Details
-
Type:
Bug
-
Status:
Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 5.1.2, 5.2.3, 6.0.5 GA
-
Fix Version/s: --Sprint - SP, 6.0.6 GA, 6.1.0 CE RC1
-
Component/s: Administration, Administration > Roles & Permissions, API > JavaScript
-
Labels:None
-
Environment:Liferay 5.2.3 CE and above (including EE versions)
-
Branch Version/s:5.1.x, 5.2.x, 6.0.x
-
Backported to Branch:Committed
-
Similar Issues:
Description
In short - Individual ResourcePermission records are never removed.
Algorithm 6 introduced ResourcePermissions and deprecated Resource, ResourceCode and Permission.
Whole portal use ResourceLocalService* for adding and removing resources when creating/removing model and portlet resources.
Adding seems OK, but removing is not working - ResourceLocalServiceImpl doesn't call ResourcePermissionsLocalService for removing database record for individual scope when deleting entity from database (for example removing layout, blog entry, portlet on a page, etc.).
ResourceLocalServiceImpl:
======================
public void deleteResource(
long companyId, String name, int scope, String primKey)
throws PortalException, SystemException {
if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6)
{ return; }This can lead to database space leak.
--------------------
Possible solution is to
1, use ResourcePermissionLocalServiceUtil.removeResourcePermission - but for all actions defined on the resource 
2, or add new method for removing the record in ResourcePermissionLocalService
add to 6.0.6 queue