当 groovy 向新用户授予权限时,用户访问权限将被清除
User access is wiping out when grant permission to new user by groovy
我正在尝试通过 groovy 脚本通过 projectMatrixAuthorizationStrategy 创建具有特定权限的用户数。实际上,我能够创建用户并向用户提供权限,但是当尝试创建具有特定权限的另一个用户时,旧用户访问权限会自动消失。当尝试使用旧用户登录时,我得到“Overall/Read permission is missing”。
我尝试了多种方法,但没有得到任何解决方案。下面是我的脚本
import jenkins.model.*
import hudson.security.*
import hudson.model.*
import java.util.*
import com.michelin.cio.hudson.plugins.rolestrategy.*
import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.common.*
import com.cloudbees.plugins.credentials.domains.*
import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
def instance = Jenkins.getInstance()
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
//def user = ["userInput","userPassword"]
hudsonRealm.createAccount("admin","admin")
//hudsonRealm.createAccount(userInput,userPassword)
hudsonRealm.createAccount("user","User2")
instance.setSecurityRealm(hudsonRealm)
instance.save()
def strategy = new ProjectMatrixAuthorizationStrategy()
//Overall Permission
strategy.add(Jenkins.ADMINISTER,'admin')
strategy.add(Jenkins.READ,user)
//Credential Level Permission
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,user)
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.DELETE,user)
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.UPDATE,user)
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.VIEW,user)
//Job Level Permission
strategy.add(hudson.model.Item.BUILD,user)
strategy.add(hudson.model.Item.CANCEL,user)
strategy.add(hudson.model.Item.CONFIGURE,user)
strategy.add(hudson.model.Item.CREATE,user)
//strategy.add(hudson.model.Item.DELETE,user)
strategy.add(hudson.model.Item.DISCOVER,user)
//strategy.add(hudson.model.Item.READ,user)
strategy.add(hudson.model.Item.WORKSPACE,user)
//Build Run (Level) Permissions
//strategy.add(hudson.model.Run.DELETEuser)
strategy.add(hudson.model.Run.UPDATE,user)
//strategy.add(hudson.model.Run.REPLAY,user)
//View Level Permissions
//strategy.add(hudson.model.View.CONFIGURE,user)
//strategy.add(hudson.model.View.CREATE,user)
//strategy.add(hudson.model.View.DELETE,user)
strategy.add(hudson.model.View.READ,user)
instance.setAuthorizationStrategy(strategy)
instance.save()
}
}}
有人可以帮我解决这个问题吗?
解决方法:其实很简单,知道就好
如果您不想消除旧用户的访问权限,则不应在权限行中提供用户名,而应提供 'authenticated'。看下面的例子..,
来自
strategy.add(Jenkins.READ,user)
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,user)
至
strategy.add(Jenkins.READ,'authenticated')
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,'authenticated')
我正在尝试通过 groovy 脚本通过 projectMatrixAuthorizationStrategy 创建具有特定权限的用户数。实际上,我能够创建用户并向用户提供权限,但是当尝试创建具有特定权限的另一个用户时,旧用户访问权限会自动消失。当尝试使用旧用户登录时,我得到“Overall/Read permission is missing”。
我尝试了多种方法,但没有得到任何解决方案。下面是我的脚本
import jenkins.model.*
import hudson.security.*
import hudson.model.*
import java.util.*
import com.michelin.cio.hudson.plugins.rolestrategy.*
import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.common.*
import com.cloudbees.plugins.credentials.domains.*
import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
def instance = Jenkins.getInstance()
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
//def user = ["userInput","userPassword"]
hudsonRealm.createAccount("admin","admin")
//hudsonRealm.createAccount(userInput,userPassword)
hudsonRealm.createAccount("user","User2")
instance.setSecurityRealm(hudsonRealm)
instance.save()
def strategy = new ProjectMatrixAuthorizationStrategy()
//Overall Permission
strategy.add(Jenkins.ADMINISTER,'admin')
strategy.add(Jenkins.READ,user)
//Credential Level Permission
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,user)
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.DELETE,user)
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.UPDATE,user)
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.VIEW,user)
//Job Level Permission
strategy.add(hudson.model.Item.BUILD,user)
strategy.add(hudson.model.Item.CANCEL,user)
strategy.add(hudson.model.Item.CONFIGURE,user)
strategy.add(hudson.model.Item.CREATE,user)
//strategy.add(hudson.model.Item.DELETE,user)
strategy.add(hudson.model.Item.DISCOVER,user)
//strategy.add(hudson.model.Item.READ,user)
strategy.add(hudson.model.Item.WORKSPACE,user)
//Build Run (Level) Permissions
//strategy.add(hudson.model.Run.DELETEuser)
strategy.add(hudson.model.Run.UPDATE,user)
//strategy.add(hudson.model.Run.REPLAY,user)
//View Level Permissions
//strategy.add(hudson.model.View.CONFIGURE,user)
//strategy.add(hudson.model.View.CREATE,user)
//strategy.add(hudson.model.View.DELETE,user)
strategy.add(hudson.model.View.READ,user)
instance.setAuthorizationStrategy(strategy)
instance.save()
}
}}
有人可以帮我解决这个问题吗?
解决方法:其实很简单,知道就好
如果您不想消除旧用户的访问权限,则不应在权限行中提供用户名,而应提供 'authenticated'。看下面的例子..,
来自
strategy.add(Jenkins.READ,user)
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,user)
至
strategy.add(Jenkins.READ,'authenticated')
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,'authenticated')