Uploaded image for project: 'ZZZ: PUBLIC - Old Liferay Portal (Use Liferay Portal Standard Edition)'
  1. ZZZ: PUBLIC - Old Liferay Portal (Use Liferay Portal Standard Edition)
  2. LEP-4031

Allow users to access struts paths of other portlets as long as they have the correct roles

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 4.2.2, 4.3.3
    • Fix Version/s: 4.3.4, 4.4.0
    • Component/s: None
    • Labels:
      None

      Description

      The struts path was originally implemented to keep unauthorized users from accessing the functionality of administrative portlets by maniuplating the url. To prevent this, struts paths were associated with portlets and attempts to access the struts path outside of the portlet were blocked.

      However, this also prevented authorized users from accessing struts paths of other portlets.

      Instead, a user with the Administrator role should be able to access all paths within struts-config.xml and users with the Power User role should be able to access all struts paths of portlets that are associated with the Power User role, etc.

      (This suggestions was given by Dan Ignat. Thanks Dan!)

        Attachments

          Activity

            People

            Assignee:
            edward.shin Edward Shin (Inactive)
            Reporter:
            edward.shin Edward Shin (Inactive)
            Participants of an Issue:
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                4.3.4
                4.4.0