[LPS-128334] Liferay responds with internal error when user does not have permissions for retrieving experiences in APIs - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: Master
Fix Version/s: 7.1.10 DXP FP23, 7.1.10.6 SP6, 7.1.X, 7.2.10 DXP FP12, 7.2.X, 7.3.7 CE GA8, 7.3.10 DXP FP2, 7.3.X, 7.4.0 CE GA1, Master
Component/s: Headless Delivery API
Labels:

Branch Version/s:

7.3.x, 7.2.x, 7.1.x
Backported to Branch:

Committed
Fix Priority:
3
Git Pull Request:
https://github.com/liferay-headless/liferay-portal/pull/616

Description

When a user tries to retrieve the experiences endpoint for a page and does not have permissions, the user gets a 500 internal error. It should get a 403

Steps to reproduce

1.- Create a content page ("page1") and add at least one experience

2.- Create a user ("user1") with no roles

3.- Request with user1, the page1 experiences in "http://localhost:8080/o/headless-delivery/v1.0/sites/20124/site-pages/page1/experiences"

Current behavior

**the server answers with an exception with 500 error

Expected behavior

the server answers with an exception with 403 error

Attachments

Activity

People

Assignee:: Javier Gamarra

Reporter:: Pablo Agulla

Participants of an Issue:: Javier Gamarra, Pablo Agulla

Recent user:: Clarissa Velazquez

Engineering Assignee:: Javier de Arcos Velilla

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 24/Feb/21 2:06 AM

Updated:: 24/Jun/21 3:44 PM

Resolved:: 08/Mar/21 12:42 AM

Days since last comment:: 30 weeks, 2 days ago

Packages

Version	Package
7.1.10 DXP FP23
7.1.10.6 SP6
7.1.X
7.2.10 DXP FP12
7.2.X
7.3.7 CE GA8
7.3.10 DXP FP2
7.3.X
7.4.0 CE GA1	DXP 7,4
Master