Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-123929

User can check Forms to be deleted without permission

    Details

      Description

      Steps to reproduce:

      1. Create a new role defining just the next permission: Site Administration -> Content & Data -> Forms -> General Permissions ->Access in Site Administration. See attached the resulting permissions summary.
      2. Create a new user and assign it the previous role.
      3. Set the user as member of Liferay DXP site.
      4. Add a new form 'test'.
      5. Log in with the new user.
      6. Access to Site Admin -> Content & Data -> Forms.

      Expected result: user should not be able to select a form to be deleted.

      Actual result: user can select a form from the list and try to delete it.
      The delete operation will not complete, but the user should not have this option since it has no permission.

      This is the same for Element Sets and Data Providers.

        Attachments

          Activity

            People

            Assignee:
            chao.wang Chao Wang
            Reporter:
            lino.alves Lino Alves
            Participants of an Issue:
            Recent user:
            Yunlin "Steven" Sun
            Engineering Assignee:
            Lino Alves
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              41 weeks, 2 days ago

                Packages

                Version Package
                7.1.10 DXP FP21
                7.1.X
                7.2.10 DXP FP10
                7.2.10.4 DXP SP4
                7.2.X
                7.3.10 DXP FP1
                7.3.10.1 DXP SP1
                7.3.6 CE GA7
                7.3.X
                Master