Details

    • Branch Version/s:
      6.0.x, 5.2.x, 5.1.x
    • Backported to Branch:
      Committed

      Description

      In short - Individual ResourcePermission records are never removed.

      Algorithm 6 introduced ResourcePermissions and deprecated Resource, ResourceCode and Permission.

      Whole portal use ResourceLocalService* for adding and removing resources when creating/removing model and portlet resources.

      Adding seems OK, but removing is not working - ResourceLocalServiceImpl doesn't call ResourcePermissionsLocalService for removing database record for individual scope when deleting entity from database (for example removing layout, blog entry, portlet on a page, etc.).

      ResourceLocalServiceImpl:
      ======================
      public void deleteResource(
      long companyId, String name, int scope, String primKey)
      throws PortalException, SystemException {

      if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6)

      { return; }

      This can lead to database space leak.
      --------------------
      Possible solution is to
      1, use ResourcePermissionLocalServiceUtil.removeResourcePermission - but for all actions defined on the resource
      2, or add new method for removing the record in ResourcePermissionLocalService

        Issue Links

          Activity

          Hide
          james.falkner James Falkner added a comment -

          add to 6.0.6 queue

          Show
          james.falkner James Falkner added a comment - add to 6.0.6 queue

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                6 years, 4 weeks, 2 days ago

                Development

                  Subcomponents