How to implement project based authorization (to view workspace files)?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How to implement project based authorization (to view workspace files)?

Ulli Hafner
Hi,

is there an example on how to implement the Project-based Matrix
Authorization Strategy in a secured plugin method?

I'm currently using the call

((AbstractBuild<?, ?>) owner).checkPermission(Item.WORKSPACE);

to secure a method that shows the contents of the job workspace.

However, that check requires GLOBAL "job/read" and "job/workspace"
permissions. What I want is "job/read" and "job/workspace" for the
selected project only.

Thanks, Ulli

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Bug in core? Matrix projects with "Build on multiple nodes" option selected and Project-based Matrix Authorization Strategy

Ulli Hafner
Hi,

I'm trying to find a fix for
http://issues.hudson-ci.org/browse/HUDSON-7025, but I'm not sure if the
problem is in Hudson core security or in my plug-in.

Situation:
- Anonymous has no global Item.WORKSPACE permission.
- Anonymous has Item.WORKSPACE permission for a project
- I'm using the call ((AbstractBuild<?, ?>)
owner).checkPermission(Item.WORKSPACE); to secure the visualization of
workspace files

- When the project is a freestyle project (master or slave) then
everything works fine, anonymous user can see the files for the selected
project, but no files from other projects
- When the project is a Matrix project with "Build on multiple nodes"
then the anonymous user can't see workspace files within my plug-in
(however the job still workspace is visible)

Is there anything special to implement in a plug-in for this situation?

Any ideas?

Ulli


On 07/26/2010 10:38 PM, Ulli Hafner wrote:

> Hi,
>
> is there an example on how to implement the Project-based Matrix
> Authorization Strategy in a secured plugin method?
>
> I'm currently using the call
>
> ((AbstractBuild<?, ?>) owner).checkPermission(Item.WORKSPACE);
>
> to secure a method that shows the contents of the job workspace.
>
> However, that check requires GLOBAL "job/read" and "job/workspace"
> permissions. What I want is "job/read" and "job/workspace" for the
> selected project only.
>
> Thanks, Ulli


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]