Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-19557

Nuget pre-release packages can be overwritten without proper permissions

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: NuGet
    • Labels:
      None

      Description

      When pushing a nuget pre-release package (i.e. packages with a srting after the x.x.x version format), it will be overwritten eventhough there is only deploy permission.

      As opposed to what seemed to be an expected behaviour, nuget does not allow overwriting of packages.

      From nuget support: 

      "If you are publishing to nuget.org, we don’t allow deleting/overwriting packages, as this might break users that depend on them.

      We do support “unlisting” packages, which hides them from search results.'

       

      Steps to reproduce:

      1) Set up a nuget local repository and a non admin user.

      2) Give this user read and deploy permissions only - Do not check the overwrite/delete action.

      3) Push to that repo a pre-release nuget package twice and it will be overwritten.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              shaharl Shahar Levy
            • Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: