PUBLIC - Liferay Portal Community Edition
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-11992

Users should not be able to modify comments for the resources they own

    Details

    • Type: Bug Bug
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: 6.0.4 GA
    • Fix Version/s: 6.0.5 GA
    • Component/s: Security
    • Labels:
      None
    • Branch Version/s:
      6.0.x, 5.2.x, 5.1.x
    • Similar Issues:
      Show 5 results 

      Description

      Users who created the resource (wiki page, document, blog, etc) are given all permission rights for comments causing an awkward permission situation.

      Example: Regular user, Bob, posts a wiki article. Boss user, John, suggests changes via comments. Because Bob created the wiki, he has all permissions for the comments on his wiki page. Bob can then change John's comment to say "Excellent work Bob! We're giving you a 100% raise and my Boss position."

        Issue Links

          Activity

            People

            • Assignee:
              Ryan Park
              Reporter:
              Ryan Park
              Recent user:
              Jorge Diaz
              Participants of an Issue:
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                4 years, 51 weeks ago

                Development

                  Structure Helper Panel