Details

    • Branch Version/s:
      6.0.x, 5.2.x, 5.1.x
    • Backported to Branch:
      Committed

      Description

      In short - Individual ResourcePermission records are never removed.

      Algorithm 6 introduced ResourcePermissions and deprecated Resource, ResourceCode and Permission.

      Whole portal use ResourceLocalService* for adding and removing resources when creating/removing model and portlet resources.

      Adding seems OK, but removing is not working - ResourceLocalServiceImpl doesn't call ResourcePermissionsLocalService for removing database record for individual scope when deleting entity from database (for example removing layout, blog entry, portlet on a page, etc.).

      ResourceLocalServiceImpl:
      ======================
      public void deleteResource(
      long companyId, String name, int scope, String primKey)
      throws PortalException, SystemException {

      if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6)

      { return; }

      This can lead to database space leak.
      --------------------
      Possible solution is to
      1, use ResourcePermissionLocalServiceUtil.removeResourcePermission - but for all actions defined on the resource
      2, or add new method for removing the record in ResourcePermissionLocalService

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  6 years, 39 weeks, 1 day ago