[JIRA] [role-strategy-plugin] (JENKINS-19934) Add "Job Create" permission to project roles
Title: Message Title Florian Mignotet commented on JENKINS-19934 Re: Add "Job Create" permission to project roles Hi, We need the same feature too. Is there a fix in progress ? Thank you Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add "Job Create" permission to project roles
Title: Message Title Oleg Nenashev commented on JENKINS-19934 Re: Add "Job Create" permission to project roles It's in my backlog, but I have to confirm that I have not found time to seriously revisit this task yet - too many other activities. No ETA right now. BTW I can perform all required reviews if somebody decides to work on this feature/issue Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
Title: Message Title Patrick Wilkerson commented on JENKINS-19934 Re: Add Job Create permission to project roles Any update on this? We have the same issue and this feature would be great to have working. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
Kanstantsin Shautsou commented on JENKINS-19934 Add Job Create permission to project roles I will try reproduce, but not today. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
Simon Devineau commented on JENKINS-19934 Add Job Create permission to project roles Ok thanks for your consideration. I will commit a new version on monday. I had some bugs in my code. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
Simon Devineau
commented on JENKINS-19934
Add Job Create permission to project roles
Hello everyone,
First I would like to say thank you to Oleg and his team. This plugin is so powerfull.
About this/these bug(s), I am sorry if I did not understand everything but here is my aim.
I want a user (let's call him jobCreator) to be able to create jobs only if it respects a pattern otherwiswe it does not create it.
If the user has the global create job he can do whatever he wants (Let's call him globalCreator)
As it was said above, you need the global create job to be able to see the icon 'Create new item'.
So the jobCreator will always have both permisisons (global and job)
The globalCreator needs to have ONLY the global create permissions.
I have modified the code of RoleBasedProjectNamingStrategy to follow my scenario.
I cannot promise anything with it but if you want to check it out and update your code with, I will be glad.
Also, I am not sure the current code is working.
//firstly check global role
SortedMapRole, SetString gRole = rbas.getGrantedRoles(RoleBasedAuthorizationStrategy.GLOBAL);
for (SortedMap.EntryRole, SetString entry: gRole.entrySet()){
if (entry.getKey().hasPermission(Item.CREATE))
return;
}
This will always return true because gRole contains all the users with all the global permissions.
It should check the current logged user.
I am gonna patch my code to your github if you are interested and attached it to my message.
Could you please let me know about your intention.
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--
You received this message because you are subscribed to the Google Groups Jenkins Issues group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
Simon Devineau updated JENKINS-19934 Add Job Create permission to project roles Here is the code I modified to follow my scenario Change By: Simon Devineau (13/Mar/15 4:05 PM) Attachment: RoleBasedProjectNamingStrategy.java This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
podskalsky commented on JENKINS-19934 Add Job Create permission to project roles I have the same problem: the project role "Job create" with using the Restrict project naming "Role-Based Strategy" (defined pattern) is not running as mentioned. only the global role "Job create" is allowed to create Jobs, but without defined patterns Here is the Help text ... Help for feature: Role-Based Strategy Restricts Job creation according to role based settings. Global role allows create with any name, project role according to defined pattern This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
Oleg Nenashev commented on JENKINS-19934 Add Job Create permission to project roles Seems Kanstantsin Shautsou is too busy to handle this issue. I'll try to reproduce it according to the comments above. There's an issue in the code with Folders plugin. regexp filters for such jobs won't be applied correctly The message is not completely sensible, of course: the users is already logged in! There can be an impersonation issue within the code The user then reported that the tabbed views at the top of the Jenkins page had disappaeared! This was shown to me. REMOVING the global "Discover" permission restored the view tabs. I cannot imagine what would cause that, I'm half doubting the evidence of my eyes, but it seemed to be as reported. No idea. I suppose it is not related to this issue. Please file a new one to role-strategy (or Jenkins core) This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
Oleg Nenashev assigned JENKINS-19934 to Oleg Nenashev Add Job Create permission to project roles Change By: Oleg Nenashev (29/Jan/15 9:10 AM) Assignee: KanstantsinShautsou OlegNenashev This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
mwebber commented on JENKINS-19934 Add Job Create permission to project roles Actually, the job should be created, but the user has no permission to access it, as it does not match the name pattern. This seems to be a limitation inherent in how Role Strategy works. You are probably correct. I guess the problem here is in the Role Strategy UI - on my Jenkins, there are 19 different privileges that can be selected for a "role". "Role"s have a jobname pattern associated with them, and 1 of those 19 privileges, "Job/Create", it does not behave like the others, without any visual clue. A friendlier error message would be nice, as well. May be possible if you give the user the Discover permission globally. Otherwise, Jenkins will simply deny there is such a job, as the user is not allowed to see it, and not allowed to learn of its existence. I tested this. With global Discover permission added, the user then gets a more sensible message: Access Denied Please login to access job dummy-job The message is not completely sensible, of course: the users is already logged in! The user then reported that the tabbed views at the top of the Jenkins page had disappaeared! This was shown to me. REMOVING the global "Discover" permission restored the view tabs. I cannot imagine what would cause that, I'm half doubting the evidence of my eyes, but it seemed to be as reported. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
Daniel Beck commented on JENKINS-19934 Add Job Create permission to project roles Actually, the job should be created, but the user has no permission to access it, as it does not match the name pattern. This seems to be a limitation inherent in how Role Strategy works. A friendlier error message would be nice, as well. May be possible if you give the user the Discover permission globally. Otherwise, Jenkins will simply deny there is such a job, as the user is not allowed to see it, and not allowed to learn of its existence. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
mwebber commented on JENKINS-19934 Add Job Create permission to project roles This is simply not possible, as the permission to create items is given by the future item's container independent of the name of what you will create. You get access to the 'Create Item' page before having to specify a name, after all. Of course! Thanks. That explains what I see. There is a bug in the current handling, but it's not what I originally reported. Here's what I did: Created a global role called "job-create", which has ONLY the "Job / Create" (and "Overall / Read") privileges. Assigned user X to that global role. Created a project role called "Dials-Administrator" with a jobname pattern of "(cctbx|dials|xia2).*". The role has all job permissions set. Assigned user X to that project role. What I wanted to happen: User X could create a job whose name matched "(cctbx|dials|xia2).*" User X could not create a job whose name did not match "(cctbx|dials|xia2).*" What actually happend: User X could see and click on "New Item" User X attempted to created a new project with the name "dummy job" User X got HTTP ERROR 404 Problem accessing /job/dummy%20job/configure. Reason: Not Found It looks like the user was prevented creating a job with a name they are not authorised to access. However, Jenkins actually went ahead and created the job (it's visible in the "All" tab), so it looks like the authorisation test is being done too late. A friendlier error message would be nice, as well. Hope that helps. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
mwebber edited a comment on JENKINS-19934 Add Job Create permission to project roles This is simply not possible, as the permission to create items is given by the future item's container independent of the name of what you will create. You get access to the 'Create Item' page before having to specify a name, after all. Of course! Thanks. That explains what I see. There is a bug in the current handling, but it's not what I originally reported. Here's what I did: Created a global role called "job-create", which has ONLY the "Job / Create" (and "Overall / Read") privileges. Assigned user X to that global role. Created a project role called "Dials-Administrator" with a jobname pattern of "(cctbx|dials|xia2).*". The role has all job permissions set. Assigned user X to that project role. What I wanted to happen: User X could create a job whose name matched "(cctbx|dials|xia2).*" User X could not create a job whose name did not match "(cctbx|dials|xia2).*" What actually happend: User X could see and click on "New Item" User X could successfully create a new job whose name matched "(cctbx|dials|xia2).*" User X attempted to created a new project with the name "dummy job" User X got HTTP ERROR 404 Problem accessing /job/dummy%20job/configure. Reason: Not Found It looks like the user was prevented creating a job with a name they are not authorised to access. However, Jenkins actually went ahead and created the job (it's visible in the "All" tab), so it looks like the authorisation test is being done too late. A friendlier error message would be nice, as well. Hope that helps. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
mwebber commented on JENKINS-19934 Add Job Create permission to project roles Sorry about the delay in reponding, Kanstantsin. I have recreated the problem; here's the data you need: Running Jenkins 1.595, Role Strategy Plugin 2.2.0. and CAS Plugin 1.1.2. The main Jenkins configuration has "Restrict project naming" on, with "Role-Based Strategy" selected. I have a project role called "Dials-Administrator" with a jobname pattern of "(cctbx|dials|xia2).*". The role has all job permissions set. user wra62962 is not assigned to any global role user wra62962 is assigned to project role "Dials-Administrator" user wra62962 cannot create a new job named e.g. cctbx-new, but should be able to. /whoAmI for wra62962 Who Am I? Name: wra62962 IsAuthenticated?: true Authorities: • "authenticated" Details: toString: org.jenkinsci.plugins.cas.spring.security.CasAuthentication@fc9b3225: Username: org.acegisecurity.userdetails.User@fc52b100: Username: wra62962; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: authenticated; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: authenticated Assertion: org.jasig.cas.client.validation.AssertionImpl@21427846 Credentials (Service/Proxy Ticket): ST-3984-9HEe7tcxOEIQJ5B5MXxd-cas01.example.org For comparison, here is another user who is assigned to a global role called "admin" (which is allowed to do "job create"), and that user can create jobs ok. Who Am I? Name: bmn54829 IsAuthenticated?: true Authorities: "authenticated" Details: toString: org.jenkinsci.plugins.cas.spring.security.CasAuthentication@fe49761d: Username: org.acegisecurity.userdetails.User@2738a00: Username: bmn54829; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: authenticated; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: authenticated Assertion: org.jasig.cas.client.validation.AssertionImpl@3abc9d02 Credentials (Service/Proxy Ticket): ST-3924-pDmuQxc9KY4DrMed6CBf-cas01.example.org This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
Daniel Beck commented on JENKINS-19934 Add Job Create permission to project roles This is simply not possible, as the permission to create items is given by the future item's container independent of the name of what you will create. You get access to the 'Create Item' page before having to specify a name, after all. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
Oleg Nenashev commented on JENKINS-19934 Add Job Create permission to project roles Kanstantsin Shautsou, any updates? This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
Kanstantsin Shautsou commented on JENKINS-19934 Add Job Create permission to project roles AFAIR restrict project naming works when you entering project name after you opened "new project" link. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [role-strategy-plugin] (JENKINS-19934) Add Job Create permission to project roles
Kanstantsin Shautsou commented on JENKINS-19934 Add Job Create permission to project roles Please, provide info from http://jenkins/whoAmI under logged in xzl80115 user (part before cookies). This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
