Hi Henrik,
Team management is not different from other authorization schemes.
By definition "anonymous" user has read only permission when team
management is enabled. Unless the user with appropriate
authorization is logged in, permissions are limited to entitlement
of the anonymous user.
However, plugins like maven needs read permission to execute jobs
even without user logged in. For the purpose it uses the principal
hudson.security.ACL.SYSTEM.
Maven plugin appears to do something this
@XStreamOmitField
private final SecurityService security;
@Inject
public MavenBuilderDescriptor(final SecurityService security, ...
// Need to run as SYSTEM when fetching the documents to be used
return security.callAs2(ACL.SYSTEM, new
Callable<Collection<DocumentDTO>>()
{
public Collection<DocumentDTO> call() {
return documents.getDocuments(type, true);
}
});
See
http://git.eclipse.org/c/hudson/org.eclipse.hudson.core.git/tree/hudson-service/src/main/java/org/hudsonci/service/SecurityService.java
-Winston
Hi
In one plugin I have the need to iterate all jobs and check
if a given notifier is present.
However once I activate team based security
Hudson.getInstance().getItems() only returns public jobs.
What is the correct way to iterate all jobs?
(I think the disk usage plugin will be affected as well but
haven't tested)
Best regards
Henrik
_______________________________________________
hudson-dev mailing list
hudson-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/hudson-dev