diff --git a/pom.xml b/pom.xml
index 4ce742847..db65968f2 100755
--- a/pom.xml
+++ b/pom.xml
@@ -53,6 +53,7 @@
2.414.3
false
v@{project.version}
+ true
diff --git a/src/main/java/org/jenkinsci/plugins/github/config/GitHubServerConfig.java b/src/main/java/org/jenkinsci/plugins/github/config/GitHubServerConfig.java
index 4d6b29b75..c0ed535cf 100644
--- a/src/main/java/org/jenkinsci/plugins/github/config/GitHubServerConfig.java
+++ b/src/main/java/org/jenkinsci/plugins/github/config/GitHubServerConfig.java
@@ -348,7 +348,7 @@ public String getDisplayName() {
@SuppressWarnings("unused")
public ListBoxModel doFillCredentialsIdItems(@QueryParameter String apiUrl,
@QueryParameter String credentialsId) {
- if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
+ if (!Jenkins.getInstance().hasPermission(Jenkins.MANAGE)) {
return new StandardListBoxModel().includeCurrentValue(credentialsId);
}
return new StandardListBoxModel()
@@ -367,7 +367,7 @@ public ListBoxModel doFillCredentialsIdItems(@QueryParameter String apiUrl,
public FormValidation doVerifyCredentials(
@QueryParameter String apiUrl,
@QueryParameter String credentialsId) throws IOException {
- Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER);
+ Jenkins.getActiveInstance().checkPermission(Jenkins.MANAGE);
GitHubServerConfig config = new GitHubServerConfig(credentialsId);
config.setApiUrl(apiUrl);
diff --git a/src/main/java/org/jenkinsci/plugins/github/config/HookSecretConfig.java b/src/main/java/org/jenkinsci/plugins/github/config/HookSecretConfig.java
index 8eb8dc5f2..6c45e5d00 100644
--- a/src/main/java/org/jenkinsci/plugins/github/config/HookSecretConfig.java
+++ b/src/main/java/org/jenkinsci/plugins/github/config/HookSecretConfig.java
@@ -62,7 +62,7 @@ public String getDisplayName() {
@SuppressWarnings("unused")
public ListBoxModel doFillCredentialsIdItems(@QueryParameter String credentialsId) {
- if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
+ if (!Jenkins.getInstance().hasPermission(Jenkins.MANAGE)) {
return new StandardListBoxModel().includeCurrentValue(credentialsId);
}
diff --git a/src/test/java/org/jenkinsci/plugins/github/config/GitHubServerConfigIntegrationTest.java b/src/test/java/org/jenkinsci/plugins/github/config/GitHubServerConfigIntegrationTest.java
index d019c9d4d..7415352fe 100644
--- a/src/test/java/org/jenkinsci/plugins/github/config/GitHubServerConfigIntegrationTest.java
+++ b/src/test/java/org/jenkinsci/plugins/github/config/GitHubServerConfigIntegrationTest.java
@@ -107,7 +107,9 @@ public void shouldNotAllow_CredentialsLeakage_usingVerifyCredentials() throws Ex
j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
GlobalMatrixAuthorizationStrategy strategy = new GlobalMatrixAuthorizationStrategy();
- strategy.add(Jenkins.ADMINISTER, "admin");
+ Jenkins.MANAGE.setEnabled(true);
+ strategy.add(Jenkins.MANAGE, "admin");
+ strategy.add(Jenkins.READ, "admin");
strategy.add(Jenkins.READ, "user");
j.jenkins.setAuthorizationStrategy(strategy);
@@ -121,7 +123,7 @@ public void shouldNotAllow_CredentialsLeakage_usingVerifyCredentials() throws Ex
assertThat(attackerServlet.secretCreds, isEmptyOrNullString());
}
- { // only admin can verify the credentials
+ { // only admin (with Manage permission) can verify the credentials
JenkinsRule.WebClient wc = j.createWebClient();
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
wc.login("admin");