[JIRA] (JENKINS-46540) "Open Blue Ocean" button disappers when "Block inheritance of global authorization matrix" is set in a folder

[daniel.zeiter@ergon.ch (JIRA)]

Daniel Zeiter reopened an issue

I am still experiencing this issue as described. This issue got closed because of JENKINS-45947, but that issue was never merged and closed as not reproducable without taking into account this linked issue. I still experience this problem if the Folder permission is set to "Don't inherit" and you are not and admin but have all folder accesses then you will not see the "Open Blue Ocean" button.   Jenkins / JENKINS-46540 "Open Blue Ocean" button disappers when "Block inheritance of global authorization matrix" is set in a folder Change By: Daniel Zeiter Resolution: Duplicate Status: Closed Reopened Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

[dbeck@cloudbees.com (JIRA)]

Daniel Beck updated an issue

Jenkins / JENKINS-46540 "Open Blue Ocean" button disappers when "Block inheritance of global authorization matrix" is set in a folder

Change By: Daniel Beck Component/s: matrix-auth-plugin

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck commented on JENKINS-46540

Re: "Open Blue Ocean" button disappers when "Block inheritance of global authorization matrix" is set in a folder Does this issue still occur in Matrix Auth Plugin 2.4 or newer with the revised options for permissions inheritance?

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck edited a comment on JENKINS-46540

Re: "Open Blue Ocean" button disappers when "Block inheritance of global authorization matrix" is set in a folder

Does this issue still occur in Matrix Auth Plugin 2. 4 1 or newer with the revised options for permissions inheritance?

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck updated JENKINS-46540

Jenkins / JENKINS-46540

"Open Blue Ocean" button disappers when "Block inheritance of global authorization matrix" is set in a folder

Change By: Daniel Beck Status: Reopened Open

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck updated an issue

Jenkins / JENKINS-46540 "Open Blue Ocean" button disappers when "Block inheritance of global authorization matrix" is set in a folder

Change By: Daniel Beck Component/s: matrix-auth-plugin

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck commented on JENKINS-46540

Re: "Open Blue Ocean" button disappers when "Block inheritance of global authorization matrix" is set in a folder I was able to reproduce this problem and have found the cause. I consider this to be a bug in Blue Ocean: It checks the Overall/Read permission no matter in which context (folder, job, etc.) the sidepanel link would be displayed. https://github.com/jenkinsci/blueocean-plugin/blob/77960a8dc21840ae5f6df784a26f91e09d7da621/blueocean-rest-impl/src/main/resources/io/jenkins/blueocean/service/embedded/BlueOceanUrlAction/action.jelly#L8 Global permissions are expected to not matter in the context of a folder, so the combination of not being able to grant them on a folder level, and not inheriting them from the global ACL, results in this permission check to fail if and only if you're in such a folder (or job – the same applies to jobs that don't inherit permissions). While an argument could be made that Matrix Auth should always inherit Overall/Read (the same way Overall/Administer is – since Matrix Auth 2.0 – always inherited) for compatibility with buggy plugins, this is ultimately, IMO, a Blue Ocean bug.

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck commented on JENKINS-46540

Re: "Open Blue Ocean" button disappers when "Block inheritance of global authorization matrix" is set in a folder

FWIW the permission check here makes no sense anyway, as the link would not be displayed to anyone without Overall/Read permission. It only governs whether they can see the link, not whether they can get access. Remove the linked line in the Jelly file and you're done. Someone up for some easy karma?

Add Comment

[jglick@cloudbees.com (JIRA)]

Jesse Glick commented on JENKINS-46540

Re: "Open Blue Ocean" button disappers when "Block inheritance of global authorization matrix" is set in a folder

You need Overall/Read to do anything except use an UnprotectedRootAction, so explicitly checking it makes little sense. Anyway, I am not sure why matrix-auth would be blocking inheritance of Overall/* permissions, but it should not matter since they should only ever be checked on Jenkins to begin with. (I used to want to actually enforce PermissionScope at runtime, but there are some corner cases that would be tricky to fix compatibly.) So agreed that just removing that line from action.jelly should suffice.

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck commented on JENKINS-46540

Re: "Open Blue Ocean" button disappers when "Block inheritance of global authorization matrix" is set in a folder

FYI I asked about this in https://groups.google.com/d/msg/jenkinsci-dev/kg4UVxJ4gQQ/os-aPg85CAAJ

Add Comment

[james.pressley@icbcstandard.com (JIRA)]

James Pressley commented on JENKINS-46540

Re: "Open Blue Ocean" button disappers when "Block inheritance of global authorization matrix" is set in a folder

Is there any movement on this? Users are complaining the blue ocean button is not there. I have resorted to inheriting the permissions and adding but this is not ideal

Add Comment

This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)