Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-109670

User without View Members permissions should not be able to access Asset Library Memberships

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Won't Fix
    • Affects Version/s: Master
    • Fix Version/s: None
    • Component/s: Asset Libraries
    • Labels:
    • Fix Priority:
      4

      Description

      Steps to reproduce:

      1. Add a new user
      2. Add a new regular role. To define permissions, navigate to Control Panel > Asset Libraries:
      3. Select all general permissions
      4. Select all permissions under Asset Library entry except "View Members"
      5. Save
      6. Assign role to user
      7. Log in as user
      8. Navigate to Asset Library

      Expected result:
      Since no permissions were set to view members, no link to click into the asset library is generated and the user cannot access the library.

      Actual result:
      Link is generated and user can access the Memberships section to view the members in a library.

      Also, if step 4 above was repeated except "Assign Members" was the permissions not selected, then no link is generated. So setting this permission apparently enables view and edit permissions. I'm not sure if this is correct.

      Reproduced on:
      Tomcat 9.0.17 + MySQL 5.7.
      Portal master 6d52cd63ff4a6619d17836f9f24596c939b7f7f9

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              austin.chiang Austin Chiang
              Reporter:
              austin.chiang Austin Chiang
              Participants of an Issue:
              Recent user:
              Rubén Heras
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                37 weeks, 2 days ago

                  Packages

                  Version Package