[JENKINS-73061] allow users with Overall/Manage to configure global plugin options

mikecirioli commented 7 months ago

https://issues.jenkins.io/browse/JENKINS-73061

Based on JEP-223, this operation does not allow users to escalate permissions and it's not related to security, so it qualifies to be accessible with the Overall/Manage permission.

Testing done

Relevant URI related code was reviewed to ensure that file:// uri's were properly caught
Installed plugin and manually verified a user with Overall/Manage can configure the feature. Also verified that no information was leaked when attempting to configure dodgy urls like file://etc/passwd, and secrets in JENKINS_HOME

### Submitter checklist
- [x] Make sure you are opening from a **topic/feature/bugfix branch** (right side) and not your main branch!
- [x] Ensure that the pull request title represents the desired changelog entry
- [x] Please describe what you did
- [x] Link to relevant issues in GitHub or Jira
- [x] Link to relevant pull requests, esp. upstream and downstream changes
- [x] Ensure you have provided tests - that demonstrates feature works or fixes the issue

mikecirioli commented 7 months ago

@jetersen @rsandell @MarkEWaite Could i kindly get a review of this PR please?

MarkEWaite commented 7 months ago

@mikecirioli can you describe the interactive testing that you performed to confirm that it is behaving as expected? The "Testing done" section is the place where that should be described.

mikecirioli commented 7 months ago

@MarkEWaite I've updated the description to include the testing done, let me know if you need anything else

mikecirioli commented 6 months ago

@jetersen can i get an additional review when you have the time?

jenkinsci / gitlab-branch-source-plugin

[JENKINS-73061] allow users with Overall/Manage to configure global plugin options #423

Testing done