Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-28286

Content Selector: "browse" action does not seem to be working

    Details

    • Notability:
      3

      Description

      ISSUE:

      With CSEL, Nexus administrators can't allow users to browse only particular directories/files.

      REPRODUCE STEPS:

      1) Create a row-hosted repository
      2) Upload some file (aaaa.txt) under /test/test2/test3/
      3) Upload another file (bbbb.txt) under /test/test2
      4) Create a test user.
      5) Create a CSEL with format == "raw" and path =^ "/test/test2/test3" (tried path =~ "/test/test2/test3/.*" and path =~ ".*/test3.*" as well)
      6) Create a new privilege with above CSEL, then add into a new role, then assign this new role to this test user.
      7) Login as the test user and browse the row-hosted repository.
      Below lines do above steps:

      export _NEXUS_URL="http://localhost:8081/"
      bash ./demo.sh
      

      EXPECTED BEHAVIOUR:

      My expectation is the test user should see /test/test2/test3/aaaa.txt, but should not see "/test/test2/bbbb.txt.
      The reason I expect this is it seems the code checks the CSEL when no repository level permission is set.

      ACTUAL BEHAVIOUR:

      This test user can't see any directories/files but just permission error, until the admin adds "nx-repository-view-raw-raw-hosted-browse" privilege.
      Also, after adding above privilege, the test user can see all objects under the raw-hosted repo (the "browse" action is not working at all).

      POTENTIAL CAUSE:

      The getByPath() uses path = "/" which eventually generates the SQL like blow:

      select from browse_node where (repository_name='raw-hosted' and parent_path='/') and ((format = 'raw' and path like 'test/test2/test3%')) limit 10000
      

      So I'm guessing because the asset's parent_path is not "/", having " ... and parent_path='/'" would not work?

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            hosako Hajime Osako
            Last Updated By:
            Mahendra Surani Mahendra Surani
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title