Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [hudson-dev] Plugins and Security (Team based)
Hi Henrik,

Team management is not different from other authorization schemes. By definition "anonymous" user has read only permission when team management is enabled. Unless the user with appropriate authorization is logged in, permissions are limited to entitlement of the anonymous user.

However, plugins like maven needs read permission to execute jobs even without user logged in. For the purpose it uses the principal hudson.security.ACL.SYSTEM.

Maven plugin appears to do something this

@XStreamOmitField
 private final SecurityService security;

@Inject
public MavenBuilderDescriptor(final SecurityService security,  ...


// Need to run as SYSTEM when fetching the documents to be used
   return security.callAs2(ACL.SYSTEM, new Callable<Collection<DocumentDTO>>()
        {
            public Collection<DocumentDTO> call() {
                return documents.getDocuments(type, true);
            }
        });

See http://git.eclipse.org/c/hudson/org.eclipse.hudson.core.git/tree/hudson-service/src/main/java/org/hudsonci/service/SecurityService.java

-Winston

Hi

In one plugin I have the need to iterate all jobs and check if a given notifier is present. 

However once I activate team based security Hudson.getInstance().getItems() only returns public jobs.

What is the correct way to iterate all jobs?

(I think the disk usage plugin will be affected as well but haven't tested)

Best regards
Henrik


_______________________________________________
hudson-dev mailing list
hudson-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/hudson-dev

Back to the top