[jira] [Commented] (MRM-1908) Logged on users can write any repository

Thu, 15 Sep 2016 07:05:43 -0700 

    [ 
https://issues.apache.org/jira/browse/MRM-1908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15493401#comment-15493401
 ] 

ASF GitHub Bot commented on MRM-1908:
-------------------------------------

GitHub user effrafax opened a pull request:

    https://github.com/apache/archiva/pull/26

    Final fix for MRM-1908

    Hi,
    
    this is the final patchset for 
https://issues.apache.org/jira/browse/MRM-1908 .
    
    The last pull request on the redback component added the needed 
functionality to restrict the rest service methods. This patch restricts the 
upload rest method and returns a filtered list on the upload view in the web 
gui.


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/effrafax/archiva MRM-1908

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/archiva/pull/26.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #26
    
----
commit d01764bed989abc53c20cb79723e59ae390f454a
Author: Martin Stockhammer <[email protected]>
Date:   2016-09-14T19:48:59Z

    Changing upload permissions using parameter reference
    
    Needs the new functionality in the redback annotations.

commit de3eb83242b42d75546670e8859cdb1f59fe4fa6
Author: Martin Stockhammer <[email protected]>
Date:   2016-09-14T19:49:30Z

    Adding restricted view for user managable repositories
    
    Adds additional rest method to list the repositories where the user
    has manage permissions.
    Restricts the view for uploads to only managable repositories.

commit 5bc8ad7de352acb025fefb2e39967abf94163b3b
Author: Martin Stockhammer <[email protected]>
Date:   2016-09-14T21:04:03Z

    Adding test case for repository listing

----


> Logged on users can write any repository
> ----------------------------------------
>
>                 Key: MRM-1908
>                 URL: https://issues.apache.org/jira/browse/MRM-1908
>             Project: Archiva
>          Issue Type: Bug
>          Components: Users/Security
>    Affects Versions: 2.2.0
>            Reporter: Krisztian Fekete
>            Assignee: Olivier Lamy (*$^¨%`£)
>             Fix For: 2.2.2
>
>         Attachments: MRM-1908.patch, archiva1.jpg, archiva2.jpg, 
> archiva3.jpg, archiva4.jpg, archiva5.jpg, archiva6.jpg
>
>
> Our sandbox Archiva 2.2.0 instance is connected with our corporate LDAP 
> service. I created a repository with name common-internal. My LDAP user 
> feketk1 doesn't have any permission on the common-internal repository. When I 
> login through the web UI with my feketk1 user, I am able to upload artefacts 
> to the common-internal repository.
> For additional details please check attached screenshots.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to