[LPS-123929] User can check Forms to be deleted without permission - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 7.1.X, Master
Fix Version/s: 7.1.10 DXP FP21, 7.1.X, 7.2.10 DXP FP10, 7.2.10.4 DXP SP4, 7.2.X, 7.3.10 DXP FP1, 7.3.10.1 DXP SP1, 7.3.6 CE GA7, 7.3.X, Master
Component/s: Forms
Labels:

Branch Version/s:

7.3.x, 7.2.x, 7.1.x
Backported to Branch:

Committed
Fix Priority:
4
Git Pull Request:
https://github.com/liferay-forms/liferay-portal/pull/54

Description

Steps to reproduce:

Create a new role defining just the next permission: Site Administration -> Content & Data -> Forms -> General Permissions ->Access in Site Administration. See attached the resulting permissions summary.
Create a new user and assign it the previous role.
Set the user as member of Liferay DXP site.
Add a new form 'test'.
Log in with the new user.
Access to Site Admin -> Content & Data -> Forms.

Expected result: user should not be able to select a form to be deleted.

Actual result: user can select a form from the list and try to delete it.
The delete operation will not complete, but the user should not have this option since it has no permission.

This is the same for Element Sets and Data Providers.

Attachments

Activity

People

Assignee:: Chao Wang

Reporter:: Lino Alves

Participants of an Issue:: Chao Wang, Lino Alves, Samuel Kong

Recent user:: Yunlin "Steven" Sun

Engineering Assignee:: Lino Alves

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 24/Nov/20 11:09 AM

Updated:: 16/Mar/21 7:48 PM

Resolved:: 29/Nov/20 6:36 PM

Days since last comment:: 41 weeks, 2 days ago

Packages

Version	Package
7.1.10 DXP FP21
7.1.X
7.2.10 DXP FP10
7.2.10.4 DXP SP4
7.2.X
7.3.10 DXP FP1
7.3.10.1 DXP SP1
7.3.6 CE GA7
7.3.X
Master