Open twotired opened 4 years ago
Thanks for your feedback. Please notice that planPermissions
is under project
and is used for plan permission inheritance which is used to define the default permissions for newly created plans under that project. You can see this under Project settings -> Plan permissions inheritance.
If you try to configure the permissions of a specific plan, please use permissions
under plan
. Here's an example:
project(key: 'PROJECTKEY', name: 'my project') {
plan(key: 'MYPLAN', name: 'my plan') {
permissions {
['bob'].each { u ->
user(name: u) {
permissionTypes PermissionType.VIEW, PermissionType.BUILD
}
}
group(name: 'build-engineers') {
permissionTypes PermissionType.VIEW
}
other(type: OtherUserType.LOGGED_IN_USERS) {
permissionTypes PermissionType.VIEW
}
}
}
}
Does that help?
When I define custom permissions for a plan in the DSL, it just seems to be ignored.
@twotired Could you please provide me a sample DSL so that I can reproduce it?
This creates a pipeline in which Logged in users and Anonymous have no checkboxes checked on the Permissions tab:
import ch.mibex.bamboo.plandsl.dsl.*
import ch.mibex.bamboo.plandsl.dsl.permissions.PermissionTypes
project(key: 'DSL', name: 'DSL prototyping') {
plan(key: 'PROTD', name: 'scratch deleteme D') {
permissions {
other(type: OtherUserType.LOGGED_IN_USERS) {
permissionTypes PermissionType.VIEW, PermissionType.BUILD
}
other(type: OtherUserType.ANONYMOUS_USERS) {
permissionTypes PermissionTypes.PermissionType.VIEW
}
}
stage('coach') {
job(key: 'ASDF', name: 'qwerty') {
}
job(key: 'ZXCV', name: 'hjkl') {
}
}
}
}
@twotired Thanks for the sample DSL. I've just tried to reproduce this, but with no luck. Could you please tell me your plug-in and your Bamboo version?
Bamboo version is 6.10.3 Plugin version 1.9.15
@twotired Thanks for your feedback. I've just tried to reproduce this with your sample DSL, but in my test case the permissions are correctly set (used your Bamboo and plug-in version):
Just to be sure, could you please double-check that you are looking at the plan permission settings and not the project or the project plan inheritance settings?
Thanks!
Here's another example. In this example, it properly sets the user permission and ignores the 'other' permissions. This is the only plan in the project.
project(key: 'JWP3', name: 'jwells prototyping 3') {
plan(key: 'PROTO1', name: 'testing permissions') {
permissions {
user(name: 'jason.wells') {
permissionTypes PermissionType.VIEW, PermissionType.BUILD, PermissionType.EDIT
}
other(type: OtherUserType.LOGGED_IN_USERS) {
permissionTypes PermissionType.ADMIN, PermissionType.EDIT
}
other(type: OtherUserType.LOGGED_IN_USERS) {
permissionTypes PermissionType.VIEW
}
}
stage('first stage') {
job(key: 'JONE', name: 'You had one job') {
tasks {
script() {
description 'a task'
inline {
scriptBody 'echo "Hello"'
}
}
}
}
}
}
}
@twotired Thanks for your example. I've just tried it out and for me the plug-in correctly created a VIEW permission for logged-in users. The permissions for ADMIN/EDIT are correctly ignored because they are overridden by the following VIEW permissions. Does that make sense? What permissions were set in your testing for logged-in users?
Here's my latest (valid?) example:
project(key: 'JWP', name: 'jwells prototyping') {
projectPermissions {
user(name: 'jason.wells') {
permissionTypes PermissionType.VIEW
}
group(name: 'engineering') {
permissionTypes PermissionType.VIEW
}
other(type: OtherUserType.LOGGED_IN_USERS) {
permissionTypes PermissionType.VIEW
}
}
planPermissions {
user(name: 'jason.wells') {
permissionTypes PermissionType.VIEW
}
group(name: 'engineering') {
permissionTypes PermissionType.VIEW
}
other(type: OtherUserType.LOGGED_IN_USERS) {
permissionTypes PermissionType.VIEW
}
}
plan(key: 'PROTO1', name: 'testing permissions') {
permissions {
user(name: 'jason.wells') {
permissionTypes PermissionType.VIEW, PermissionType.BUILD, PermissionType.EDIT
}
group(name: 'engineering') {
permissionTypes PermissionType.VIEW
}
other(type: OtherUserType.LOGGED_IN_USERS) {
permissionTypes PermissionType.VIEW
}
}
stage('first stage') {
job(key: 'JONE', name: 'You had one job') {
tasks {
script() {
description 'a task'
inline {
scriptBody 'echo "Hello"'
}
}
}
}
}
}
}
Project Settings -> Project Permissions == correct Project Settings -> Plan permissions == correct
The problem is that the plan-specific permissions are ignored and no boxes are checked. Navigate to Plan -> Actions -> Configure Plan -> Permissions
Group section has no rows Other section has no boxes checked
User section:
It seems like all the boxes get checked for me since I'm an Admin. If I specify a lower user in the DSL, their settings are not applied here.
@twotired Thanks a lot for your detailed test case. When I run this DSL with admin permissions (configured user in the seed task), then all settings (even in the plan permissions) are correctly set.
But when I don't specify a user in the seed task, the plan permissions are not configured. When you configure an admin user in the seed task, does it work for you as well?
OK thanks. Yeah, leaving the user blank was the problem.
When I define permission in the DSL, the newly created plan doesn't reflect what is defined. Has this been tested recently?
EX:
Does not get set.