[
https://issues.apache.org/jira/browse/MRM-1908?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver E updated MRM-1908:
--------------------------
Attachment: MRM-1908.patch
I supplied a patch which corrects the behaviour showing all read-accessible
repositories in the upload form.
This patch adds a new method in the BrowseService which only delivers
repositories with the users associated write access
(browseService/userManagableRepositories). The existing method can't be changed
since it is also used on the browsing page (/browseService/userRepositories)
I'm not sure if this covers [~trampi]'s and [~chriss745]'s problem though.
Maybe you can give it a look/try.
> Logged on users can write any repository
> ----------------------------------------
>
> Key: MRM-1908
> URL: https://issues.apache.org/jira/browse/MRM-1908
> Project: Archiva
> Issue Type: Bug
> Components: Users/Security
> Affects Versions: 2.2.0
> Reporter: Krisztian Fekete
> Fix For: 2.2.1
>
> Attachments: MRM-1908.patch, archiva1.jpg, archiva2.jpg,
> archiva3.jpg, archiva4.jpg, archiva5.jpg, archiva6.jpg
>
>
> Our sandbox Archiva 2.2.0 instance is connected with our corporate LDAP
> service. I created a repository with name common-internal. My LDAP user
> feketk1 doesn't have any permission on the common-internal repository. When I
> login through the web UI with my feketk1 user, I am able to upload artefacts
> to the common-internal repository.
> For additional details please check attached screenshots.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
