Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-9867

If user A is assigned an organization role, one user with the "Organization Administrator" role can promote/demote user A's permission by changing the values of two attributes to the desired ones in the "User Information > Roles" page.

    Details

      Description

      Following are the steps to reproduce this issue.
      1. Login as the super administrator, create a new user “admin” and create a new organization “organization”.
      2. Add user “admin” to the organization “organization” and assign the “Organization Administrator” role to “admin”.
      3. Create a new organization role “role1” that contain any permission, add another user “user1” to the organization “organization” and assign “role1” to the user “user1”.
      4. Log out the super administrator and login the portal using “admin”.
      5. Go to Control Panel > Portal > Users and Organization, click on the specified organization and then click on “user1”.
      6. Navigate to User Information > Roles, press “F12” in the Mozilla Firefox explorer and change the values of “_2_organizationRolesSearchContainerPrimaryKeys” and “_2_groupRolesRoleIds” to the ones of the “Organization Owner” role.
      7. Click Save in the GUI.
      [Expected Result] The organization role of “user1” does not change.
      [Actual Result] The organization role of “user1” changes from “role1” to “Organization Owner”.

        Attachments

          Activity

            People

            Assignee:
            support-ee EE Support
            Reporter:
            dale.shan Dale Shan (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                6.1.X EE