CruiseServerControl doesn't work with security (Bug #321)

Added by Mark Barnard over 4 years ago. Updated about 4 years ago.

Status:New Start date:11/14/2013
Priority:Normal Due date:
Assignee:- % Done:


Category:Task Spent time: -
Target version:1.9
Affected version:1.8.0



I want to have setup so anyone can view projects without having to login, but to do anything such as stop/start a project or force a build, they need to have authorisation (so need to login at that point). So I have security setup where everything is denied. I have several roles setup which all have a guest account configured and that guest account has view permissions only, otherwise nothing would be visible.

I have several projects configured which use the cruiseServerControl task to stop & start groups of other projects. Only someone logged on with "admin" permissions can view these project.

But the problem is that this task does not respect the security permissions of the logged on user. Once the list of projects to run are generated, checks the security of these projects - but it does so against the guest account, not the logged in user.

I had a quick look at the code, and when it sends the server request, the sessionToken is always null so the logged on user is ignored.


Updated by Ruben Willems about 4 years ago

  • Target version changed from 1.8.5 to 1.9

Also available in: Atom PDF