Treeherder allows users that have not been granted trust to re-trigger/cancel jobs (through sending pulse messages)

RESOLVED DUPLICATE of bug 1273096

Status

defect
RESOLVED DUPLICATE of bug 1273096
4 years ago
3 years ago

People

(Reporter: armenzg, Unassigned)

Tracking

Details

(Reporter)

Description

4 years ago
Right now, anyone that can have a persona verify email address can re-trigger or cancel jobs through TH.
We have not granted these users any trust that they are going to be responsible.
At this moment, this is an issue for TC jobs.

This also blocks us from moving away from Buildapi and using Pulse_actions/mozci.

This is explain in comment 24 and following [1].

We believe that we can fix this by verifying that the user has commit access.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1168148#c24
(Reporter)

Comment 1

4 years ago
Oops! bug 1032163 that is.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1032163
No longer blocks: 116814
Duplicate of bug: 1273096
You need to log in before you can comment on or make changes to this bug.