The plugin does not respect the user-group-permission target association. A permission target is created, which has the Read, Annotate and Deploy/Cache permission for the associated groups. However, it does not have the "Delete/Overwrite" permission for the groups. In that case, when we try to deploy using "mvn clean deploy" for the second time, it should be throwing 403. However, it is not complaining about it and deploying it without any issues.
To Reproduce
Create a SAML user or an internal user - for example - "abc@jfrog.com"
Add that user manually to two groups "readers" and "remote-cache".
Now these two groups "readers" and "remote-cache" are part of a permission target "testoverwrite" and the groups have "Read", "Annotate" and "Deploy/Cache" permission in this permission target for the repositories (libs-release-local, libs-snapshots-local) and as well as for the builds.
Create a folder and paste the attached "pom.xml" file into that folder.
Configure the "settings.xml" from the "Set Me Button" and change the username and password section with the created one.
Run the "mvn clean install" from that folder to build it.
Run the "mvn clean deploy" two times and the deploy will be successful
Expected behavior
If we run the "mvn clean deploy" for the second time without changing anything, it should throw a "403 Forbidden" error as the same file is being tried to be deployed to the repository. The expected behavior can be seen when we use "distributionManagement" in the "pom.xml" file.
Screenshots
The required files are attached with this issue.
Description:
The plugin does not respect the user-group-permission target association. A permission target is created, which has the Read, Annotate and Deploy/Cache permission for the associated groups. However, it does not have the "Delete/Overwrite" permission for the groups. In that case, when we try to deploy using "mvn clean deploy" for the second time, it should be throwing 403. However, it is not complaining about it and deploying it without any issues.
To Reproduce
Create a SAML user or an internal user - for example - "abc@jfrog.com"
Add that user manually to two groups "readers" and "remote-cache".
Now these two groups "readers" and "remote-cache" are part of a permission target "testoverwrite" and the groups have "Read", "Annotate" and "Deploy/Cache" permission in this permission target for the repositories (libs-release-local, libs-snapshots-local) and as well as for the builds.
Create a folder and paste the attached "pom.xml" file into that folder.
Configure the "settings.xml" from the "Set Me Button" and change the username and password section with the created one.
Run the "mvn clean install" from that folder to build it.
Run the "mvn clean deploy" two times and the deploy will be successful
Expected behavior If we run the "mvn clean deploy" for the second time without changing anything, it should throw a "403 Forbidden" error as the same file is being tried to be deployed to the repository. The expected behavior can be seen when we use "distributionManagement" in the "pom.xml" file.
Screenshots The required files are attached with this issue.
Versions
Attachments: pom.xml_use_case_reproduced_internal_user.txt pom.xml_useCase_reproduced_SAML_user.txt pom.xml_with_expected_behavior.txt