Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-124982

Define and Model Permissions Requirements for "current" Portal Accounts

    Details

      Description

      Scenario:
      User is a member of both AccountA and AccountB

      AccountA does have permission to view Layout
      AccountB does NOT have permission to view Layout

      Assert:
      When AccountA is the current account, User can view Layout
      When AccountB is the current account, User can NOT view Layout

      -------------

      Conclusion:
      We will accomplish this in the following steps:
      1. The “currentAccountEntryId” will be stored on and retrieved from the session, more or less like it currently is in Commerce.
      2. For permission checking purposes, a custom ServletFilter will retrieve the currentAccountEntryId from the session and inject it into a private AccountEntryThreadLocal, only to be used by the AccountRoleContributor. It will never be exposed as API.

        Attachments

          Activity

            People

            Assignee:
            dennis.ju Dennis Ju (Inactive)
            Reporter:
            drew.brokke Drew Brokke
            Engineering Assignee:
            SE Support
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package