Affects Version/s: 6.3.3
Fix Version/s: None
It has been observed that when the user and the group have the same name, the user permissions are overwriting the group permissions that apply to other users.
To reproduce the problem, create the following.
- 2 users: test and test-builder.
- 1 local generic repository: it-test
- 1 permissions: testing-builder
- 1 group: test-builder
- For the testing-builder permissions, assign it the it-test repository.
- Assign it the test-builder group with only Deploy/Cache, Annotate, and Read permissions.
- Assign it the test-builder user with full permissions.
For the test and test-builder users, add both of them to the test-builder group. You will see that for the test user it will show it does not have Delete/Overwrite permissions on the it-test repository. You will see that test-builder does have Delete/Overwrite permissions on the it-test repository.
The test user will still be able to delete artifacts that are in the it-test repository. If you edit the testing-builder permissions for the test-builder user and remove the Delete/Overwrite, the test user will no longer be able to delete artifacts that are in the it-test repository.
The user permissions shouldn't be overwriting the group permissions that apply to other users.