Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regression for anonymous user and content selector privileges #422

Open
yaskoo opened this issue Jul 2, 2024 · 3 comments
Open

Regression for anonymous user and content selector privileges #422

yaskoo opened this issue Jul 2, 2024 · 3 comments
Assignees
@nblair
Labels
triage Issues that need to be investigated, replicated

Comments

@yaskoo
Copy link

yaskoo commented Jul 2, 2024

  • What problem are you trying to solve?
    After updating to 3.68.1, the anonymous user can no longer browse repositories, which is granted permission using content selectors.

  • Do you have a workaround you are using at present?
    No

  • What feature or behavior is this required for?
    Browsing repositories

  • How could we solve this issue? (Not knowing is okay!)

  • Tell us about your Nexus Repository deployment: what version, operating system, and database are you using?
    Standalone docker container, version 3.68.1.

  • Anything else?
    This seems to have been introduced in 3.68.0 (the steps bellow work in previous version)

Steps to reproduce:

  1. docker volume create nexus
  2. docker container run --rm -it -p 8081:8081 --name nexus -v nexus:/nexus-data sonatype/nexus3:3.68.1
  3. Login, go through the wizard and enable anonymous access
  4. Create a new raw hosted repository and upload a couple of files e.g. /foo/bar/test-1.txt and /biz/baz/test-2.txt
  5. Create a content selector with the following
format == "raw" and path =^ "/foo"

this also doesn't work

format == "raw" and path =~ "/|/foo|/foo/bar|/foo/bar/.*"
  1. Create a privilege using that content selector and specify the browse and read actions
  2. Create a new role and assign the privilege to it
  3. Go to Users > anonymous and assign the new role, but also remove nx-anonymous
  4. Logout and try to browse the repository

Now when the user tries to browse the repositories it should see our repository and the file test-1.txt, instead it doesn't see anything.

It seems that only the anonymous user is affected. If you create a new local user and assign the same role - the user will be able to browse the repository.
@yaskoo yaskoo added the pending label Jul 2, 2024
@yaskoo
Copy link
Author

yaskoo commented Jul 4, 2024

Adding the nx-repository-view-raw-my-repo-browse causes the repository contents to be visible, but the content selector is completely ignored. The browse action from the privilege seems not to be applied.

@mrprescott mrprescott added triage Issues that need to be investigated, replicated and removed pending labels Jul 9, 2024
@yaskoo
Copy link
Author

yaskoo commented Jul 16, 2024

It's been two weeks now. Do you have any update on this?

@m-riks
Copy link

m-riks commented Aug 28, 2024

Also experiencing this problem with docker repo for anonymous user, last nexus version my configuration worked 3.40.1, after upgrade to 3.69.0 docker became unavailable even cannot view it as anonymous , content selector configured and expression allows to list described directories. Custom privilege created assigned to role and role to anonymous user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nblair nblair

Labels
triage Issues that need to be investigated, replicated
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nblair @mrprescott @yaskoo @m-riks