Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-128334

Liferay responds with internal error when user does not have permissions for retrieving experiences in APIs

    Details

      Description

      When a user tries to retrieve the experiences endpoint for a page and does not have permissions, the user gets a 500 internal error. It should get a 403

       

      Steps to reproduce

      1.- Create a content page ("page1") and add at least one experience

      2.- Create a user ("user1") with no roles 

      3.- Request with user1, the page1 experiences in "http://localhost:8080/o/headless-delivery/v1.0/sites/20124/site-pages/page1/experiences"

       

      Current behavior

      **the server answers with an exception with 500 error

       

      Expected behavior

      the server answers with an exception with 403 error

       

        Attachments

          Activity

            People

            Assignee:
            javier.gamarra Javier Gamarra
            Reporter:
            pablo.agulla Pablo Agulla
            Participants of an Issue:
            Recent user:
            Clarissa Velazquez
            Engineering Assignee:
            Javier de Arcos Velilla
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              30 weeks, 2 days ago

                Packages

                Version Package
                7.1.10 DXP FP23
                7.1.10.6 SP6
                7.1.X
                7.2.10 DXP FP12
                7.2.X
                7.3.7 CE GA8
                7.3.10 DXP FP2
                7.3.X
                7.4.0 CE GA1 DXP 7,4
                Master