Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-110119

Users are not hidden from Asset Library memberships when the permission to view them is disabled

    Details

      Description

      Steps to reproduce:
      1. Create a new regular role with the following permissions set:

      Asset Libraries

      • General Permissions: Access in Control Panel, View
      • Resource Permissions: Asset Library Entry: View

      Memberships

      • General Permissions: Access in Site and Asset Library Administration
      • Resource Permissions: View Site and Asset Library Administration Menu

      Note: Neither Memberships: View Members nor Asset Libraries: View Members are checked, so this permission should not be granted. The user with this regular role assigned should be able to access the asset library to the membership section, but not see any users.

      2. Create an asset library
      3. Create a few users and add them to the asset library
      4. Assign one of the users to this regular role
      5. Log in with user
      6. Navigate to the membership section in the Asset Library

      Expected result:
      Since the View Members permission has not been granted, the user should not be able to see any users besides himself.

      Actual result:
      All users are shown. The ellipses in the user cards are also shown, but clicking on them opens a blank dropdown.

      HekSYwkCle.mp4
      Reproduced on:
      Tomcat 9.0.17 + MySQL 5.7.
      Portal master 396c2b5ac98c7e099cd6920c839f6b39264cf680

        Attachments

        1. Capture.PNG
          Capture.PNG
          30 kB
        2. HekSYwkCle.mp4
          2.01 MB

          Issue Links

            Activity

              People

              Assignee:
              austin.chiang Austin Chiang
              Reporter:
              austin.chiang Austin Chiang
              Participants of an Issue:
              Recent user:
              Tomáš Polešovský
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                21 weeks ago

                  Packages

                  Version Package
                  7.3.3 CE GA4
                  7.3.4 CE GA5
                  7.3.10 DXP GA1
                  Master