Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Artifact owner-only authorization is not working as expected #5482

Closed
aboucham opened this issue Nov 7, 2024 · 1 comment · Fixed by #5635
Closed

Artifact owner-only authorization is not working as expected #5482

aboucham opened this issue Nov 7, 2024 · 1 comment · Fixed by #5635
Assignees
@carlesarnal
Labels
area/auth component/registry priority/normal type/bug Something isn't working
Milestone
3.0.7

Comments

@aboucham
Copy link

aboucham commented Nov 7, 2024

Setting an Artifact owner-only authorization=true in the Registry.

For most of the edit calls it is working as expected, except below api call:

POST with /apis/registry/v2/groups/{groupId}/artifacts?ifExists=RETURN_OR_UPDATE
POST with /apis/registry/v2/groups/{groupId}/artifacts?ifExists=UPDATE

Actual behaviour : With the above api call if artifact has been created by one user, it is getting updated successfully by another user.

Expected behaviour : It should forbidden the other user to update the artifact

Observation: Issue is only with the POST method, if a put method is used to update the artifact, it is working as expected.
@apicurio-bot
Copy link

apicurio-bot bot commented Nov 7, 2024

Thank you for reporting an issue!

Pinging @EricWittmann to respond or triage.

@EricWittmann EricWittmann moved this to Backlog in Registry 3.0 Nov 7, 2024
@EricWittmann EricWittmann added this to the 3.0.5 milestone Nov 7, 2024
@carlesarnal carlesarnal self-assigned this Nov 14, 2024
@EricWittmann EricWittmann modified the milestones: 3.0.5, 3.0.6 Dec 3, 2024
@EricWittmann EricWittmann modified the milestones: 3.0.6, 3.0.7 Dec 13, 2024
@carlesarnal carlesarnal moved this from Backlog to In Progress in Registry 3.0 Jan 14, 2025
@carlesarnal carlesarnal moved this from In Progress to Done in Registry 3.0 Jan 14, 2025
@carlesarnal carlesarnal linked a pull request Jan 14, 2025 that will close this issue
Fix non-owner can update artifact #5635
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@carlesarnal carlesarnal

Labels
area/auth component/registry priority/normal type/bug Something isn't working
Projects
Registry 3.0
Status: Done
Milestone
3.0.7
Development

Successfully merging a pull request may close this issue.

Fix non-owner can update artifact carlesarnal/apicurio-registry
3 participants
@EricWittmann @carlesarnal @aboucham