[RTFACT-15361] Admin Groups are broken when authenticating with an API Key Created: 29/Nov/17  Updated: 08/Dec/17  Resolved: 06/Dec/17

Status: Resolved
Project: Artifactory Binary Repository
Component/s: Security
Affects Version/s: 5.6.2
Fix Version/s: 5.7.0

Type: Bug Priority: Critical
Reporter: Uriah Levy Assignee: Nadav Yogev
Resolution: Fixed Votes: 0
Labels: None

Assigned QA: Anastasiya Muntyan
Sprint: Leap 26

 Description   

Admin privilliges granted by an Admin group (when the user itself is not a direct admin) no longer work when the API Key is used to authenticate.

To reproduce:

1.Create some user
2.Create a group and mark it as an Admin group (add the user into that group)
3.Try some admin-only action using the API Key (either with basic auth or the api key header) :
curl -XGET -u uriahl:AKCp5ZjzFrAR7dWgTbYMVBUSKnXrkoggs9vuSkcpmrd1T6db6WebT7RivLEiCeYoahVuea7Fc "http://localhost:8081/artifactory/api/system/configuration"

You'll get a 403.


Generated at Tue Feb 18 08:11:00 UTC 2020 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.