Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-21538

Content Selector Preview not applying same permission rules as browse tree visibility

    XMLWordPrintable

    Details

      Description

      Currently for the tree browse, security is checked at each level in the tree (rather than checking security of all the assets in any child nodes recursively) for performance purposes, however this requires you to make sure your content selectors give privileges to all the parent paths up the tree (as noted here https://support.sonatype.com/hc/en-us/articles/213464568-Browse-storage-doesn-t-work-for-users-with-restricted-read-access- ).

      When creating content selectors, the preview results screen uses the old asset listing view, which ultimately only lists assets that matched (not any tree like structure). Though this is technically correct, and these assets are accessible directly, there is potential that the user will not be able to browse to the assets via the tree, as they may not have permissions to parent directories.

      Though both things are technically correct (what is listed in selector preview results, and what is not listed in browse tree), this can be very confusing.

      Need to decide how best to resolve this, a couple potential solutions come to mind

      • simply note in content selector preview that this shows assets that you can directly access, not necessarily browse to in the UI (simple change, maybe not the most useful)
      • switch the results from asset listing to tree view (more involved change, much more useful i think)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              dbradicich Damian Bradicich
              Last Updated By:
              Joe Tom
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title