Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JENKINS-61208 Allow system read to view more admin monitors #4685

Merged
merged 6 commits into from
May 1, 2020
Merged

JENKINS-61208 Allow system read to view more admin monitors #4685

merged 6 commits into from
May 1, 2020

Conversation

timja
Copy link
Member

@timja timja commented Apr 23, 2020

See JENKINS-61208.

Screenshots

image

Proposed changelog entries

  • Entry 1: JENKINS-61208 Allow system read to view more admin monitors
  • ...

Proposed upgrade guidelines

N/A

Submitter checklist

  • (If applicable) Jira issue is well described
  • Changelog entries and upgrade guidelines are appropriate for the audience affected by the change (users or developer, depending on the change). Examples
    • Fill-in the Proposed changelog entries section only if there are breaking changes or other changes which may require extra steps from users during the upgrade
  • Appropriate autotests or explanation to why this change has no tests
  • For dependency updates: links to external changelogs and, if possible, full diffs

Desired reviewers

@mention

Maintainer checklist

Before the changes are marked as ready-for-merge:

  • There are at least 2 approvals for the pull request and no outstanding requests for change
  • Conversations in the pull request are over OR it is explicit that a reviewer does not block the change
  • Changelog entries in the PR title and/or Proposed changelog entries are correct
  • Proper changelog labels are set so that the changelog can be generated automatically
  • If the change needs additional upgrade steps from users, upgrade-guide-needed label is set and there is a Proposed upgrade guidelines section in the PR title. (example)
  • If it would make sense to backport the change to LTS, a Jira issue must exist, be a Bug or Improvement, and be labeled as lts-candidate to be considered (see query).

@timja timja requested review from a team, jeffret-b and oleg-nenashev April 23, 2020 21:27
@daniel-beck daniel-beck self-requested a review April 29, 2020 10:41
@timja timja closed this Apr 29, 2020
@timja timja reopened this Apr 29, 2020
@timja
Copy link
Member Author

timja commented Apr 29, 2020

Test failures are super weird, they pass locally, merged in master and will see what happens on CI

daniel-beck
daniel-beck approved these changes Apr 30, 2020
View reviewed changes
Copy link
Member

@daniel-beck daniel-beck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approval conditional on TooManyJobsButNoView comment being addressed.

core/src/main/java/hudson/diagnosis/TooManyJobsButNoView.java Show resolved Hide resolved
daniel-beck
daniel-beck approved these changes Apr 30, 2020
View reviewed changes
Copy link
Member

@daniel-beck daniel-beck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

test/src/test/java/hudson/diagnosis/TooManyJobsButNoViewTest.java Outdated Show resolved Hide resolved
varyvol
varyvol reviewed Apr 30, 2020
View reviewed changes
core/src/main/resources/hudson/diagnosis/ReverseProxySetupMonitor/message.jelly
@@ -22,12 +22,14 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
-->
<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:f="/lib/form">
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:f="/lib/form" xmlns:l="/lib/layout">
<div id="redirect-error" class="alert alert-danger reverse-proxy__hidden"
data-url="${rootURL}/${it.url}/test" data-context="${rootURL}">
<form method="post" action="${rootURL}/${it.url}/act" name="${it.id}">
<f:submit name="yes" value="${%More Info}"/>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does this one allow to submit the yes? SYSTEM_READ does have access to view the information the button is redirecting to?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see any problem if a non-admin user can see the More Info button. It's not configuring anything if IIRC

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's a server side redirect to a jenkins.io redirect, https://github.com/timja/jenkins/blob/system-read-more-admin-monitors/core/src/main/java/hudson/diagnosis/ReverseProxySetupMonitor.java#L118-L126

@timja timja added rfe For changelog: Minor enhancement. use `major-rfe` for changes to be highlighted ready-for-merge The PR is ready to go, and it will be merged soon if there is no negative feedback labels Apr 30, 2020
@timja
Copy link
Member Author

timja commented Apr 30, 2020

Let's merge this in ~24 hours if there's no negative feedback

jeffret-b
jeffret-b approved these changes Apr 30, 2020
View reviewed changes
Copy link
Contributor

@jeffret-b jeffret-b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These look good. I'm glad to see the new tests.

oleg-nenashev
oleg-nenashev approved these changes Apr 30, 2020
View reviewed changes
Copy link
Member

@oleg-nenashev oleg-nenashev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. The open comment about lack of Job access is an unlikely edge case IMHO, so I am fine with the PR as is

core/src/main/java/hudson/diagnosis/TooManyJobsButNoView.java
if (j.hasPermission(Jenkins.ADMINISTER)) {
return j.getViews().size() == 1 && j.getItemMap().size() > THRESHOLD;
}
// SystemRead
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or "Manage" soon, I suspect

core/src/main/java/hudson/diagnosis/TooManyJobsButNoView.java Show resolved Hide resolved
@timja
Copy link
Member Author

timja commented Apr 30, 2020

Looks good to me. The open comment about lack of Job access is an unlikely edge case IMHO, so I am fine with the PR as is

the edge case was handled in e2d5b08

@timja timja merged commit 1837293 into jenkinsci:master May 1, 2020
@timja timja deleted the system-read-more-admin-monitors branch May 1, 2020 11:01
@daniel-beck daniel-beck mentioned this pull request Nov 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeffret-b jeffret-b jeffret-b approved these changes

@fcojfernandez fcojfernandez fcojfernandez approved these changes

@varyvol varyvol varyvol approved these changes

@oleg-nenashev oleg-nenashev oleg-nenashev approved these changes

@daniel-beck daniel-beck daniel-beck approved these changes

Assignees
No one assigned
Labels
ready-for-merge The PR is ready to go, and it will be merged soon if there is no negative feedback rfe For changelog: Minor enhancement. use `major-rfe` for changes to be highlighted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@timja @daniel-beck @oleg-nenashev @varyvol @fcojfernandez @jeffret-b