Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-1328

Search returns results which a user does not have permission to access

    XMLWordPrintable

Details

    Description

      Search returns results which a user does not have permission to access.

      If a resource is available to only users who have the a particular community/organization role, "X", it does not take into account that the "X" role is distinct for each community/organization.

      For example, if there is a blog entry in the community "Secret Service" which is only viewable to the community role "Community Member" and "Public Joe" who is not a member of "Secret Service" but has "Community Member" role for the community "Public Library". Search will find results for "Public Joe" in both "Community Library" and "Secret Service." Therefore, he can see the blog entry in "Secret Service" as part of the results when he chooses to search the entire portal.

      Attempting to access the result will properly cause a permission error. However, users are able to read the title and pieces of the result as part of the search result.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LPS-4748 Search finds results in communities you don't belong to

          • Closed

          Activity

            People

              support-ee EE Support
              samuel.kong Samuel Kong
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Packages

                  Version Package
                  5.2 EE SP2 (5.2.6)