-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.0.0 DXP FP89, 7.0.X, 7.1.10 DXP FP16, 7.1.X, 7.2.10 DXP FP3, 7.2.10 DXP FP4, 7.2.X, Master
-
Fix Version/s: 7.1.10 DXP FP25, 7.1.X, 7.2.10 DXP FP15, 7.2.X, 7.3.X, 7.4.0 CE GA1, 7.4.1 CE GA2, 7.4.2 CE GA3, 7.4.13 DXP GA1, Master
-
Component/s: Core Infrastructure > Permissions
-
Branch Version/s:7.3.x, 7.2.x, 7.1.x
-
Backported to Branch:Committed
-
Story Points:1
-
Fix Priority:3
-
Sprint:AppSec Iteration 55, AppSec Iteration 56, AppSec Iteration 57
-
Git Pull Request:
On 7.2 FP1 & 7.2 SP1 some of the permissions from a site role that is applied to the user of a parent site are also applying to a child site.
Site A is a parent of Site B. I'm giving John the Site Administrator role for Site A. When John goes to Site B he doesn't have all the administrator functionalities, but he does have the ability to add pages, for instance.
The documentation says the following "Each child Site in the hierarchy has its own administrator, and the Site Administrator role permissions do not flow down to child Sites in the hierarchy." https://portal.liferay.dev/docs/7-2/user/-/knowledge_base/u/understanding-site-management
Updated description:
Reproduce steps:
1. Login as portal admin, for example, test user.
2. Create a parent site, and child site.
3. Create a user, call it parent.admin, as parent site adminstrator.
4. Go to control panel and verify site administrator role has "Allow subsites management" disabled.
5. Login as parent.admin and go to child site.
Expected: parent.admin cannot do any management action to child site.
Actual: parent.admin can add pages and etc.
6. Login as portal admin.
7. Go to control panel and enable "Allow subsites management" for site adminstrator role.
8. Login as parent.admin and go to child site.
Expected: parent.admin can do any management action to child site.