CruiseServerControl doesn't work with security (Bug #321)


Added by Mark Barnard about 4 years ago. Updated over 3 years ago.


Status:New Start date:11/14/2013
Priority:Normal Due date:
Assignee:- % Done:

0%

Category:Task Spent time: -
Target version:1.9
Affected version:1.8.0

Description

Background

I want to have cc.net setup so anyone can view projects without having to login, but to do anything such as stop/start a project or force a build, they need to have authorisation (so need to login at that point). So I have security setup where everything is denied. I have several roles setup which all have a guest account configured and that guest account has view permissions only, otherwise nothing would be visible.

Problem
I have several projects configured which use the cruiseServerControl task to stop & start groups of other projects. Only someone logged on with "admin" permissions can view these project.

But the problem is that this task does not respect the security permissions of the logged on user. Once the list of projects to run are generated, cc.net checks the security of these projects - but it does so against the guest account, not the logged in user.

I had a quick look at the code, and when it sends the server request, the sessionToken is always null so the logged on user is ignored.


History

Updated by Ruben Willems over 3 years ago

  • Target version changed from 1.8.5 to 1.9

Also available in: Atom PDF