Affects Version/s: 6.11.3
Fix Version/s: None
Currently, if you deploy an image with a user, then try to push the image again (to overwrite it) with no delete/overwrite permissions, the docker client returns a successful message. If you try to overwrite the image/tag with a different image, then there will be an error.
Steps to reproduce:
- Set permissions for user to Read, Annotate, Deploy
- Tag (docker tag busybox mill.jfrog.info:12019/docker-local/busybox) and push docker image to Artifactory for the first time with a version tag (say v0.3) – Works fine
- Set permissions for user to Read, Annotate, Deploy, Delete/Overwrite
- Push the same image/version again – Works as well (as expected)
- Revoke the Delete/Overwrite permissions
- Push the same image/version again – Still able to push the image! This is not expected.
- Try to tag a different image (docker tag hello-world mill.jfrog.info:12019/docker-local/busybox) and push. See the docker client has an error this time
The docker client should provide an error when trying to overwrite an image if delete/overwrite permissions is not granted