Closed Bug 1177277 Opened 9 years ago Closed 9 years ago

Treeherder allows users that have not been granted trust to re-trigger/cancel jobs (through sending pulse messages)

Tracking

(Not tracked)

Status:

RESOLVED DUPLICATE of bug 1273096

People

(Reporter: armenzg, Unassigned)

Details

Armen [:armenzg]

Reporter

Description

•

9 years ago

Right now, anyone that can have a persona verify email address can re-trigger or cancel jobs through TH. We have not granted these users any trust that they are going to be responsible. At this moment, this is an issue for TC jobs. This also blocks us from moving away from Buildapi and using Pulse_actions/mozci. This is explain in comment 24 and following [1]. We believe that we can fix this by verifying that the user has commit access. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1168148#c24

Armen [:armenzg]

Reporter

Comment 1

•

9 years ago

Oops! bug 1032163 that is.

Status: NEW → RESOLVED

Closed: 9 years ago

Resolution: --- → DUPLICATE

Ed Morley [:emorley]

Updated

•

8 years ago

No longer blocks: 116814

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Treeherder allows users that have not been granted trust to re-trigger/cancel jobs (through sending pulse messages)

Categories

(Tree Management :: Treeherder, defect)

Tracking

(Not tracked)

People

(Reporter: armenzg, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated