Details
-
Bug
-
Resolution: Fixed
-
Low
-
5.11.1.1, 5.15.0.1
-
Severity 2 - Major
-
Description
Summary
Bamboo runs permission validation against random plan when execute report
Details
When execute report generator Bamboo checks if user has READ permission to plan. Sometimes it checks it against another plan
User mode
- Create 2 plans Plan1 and Plan2 in same project. And execute them once
- Create 2 users User1 and User2 in bamboo-user group (create group if necessary)
- Change Plan1 permissions and add User1 with View permission, remove View permission from Anonymous and logged in users
- Change Pla2 permissions and add User2 with View permission, remove View permission from Anonymous and logged in users
- Login as User1, go to Reports, choose Build Activity report for Plan1
- See graph with one dot
- Login as User2, go to Reports, choose Build Activity report for Plan2
- See warning message
- But if you login as admin and choose Plan2 for report you will see graph with one dot
Developer mode
- Create 2 plans and run their builds
- Enable DEBUG logging for
com.atlassian.bamboo.resultsummary.search.LucenePermissionCheckercom.atlassian.bamboo.resultsummary.search.IndexedBuildResultsSearcherImpl - Open Reports > Reports
- Choose one of the plan and run Build Activity report
- see browser URL http://localhost:9087/bamboo/reports/generateReport.action?reportKey=com.atlassian.bamboo.plugin.system.reports%3AnumberOfBuilds&selectFields=reportKey&labelTarget=&buildIds=3538945&selectFields=buildIds&groupByPeriod=AUTO&selectFields=groupByPeriod&dateFilter=None&selectFields=dateFilter&dateFrom=&dateTo=&save=Submit
- See application logs 2017-03-04 10:48:28,992 DEBUG [http-nio-9087-exec-1] [IndexedBuildResultsSearcherImpl] Permission READ granted for plan with id 3538945
- Choose second plan and run report generator
- See browser URL and logs, buildIds parameter in URL is not the same as Permission READ validation in logs