From c621bd441d464eba5ffbf27161a2b6bea7c4ffd6 Mon Sep 17 00:00:00 2001 From: Javier Garcia Date: Thu, 17 Oct 2024 11:15:26 +0200 Subject: [PATCH] JENKINS-73941 - Avoid disabling the ScriptApproval screen with forceSandbox mode enabled --- README.md | 3 ++- .../plugins/scriptsecurity/scripts/ScriptApprovalLink.java | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index df368f1c8..7f5bbe10f 100644 --- a/README.md +++ b/README.md @@ -87,7 +87,8 @@ Jenkins jobs) should generally be denied. Most `getSomething` methods are harmle In case of highly secured environments, where only sandbox scripts are allowed, the option "Force to use the Sandbox globally in the system" allows forcing the use of the -sandbox globally in the system and will disable the "In-process Script Approval" screen. +sandbox globally in the system and will block the creation of new items in the +"In-process Script Approval" screen. ### ACL-aware methods Be aware however that even some “getter” methods are designed to check specific diff --git a/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalLink.java b/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalLink.java index e85909bf2..38e73c99f 100644 --- a/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalLink.java +++ b/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalLink.java @@ -37,7 +37,7 @@ @Extension public final class ScriptApprovalLink extends ManagementLink { @Override public String getIconFileName() { - if (ScriptApproval.get().isForceSandbox() || ScriptApproval.get().isEmpty()) { + if (ScriptApproval.get().isEmpty()) { return null; } return "symbol-edit-note";