Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-128334

Liferay responds with internal error when user does not have permissions for retrieving experiences in APIs

    Details

      Description

      When a user tries to retrieve the experiences endpoint for a page and does not have permissions, the user gets a 500 internal error. It should get a 403

       

      Steps to reproduce

      1.- Create a content page ("page1") and add at least one experience

      2.- Create a user ("user1") with no roles 

      3.- Request with user1, the page1 experiences in "http://localhost:8080/o/headless-delivery/v1.0/sites/20124/site-pages/page1/experiences"

       

      Current behavior

      **the server answers with an exception with 500 error

       

      Expected behavior

      the server answers with an exception with 403 error

       

        Attachments

          Activity

            People

            Assignee:
            javier.gamarra Javier Gamarra (Inactive)
            Reporter:
            pablo.agulla Pablo Agulla
            Participants of an Issue:
            Recent user:
            Sophia Zhang
            Engineering Assignee:
            Javier de Arcos Velilla
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              1 year, 12 weeks, 5 days ago

                Packages

                Version Package
                7.1.10 DXP FP23
                7.1.10.6 SP6
                7.1.X
                7.2.10 DXP FP12
                7.2.X
                7.3.7 CE GA8
                7.3.10 DXP FP2
                7.3.X
                7.4.0 CE GA1 DXP 7,4
                7.4.13 DXP GA1
                Master