Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CCtray does not list pipelines for users in PluginRole #3954

Closed
maheshp opened this issue Oct 26, 2017 · 1 comment

Comments

Projects
None yet
2 participants
@maheshp
Copy link
Member

commented Oct 26, 2017

Issue Type
  • Bug Report
Summary

There are actually 2 issues with cctray authorization.

  1. Pipeline group authorization can be specified for a user or 'role(gocd_role/pluignRole) . While generating the cctray.xml authorization defined using the pluignRole` is not applied. Hence users belonging to a pluginRole which is authorized to view a pipeline_group do not get to see the pipelines.

  2. Changes to SecurityAuthConfig(Role and AuthConfig) through API does not invalidate the cctray pipeline cache. Thereby, if a user is assigned view permission for a pipeline_group through a Role gets to view all the pipelines even after revoking the role through the API.

@maheshp maheshp added this to the Release 17.12 milestone Oct 26, 2017

maheshp added a commit to maheshp/gocd that referenced this issue Oct 26, 2017

CCtray lists pipelines for users belonging to plugin role gocd#3954
* If a 'pluginRole' is authorized to view a pipeline_group, during
  generating the CcTray cache AllowedViewers for a pipeline would list
  users of a pluginRole with a active session. Thereby any users for
  this role who would login after the cache is genrated would not be
  able to list these pipelines. With this commit, AllowedViewers would
  have a list of PluginRoleConfigs, which would give an accurate list of
  users at any given point of time.
* Changes to any SecurityAuthConfig(Role And AuthConfig) through the API
  would now refresh the CCTrayCache.

maheshp added a commit to maheshp/gocd that referenced this issue Oct 26, 2017

CCtray lists pipelines for users belonging to plugin role gocd#3954
* If a 'pluginRole' is authorized to view a pipeline_group, during
  generating the CcTray cache AllowedViewers for a pipeline would list
  users of a pluginRole with a active session. Thereby any users for
  this role who would login after the cache is genrated would not be
  able to list these pipelines. With this commit, AllowedViewers would
  have a list of PluginRoleConfigs, which would give an accurate list of
  users at any given point of time.
* Changes to any SecurityAuthConfig(Role And AuthConfig) through the API
  would now refresh the CCTrayCache.

jyotisingh added a commit that referenced this issue Oct 30, 2017

Merge pull request #3955 from maheshp/cctray_view_permission_fix
CCtray lists pipelines for users belonging to plugin role #3954
@rajiesh

This comment has been minimized.

Copy link
Contributor

commented Dec 2, 2017

Verified on 17.12.0 (5605-89a5ade1e9497ffc255dfa744476466c09beca06) and working as expected

@rajiesh rajiesh closed this Dec 2, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.