Adding a new getter sounds good and easy. I'll try that. Thank you!
2020年10月19日月曜日 23:41:08 UTC+9 Jesse Glick: > On Sat, Oct 17, 2020 at 11:49 PM ikedam <[email protected]> wrote: > > REST API looks expected to use to expose configurations, that is, to > expose static attributes rather than calculated results. > > Not really. There is an export API from builds (`Run.getApi`), for > example, which is clearly dynamic. > > > REST API is accessible from users with Item/READ permissions. The > current version of extensible-choice expose calculated values only to users > with Item/BUILD or Item/CONFIGURE permissions. > > If there is some security reason to restrict information, simply guard > the `@Exported` getter with a `hasPermission` call, returning an empty > result for users without permission. > > Note that this would affect other uses of the getter, which is usually > what you want: the caller is either internal, running as `ACL.SYSTEM`, > or is actually part of an authenticated request, in which case the > permission check is appropriate. If you really must retain the > original behavior, add a new getter with an arbitrary name which is > marked `@Restricted(DoNotUse.class) @Exported(name = > "originalPropertyName")` and does the permission check. > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/894bdd21-104b-41a5-a78f-545a7b2e057en%40googlegroups.com.
