Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-117635

Incorrect permissions are set for users who are trying to update answers

    Details

    • Fix Priority:
      5

      Description

      There are two issues here, but since the stacktrace is the same I'm combining this into one ticket since they may be related.

      Steps to reproduce:

      1. Navigate to an existing question that was not written by the current user
      2. Create an answer
      3. View answer

      Expected result:
      The user is able to edit, delete, and reply to the answer but NOT mark it as the answer (this action should be hidden). Those permissions should only be granted to the question creator.

      Actual result:

      Issue 1:

      The "Mark as answer" icon appears, but clicking on it throws a browser permissioning error.

      Uncaught (in promise) Error: Exception while fetching data (/patchMessageBoardMessage) : java.lang.RuntimeException: com.liferay.portal.kernel.security.auth.PrincipalException$MustHavePermission: User 119561002 must have UPDATE permission for com.liferay.expando.kernel.model.ExpandoColumn 61115272
      

      Issue 2:

      The user cannot update his answer. This permissioning error (above) also appears when a user tries to update his answer.

      Reproduced on:
      dev.liferay.dev
      Tomcat 9.0.33 + MySQL 5.7.
      Portal master 8fb1396b753a2583a0506423a65ea015e5c11afe

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              austin.chiang Austin Chiang
              Reporter:
              austin.chiang Austin Chiang
              Participants of an Issue:
              Recent user:
              Jason Pince
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 18 weeks, 1 day ago

                  Packages

                  Version Package
                  7.3.4 CE GA5
                  7.3.10 DXP GA1
                  Master