[LPS-112886] Comments are not accessible by any user that is not a company admin - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: Master
Fix Version/s: 7.1.10 DXP FP18, 7.1.10.5 SP5, 7.1.X, 7.2.10 DXP FP6, 7.2.X, 7.3.3 CE GA4, 7.3.10 DXP GA1, Master
Component/s: Headless Delivery API
Labels:

Branch Version/s:

7.2.x, 7.1.x
Backported to Branch:

Committed
Fix Priority:
4

Description

Investigated (ping Javier Gamarra) and asked Search team and Lima team.

Looks like it has worked in the past because Elasticsearch permissions are purposely disabled for that endpoint. But that approach is useless, permission changes are not easy to track or revert.

> I’m trying to search for Comments (indexed, backed by MBMessage with discussion to true) with an user that is not a company admin (those work fine) and failing miserably… JSPs don’t use Elasticsearch. They are public (and I haven’t found a related permission)… permission fields are not indexed for comments (they are for the other MBMessages) because they don’t have a ResourcePermission entry and if I set searchPermissionContext to Blank, results get filtered because all hasPermissions fail (error of trying to circunvent PermissionChecker)

Attachments

Issue Links

causes

COMMERCE-4016 Commerce headless modules fail at runtime due to SearchUtil$SearchContext

Closed

Activity

People

Assignee:: Luis Miguel Barcos

Reporter:: Javier Gamarra (Inactive)

Participants of an Issue:: Javier Gamarra, Luis Miguel Barcos, Manoel Cyreno

Recent user:: Yunlin "Steven" Sun

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 02/May/20 10:12 AM

Updated:: 17/Dec/20 12:38 AM

Resolved:: 22/May/20 9:35 AM

Days since last comment:: 2 years, 11 weeks, 3 days ago

Packages

Version	Package
7.1.10 DXP FP18
7.1.10.5 SP5
7.1.X
7.2.10 DXP FP6
7.2.X
7.3.3 CE GA4
7.3.10 DXP GA1
Master