martinspielmann
commented
7 years ago I faced similar behavior until I noticed there was a setting wrong which allowed anonymous read access to all repos. Did you uncheck this box already?
Closed webmutation closed 7 years ago
martinspielmann
commented
7 years ago I faced similar behavior until I noticed there was a setting wrong which allowed anonymous read access to all repos. Did you uncheck this box already?
webmutation
commented
7 years ago Correct, that nexus never had anonymous access checked. I toggled the setting multiple times now and it still has the same behavior of listing all repos of all types.
martinspielmann
commented
7 years ago I tried to reproduce your setup. My nexus behaves exactly like yours. What is interesting: I also created a local (not crowd mapped) user. For this local user, the behavior is also the same. So this might not be plugin related, but some kind of feature/bug in nexus-3.1.0. I will try to set up a new nexus without any plugin installed...
webmutation
commented
7 years ago I will try the same, it can be a Nexus 3.1 bug. I do not remember the behavior without the plugin
martinspielmann
commented
7 years ago OK I definitely am able to see al repos without having the required permission. Test environment:
So far, i'm not able to find any open issue https://issues.sonatype.org/browse/NEXUS-8852?jql=project%20%3D%20NEXUS%20AND%20resolution%20%3D%20Unresolved%20AND%20component%20%3D%20Security%20ORDER%20BY%20priority%20DESC%2C%20updated%20DESC
webmutation
commented
7 years ago Thanks for looking into this. It would be great if you could open the issue with Sonatype since you had all the work to test already :)
It seems to me like a regression since with NX 3.0 it behaves as expected.
martinspielmann
commented
7 years ago Just wanted to make sure to search for existing known issues, before opening a new one, when I realized that you were faster than me :+1: https://groups.google.com/a/glists.sonatype.com/forum/?hl=en#!topic/nexus-users/sS4MrwIKPCw I'm curious about the feedback
webmutation
commented
7 years ago Apparently there is an issue open already :) i did not open it, but i am glad we are not the only ones noticing this regression in 3.1
https://issues.sonatype.org/browse/NEXUS-11937 I am tracking it as well. Lets see if they fix it.
martinspielmann
commented
7 years ago Ah perfect, thanks for the hint! I'll close this issue now and follow the other one also.
I think there may be some issues with filtering the list of repositories.
On a Nexus3 (OSS 3.1.0-04) I created an npm repository npm-test and gave it only view access to this hosted repository. I created a role npm-test-role and a test user npm-test-user for this. I added only the following privilege **nx-repository-view-npm-npm-test-***
However when I login with that test user i can see a listing of all the repos that are on the Nexus3 machine. On an alternative installation (v OSS 3.0.0-03) that does not have the plugin installed I only have the npm-test repo listed.