Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-112886

Comments are not accessible by any user that is not a company admin

    Details

    • Branch Version/s:
      7.2.x, 7.1.x
    • Backported to Branch:
      Committed
    • Fix Priority:
      4

      Description

      Investigated (ping Javier Gamarra) and asked Search team and Lima team. 

      Looks like it has worked in the past because Elasticsearch permissions are purposely disabled for that endpoint. But that approach is useless, permission changes are not easy to track or revert.

       
      > I’m trying to search for Comments (indexed, backed by MBMessage with discussion to true) with an user that is not a company admin (those work fine) and failing miserably… JSPs don’t use Elasticsearch. They are public (and I haven’t found a related permission)… permission fields are not indexed for comments (they are for the other MBMessages) because they don’t have a ResourcePermission entry and if I set searchPermissionContext to Blank, results get filtered because all hasPermissions fail (error of trying to circunvent PermissionChecker) 

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  17 weeks, 3 days ago

                  Packages

                  Version Package
                  7.1.10 DXP FP18
                  7.1.X
                  7.2.10 DXP FP6
                  7.2.X
                  7.3.3 CE GA4
                  Master