Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-118310

Guest users should be redirected to the login if they are not allowed to view an asset via its friendly URL

    Details

      Description

      Users expect the same behavior visiting contents via its friendlyURL than visiting pages without the view permission. Mainly because the users could don't know if they are visiting a content or other type of page when they are navigating.

      So, content having a friendlyURL and an associated display page, if the user is not signed into the portal and does not have view permissions, the login option should be available, just like the portal behaves with type portlet pages.

      The current behavior is very confuse and inconsistent, also, you are getting and 200 ok, and a message saying that you are not allowed to view the content, when you asked for a page in the navigator.

      Steps to reproduce:

      1. Create a Display page template for web content, basic web content, publish it and set as the default display page
      2. Add some fragments mapping the title and the content fields of the web content.
      3. Create a basic web content with the following fields:
        title: this is a web content
        content: this is a web content
        friendlyURL: this-is-a-content
      4. Edit the "This is a web content" permissions, and set only viewable by the owner and the site member (remove all permissions for guest)
      5. Sign-out and go to: http://localhost:8080/web/guest/-/this-is-a-content

      Expected: You view the login prompt, and after signed into the portal you are redirected to the display page with the content.

      Observed: 200 ok - but a page with an error message regarding permissions

      Final solution to implement: To maintain the current behavior and do not redirect to the login, this is because currently we are going to considere this kind of pages as public and accessible by guest. However, the error message is going to be more specific: "You do not have the required permissions to view the content of this page" and a Http Status Code 401 or 403 for guest users or
      signed users respectively, if they are not allowed to view the Asset/Content.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              yang.cao Yang Cao
              Reporter:
              jose.jimenez Jose Jimenez
              Participants of an Issue:
              Recent user:
              Jose Jimenez
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 12 weeks, 6 days ago

                  Packages

                  Version Package
                  7.1.10 DXP FP20
                  7.1.10.5 SP5
                  7.1.X
                  7.2.10 DXP FP9
                  7.2.X
                  7.3.5 CE GA6
                  7.3.10 DXP GA1
                  7.3.X
                  Master