CRAN Repository is allowing the user do delete/override operations who don't have permission to delete/override content as per the security groups as we use POST method to deploy a Cran package.
Steps to reproduce:
- Create a user with permission read, annotate and deploy/cache
- Deploy a package first and re-deploy the same package using Artifactory REST APIĀ
it allows the user to overwrite the existing package
The logs are from event.log provided below
1569934139828|delete|cran-local/src/contrib/adhoc_1.1.tar.gz
1569934139828|delete|cran-local/.temp/src/contrib/049c03ff-02d1-4e78-88a0-5fe3090ec869
1569934139828|create|cran-local/src/contrib/adhoc_1.1.tar.gz
1569934139828|props|cran-local/src/contrib/adhoc_1.1.tar.gz
1569934139842|update|cran-local/src/contrib/PACKAGES.