continuum-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brent N Atkinson (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CONTINUUM-2747) Protect ability to run reports with standalone role
Date Fri, 24 Apr 2015 18:25:39 GMT

     [ https://issues.apache.org/jira/browse/CONTINUUM-2747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Brent N Atkinson updated CONTINUUM-2747:
----------------------------------------
    Description: 
Made worse by CONTINUUM-2746, running reports should be limited to users that are registered.
The intent is that abuse can be managed by locking accounts. Adding a permission is another
route, but considering it is open to anonymous it may be unnecessary.

UPDATE: After some investigation, it appears the problem is that reporting is granted to all
project users and granting Guest the ability to be a project user is used to allow anonymous
users to see the build summary. By separating reporting from project user, reporting can be
granted on an individual basis rather than being inherited.

  was:Made worse by CONTINUUM-2746, running reports should be limited to users that are registered.
The intent is that abuse can be managed by locking accounts. Adding a permission is another
route, but considering it is open to anonymous it may be unnecessary.


> Protect ability to run reports with standalone role
> ---------------------------------------------------
>
>                 Key: CONTINUUM-2747
>                 URL: https://issues.apache.org/jira/browse/CONTINUUM-2747
>             Project: Continuum
>          Issue Type: Improvement
>            Reporter: Brent N Atkinson
>            Priority: Minor
>              Labels: maybe-1.5
>             Fix For: 1.5.0
>
>
> Made worse by CONTINUUM-2746, running reports should be limited to users that are registered.
The intent is that abuse can be managed by locking accounts. Adding a permission is another
route, but considering it is open to anonymous it may be unnecessary.
> UPDATE: After some investigation, it appears the problem is that reporting is granted
to all project users and granting Guest the ability to be a project user is used to allow
anonymous users to see the build summary. By separating reporting from project user, reporting
can be granted on an individual basis rather than being inherited.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message