Regression for anonymous user and content selector privileges

[yaskoo]

• What problem are you trying to solve? After updating to 3.68.1, the anonymous user can no longer browse repositories, which is granted permission using content selectors.

• Do you have a workaround you are using at present? No

• What feature or behavior is this required for? Browsing repositories

• How could we solve this issue? (Not knowing is okay!)

• Tell us about your Nexus Repository deployment: what version, operating system, and database are you using? Standalone docker container, version 3.68.1.

• Anything else? This seems to have been introduced in 3.68.0 (the steps bellow work in previous version)

Steps to reproduce:

1. docker volume create nexus
2. docker container run --rm -it -p 8081:8081 --name nexus -v nexus:/nexus-data sonatype/nexus3:3.68.1
3. Login, go through the wizard and enable anonymous access
4. Create a new raw hosted repository and upload a couple of files e.g. /foo/bar/test-1.txt and /biz/baz/test-2.txt
5. Create a content selector with the following

   format == "raw" and path =^ "/foo"

   this also doesn't work

   format == "raw" and path =~ "/|/foo|/foo/bar|/foo/bar/.*"

6. Create a privilege using that content selector and specify the browse and read actions
7. Create a new role and assign the privilege to it
8. Go to Users > anonymous and assign the new role, but also remove nx-anonymous
9. Logout and try to browse the repository

Now when the user tries to browse the repositories it should see our repository and the file test-1.txt, instead it doesn't see anything.

It seems that only the anonymous user is affected. If you create a new local user and assign the same role - the user will be able to browse the repository.

[yaskoo]

Adding the nx-repository-view-raw-my-repo-browse causes the repository contents to be visible, but the content selector is completely ignored. The browse action from the privilege seems not to be applied.