Hello, all. I'm working on the puppet-enterprise-pipeline plugin trying to use the permission system to specify who can perform a certain action through the API. I'm guessing I'm missing something about the way the Jenkins permission system works.
I've specified a permission called Hiera/Lookup[1]. When I try to test the current authenticated user, the `hasPermission()`[2] method always returns true if the user has the Overall/Read permission. I do have the Lookup permission be implied by the Jenkins.READ permission, but I get the same result if I set the `impledBy` parameter in the Permission constructor to null. I'm after the use cases below (sorry for the Gherkin user stories, but they're great for describing specific behaviors). There is one test I cannot get to pass due to my misunderstanding how to use the system[3]. Any help is greatly appreciated. When there is a call to /hiera/lookup And it is unauthenticated And the "anonymous" user has Hiera/Lookup permission Then the call is authorized When there is a call to /hiera/lookup And it is authenticated And the user has Overall/Read permission And the user does not have Hiera/Lookup permission Then the call is unauthorized When there is a call to /hiera/lookup And the "Logged-in users can do anything" authorization system is being used And the call is unauthenticated Then the call is authorized When there is a call to /hiera/lookup And a non-Matrix authorization system is being used where unauthenticated users have read access And the call is unauthenticated Then the call is authorized When there is a call to /hiera/lookup And a non-Matrix authorization system is being used where unauthenticated users do not have read access And the call is unauthenticated Then the call is unauthorized [1] https://github.com/ccaum/puppet-enterprise-pipeline-plugin/blob/hiera_permissions/src/main/java/org/jenkinsci/plugins/puppetenterprise/api/HieraDataStore.java#L38 [2] https://github.com/ccaum/puppet-enterprise-pipeline-plugin/blob/hiera_permissions/src/main/java/org/jenkinsci/plugins/puppetenterprise/api/HieraDataStore.java#L124 [3] https://github.com/ccaum/puppet-enterprise-pipeline-plugin/blob/hiera_permissions/src/test/java/org/jenkinsci/plugins/puppetenterprise/api/HieraDataStoreTest.java#L180 -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAOE0%2BgHXe9pTHuhE7G4rUdPPSC0nWdn%3DtVhKiVUF8WbLZDSNgw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.