timja
commented
7 years ago Nothing to do on the plugin side. The new permission has do be added to the core, and then it will be automatically supported by Role Strategy
Closed timja closed 7 years ago
timja
commented
7 years ago Nothing to do on the plugin side. The new permission has do be added to the core, and then it will be automatically supported by Role Strategy
timja
commented
7 years ago We consider the presence of this a security issue, and fixed it a year ago, so won't add it again.
Hi all
we have a bunch of users with very strict permission sets depending on their group in our Active Directory. This work great but we lack some fine tuning for the admin part, in Role Strategy Plugin.
In our case, we would like the users to be able to list the installed plugins (which is an API call) :
https://ci.int.actility.com/pluginManager/api/xml?depth=2&xpath=/*/*/shortName%7C/*/*/version%7C/*/*/dependency&wrapper=plugins
This is just a read only permission and I'm pretty sure other admin API calls could benefit from that.
Originally reported by faichelbaum, imported from: Being able to list plugins without Jenkins.ADMINISTER