Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-20226

user without delete/overwrite permission can deploy the same package to the Local Cran repository

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: 3 - High
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 7.10.1
    • Component/s: None
    • Labels:
    • Severity:
      High

      Description

      CRAN Repository is allowing the user do delete/override operations who don't have permission to delete/override content as per the security groups as we use POST method to deploy a Cran package.

      Steps to reproduce:

      1. Create a user with permission read, annotate and deploy/cache
      2. Deploy a package first and re-deploy the same package using Artifactory REST APIĀ 
        it allows the user to overwrite the existing package

      The logs are from event.log provided below
      1569934139828|delete|cran-local/src/contrib/adhoc_1.1.tar.gz
      1569934139828|delete|cran-local/.temp/src/contrib/049c03ff-02d1-4e78-88a0-5fe3090ec869
      1569934139828|create|cran-local/src/contrib/adhoc_1.1.tar.gz
      1569934139828|props|cran-local/src/contrib/adhoc_1.1.tar.gz
      1569934139842|update|cran-local/src/contrib/PACKAGES.

        Attachments

          Activity

            People

            Assignee:
            yevdoa Yevdo Abramov
            Reporter:
            tataraov Tatarao Vana
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Sync Status

                Connection: RTFACT Sync
                RTMID-20226 -
                SYNCHRONIZED
                • Last Sync Date: