Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-6482

should not be allowed to save order of a subset of Staging Profiles

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.7
    • Fix Version/s: 3.0.0-m1
    • Component/s: Staging
    • Labels:
      None
    • Sprint:
      Sprint 18

      Description

      1. Open a list of staging profiles
      2. Filter the list using the filter box on right corner OR login as a user who can only see a subset of the profiles
      3. Click Save Order
      4. Now the profilesOrder config in the staging.xml only contains the filtered profile ids.
      5. When a deploy is attempted against one of the profiles that is not in the filtered list, the deploy receives a 500 error and the deploy fails

      Recovery:
      If a filtered view of profiles gets persisted, admin user should view profiles list and click Save Order while list is not filtered.

      Expected

      • the Save Order button should not be enabled if the profiles visible are a subset of all the profiles, even for admin
      • the backend should verify the submitted profile ids ordered is an exact set of the current known profile ids, and fail if not

      This should be verified with nexus.staging.profile.traversal=strict and nexus.staging.profile.traversal=permissive

        Attachments

          Activity

            People

            Assignee:
            jdillon Jason Dillon
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title