Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CCtray lists pipelines for users belonging to plugin role #3954 #3955

Merged
merged 2 commits into from Oct 30, 2017
Merged

CCtray lists pipelines for users belonging to plugin role #3954 #3955

merged 2 commits into from Oct 30, 2017

Conversation

maheshp
Copy link
Contributor

@maheshp maheshp commented Oct 26, 2017
edited

  • If a 'pluginRole' is authorized to view a pipeline_group, during
    generating the CcTray cache AllowedViewers for a pipeline would list
    users of a pluginRole with a active session. Thereby any users for
    this role who would login after the cache is generated would not be
    able to list these pipelines. With this commit, AllowedViewers would
    have a list of PluginRoleConfigs, which would give an accurate list of
    users at any given point of time.
  • Changes to any SecurityAuthConfig(Role And AuthConfig) through the API
    would now refresh the CCTrayCache.
  • If super admins are defined only through a 'role' or 'pluginRole' CCTrayViewAuthority considers
    it as presence of superAdmins. This would be true even if the configured roles do not have users
    defined. This is consitent with how dashboard behaves.
  • CCTrayViewAuthority considers all super admins defined using
    pluginRole as viewers of pipeline_group.
  • ViewAuthority for users belonging to pluginRole was cached earlier,
    with this commit it is resloved during access of ccTray.

@maheshp
CCtray lists pipelines for users belonging to plugin role gocd#3954
e6c9b3a 
* If a 'pluginRole' is authorized to view a pipeline_group, during
  generating the CcTray cache AllowedViewers for a pipeline would list
  users of a pluginRole with a active session. Thereby any users for
  this role who would login after the cache is genrated would not be
  able to list these pipelines. With this commit, AllowedViewers would
  have a list of PluginRoleConfigs, which would give an accurate list of
  users at any given point of time.
* Changes to any SecurityAuthConfig(Role And AuthConfig) through the API
  would now refresh the CCTrayCache.
@maheshp maheshp added this to the Release 17.12 milestone Oct 26, 2017
@maheshp
SuperAdmins through PluginRole are ccTray pipeline_group viewers
8148ae2 
* If super admins are defined only through a 'role' or 'pluginRole' CCTrayViewAuthority considers
  it as presence of superAdmins. This would be true even if the configured roles do not have users
  defined. This is consitent with how dashboard behaves.

* CCTrayViewAuthority considers all super admins defined using
  pluginRole as viewers of pipeline_group.

* ViewAuthority for users belonging to pluginRole was cached earlier,
  with this commit it is resloved during access of ccTray.
@jyotisingh jyotisingh merged commit 8388bb4 into gocd:master Oct 30, 2017
@maheshp maheshp deleted the cctray_view_permission_fix branch October 31, 2017 02:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Release 17.12
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@maheshp @jyotisingh