Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
2.5.0
-
Severity 3 - Minor
-
0
-
Description
Given a user, user, and a test project, TEST with two repositories:
- Repo test1 - user is granted REPO_READ permission
- Repo test2 - public repo
When called by user, RepositoryService.countByProject(TEST) would only return 1, not 2.
Users don't technically have a permission on public repositories. Their ability to read the repo is implied. Unfortunately, several of the API calls don't handle this implicit permission grant (or AnonymousUsers) very well.
Attachments
Issue Links
- relates to
-
BSERV-7232 Javadoc for PermissionService should be more clear about anonymous user handling
- Closed