the stats in a dashboard for the benefit or a larger audience that the admins.. I noticed that the url plugin/cluster-stats/ 'just' works, even for anonymous users.. that is fine, except that the button 'Delete Recorded Information' is also there... that is less 'fine'...
PS: I have not checked if click the button actually delete the data.. I'm in no rush to loose it
In order of preference:
the two button are not shown unless you are admin
the buttons are shown but do not do anything (or error-out) if not admin
the whole page is protected and require admin
Project:
Jenkins
Priority:
Minor
Reporter:
Norbert Thiebaud
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--
You received this message because you are subscribed to the Google Groups Jenkins Issues group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
