You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@continuum.apache.org by "Brent N Atkinson (JIRA)" <ji...@apache.org> on 2015/04/25 20:43:38 UTC

[jira] [Resolved] (CONTINUUM-2747) Protect ability to run reports with standalone role

     [ https://issues.apache.org/jira/browse/CONTINUUM-2747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brent N Atkinson resolved CONTINUUM-2747.
-----------------------------------------
    Resolution: Fixed

Fixed in r1676046

> Protect ability to run reports with standalone role
> ---------------------------------------------------
>
>                 Key: CONTINUUM-2747
>                 URL: https://issues.apache.org/jira/browse/CONTINUUM-2747
>             Project: Continuum
>          Issue Type: Improvement
>            Reporter: Brent N Atkinson
>            Priority: Minor
>              Labels: maybe-1.5
>             Fix For: 1.5.0
>
>
> Made worse by CONTINUUM-2746, running reports should be limited to users that are registered. The intent is that abuse can be managed by locking accounts. Adding a permission is another route, but considering it is open to anonymous it may be unnecessary.
> UPDATE: After some investigation, it appears the problem is that reporting is granted to all project users and granting Guest the ability to be a project user is used to allow anonymous users to see the build summary. By separating reporting from project user, reporting can be granted on an individual basis rather than being inherited.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)