Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
[FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM sin…
…ce they sometimes do ACL-checked calls.
- Loading branch information
Showing
3 changed files
with
86 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
c04cdcd
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Caused JENKINS-25400
c04cdcd
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Caused JENKINS-25400. AFAIK there's a similar issue with Create Job Advanced Plugin's "Grant creator full permission."
Wouldn't it be better to have listeners impersonate SYSTEM as needed on their own?
c04cdcd
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately, some listeners has been doing this for years (
ComputerListener#onOnline
) so changing it not to impersonateSYSTEM
can be painful. Though, I like @daniel-beck's suggestion.