[RTFACT-18117] permissiontargets rest ui returns all local repos Created: 18/Dec/18  Updated: 18/Dec/18  Resolved: 18/Dec/18

Status: Resolved
Project: Artifactory Binary Repository
Component/s: Web UI
Affects Version/s: 6.6.0
Fix Version/s: 6.6.0

Type: Bug Priority: Normal
Reporter: Gal Ben Ami Assignee: Gal Ben Ami
Resolution: Fixed Votes: 0
Labels: None


https://repo.jfrog.io/artifactory/ui/permissiontargets Will return a large body.

This REST API is being called by the web UI in the main permissions screen.

This api reveals all local repos in the field allRealRepos.

This is problematic because:
1. it may generate a huge body (performance impact)
2. it reveals existence of repos to unauthorised users. (security impact)

The field allRealRepos shall not be returned in the json response.
It shall be used internally.

Generated at Wed Aug 05 07:35:05 UTC 2020 using Jira 8.5.3#805003-sha1:b4933e02eaff29a49114274fe59e1f99d9d963d7.