Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-20226

user without delete/overwrite permission can deploy the same package to the Local Cran repository

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 7.10.1
    • Component/s: None
    • Labels:
    • Severity:
      High

      Description

      CRAN Repository is allowing the user do delete/override operations who don't have permission to delete/override content as per the security groups as we use POST method to deploy a Cran package.

      Steps to reproduce:

      1. Create a user with permission read, annotate and deploy/cache
      2. Deploy a package first and re-deploy the same package using Artifactory REST APIĀ 
        it allows the user to overwrite the existing package

      The logs are from event.log provided below
      1569934139828|delete|cran-local/src/contrib/adhoc_1.1.tar.gz
      1569934139828|delete|cran-local/.temp/src/contrib/049c03ff-02d1-4e78-88a0-5fe3090ec869
      1569934139828|create|cran-local/src/contrib/adhoc_1.1.tar.gz
      1569934139828|props|cran-local/src/contrib/adhoc_1.1.tar.gz
      1569934139842|update|cran-local/src/contrib/PACKAGES.

        Attachments

          Activity

              People

              Assignee:
              yevdoa Yevdo Abramov
              Reporter:
              tataraov Tatarao Vana
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: