[JENKINS-62054] Ensure the Support action is not displayed if the use…

[PierreBtz]

…r does not have the proper rights

[aheritier]

I agree that there is a problem to fix.
https://ci.jenkins.io/job/Plugins/job/shelve-project-plugin/job/master/29/support/ shouldn't propose these actions when anonymous (and without the CREATE_BUNDLE permission

Not sure if the approach you are using here is the right one. I never saw it and I am not sure why the actions permissions aren't hiding them:

https://github.com/jenkinsci/support-core-plugin/blob/master/src/main/resources/com/cloudbees/jenkins/support/actions/SupportAbstractItemAction/action.jelly#L5

https://github.com/jenkinsci/support-core-plugin/blob/master/src/main/resources/com/cloudbees/jenkins/support/actions/SupportComputerAction/action.jelly#L5

https://github.com/jenkinsci/support-core-plugin/blob/master/src/main/resources/com/cloudbees/jenkins/support/actions/SupportRunAction/action.jelly#L5

[aheritier]

Shouldn't you use SupportAction.CREATE_BUNDLE instead ?

https://github.com/jenkinsci/support-core-plugin/blob/master/src/main/java/com/cloudbees/jenkins/support/SupportAction.java#L71

[PierreBtz]

I reused the same as https://github.com/jenkinsci/support-core-plugin/pull/220/files/747dc40b634af540503515b01efc4ca8a2ded2c0#diff-018a199824d332a24f6b86f5c65bdf37R127

[varyvol]

This is pointing to your same commit?

[PierreBtz]

Yeah sorry link was bad, I meant:

support-core-plugin/src/main/java/com/cloudbees/jenkins/support/actions/SupportObjectAction.java

Line 127 in 747dc40

Jenkins.get().checkPermission(Jenkins.ADMINISTER);

This is an interesting point, because SupportAction.CREATE_BUNDLE defines a permission (Download Bundle) but the action I linked checks for ADMINISTER :)

I managed to reproduce the issue:

• have a user with Overall/Read + Job/read + Download Permission
• go to a job page
• click on generate bundle (for the job)
• you won't be allowed to generate the bundle

Question is: is it by design, ie only an admin can retrieve a build directory? Or is it a bug?
If it's a bug, happy to fix it while fixing the action visibility issue.

[varyvol]

Maybe @Dohbedoh can better illustrate us.

[varyvol]

Wouldn't it be possible to implement methods in the super class to avoid having to change every method in the subclasses?

[PierreBtz]

Functionally what you suggest is possible (all action display names are the same) but they are in fact referring to a different message, eg:

support-core-plugin/src/main/resources/com/cloudbees/jenkins/support/Messages.properties

Line 25 in 09dbc25

SupportAction_DisplayName=Support

support-core-plugin/src/main/resources/com/cloudbees/jenkins/support/actions/Messages.properties

Line 25 in 4a3c124

SupportRunAction_DisplayName=Support

I suppose I could build the key to retrieve the message from the class name, but maybe it's worth considering removing the duplication of messages instead. AFAIU, the name will always be Support and the icon will always be the same too. Wdyt?

[varyvol]

If the user result is the same, +1 for removing the duplication.

[duemir]

Messages are made unique by #239

[Dohbedoh]

@PierreBtz I think that the mistake is in jelly / stapler at:

• https://github.com/jenkinsci/support-core-plugin/blob/support-core-2.70/src/main/resources/com/cloudbees/jenkins/support/actions/SupportRunAction/action.jelly#L5
• https://github.com/jenkinsci/support-core-plugin/blob/support-core-2.70/src/main/resources/com/cloudbees/jenkins/support/actions/SupportComputerAction/action.jelly#L5
• https://github.com/jenkinsci/support-core-plugin/blob/support-core-2.70/src/main/resources/com/cloudbees/jenkins/support/actions/SupportAbstractItemAction/action.jelly#L5

That does not work and should be ${app.ADMINISTER}.

[Dohbedoh]

@PierreBtz I proposed #252

[PierreBtz]

yeah, my bad for not following up on this...