LIMA | QA Sprint 16
If a user is a member of an Organization or User Group, it prevents Liferay's permission-checking algorithm from detecting that the user is a member of any Asset Libraries.
The reason for this is due to some logic that was added in
LPS-71922 for performance reasons. If the user does not belong to any Organizations or User Groups, then we call a method that returns all the Groups to which the User belongs according to the Users_Groups table. On the other hand, if the user belongs to at least one Organization or User Group, then we call a method that only returns the Group-classed and Organization-classed Groups to which the User belongs. This was fine back when it was first committed; however, now that we have a new class of Groups in the form of Depot Entry (i.e. Asset Library), it causes problems with Depot Entries.
In an ideal world, we would fix this by adding additional logic to check if the user belongs to any Depot Entries before we decide which method to call to get the user's Groups. However, I was unable to find any way to get the list of Depot Entries to which the user belongs from portal-impl. The DepotEntry class and associated code exists in a module, so it cannot be referenced from portal-impl.
Therefore, I will be reverting the logic added by
LPS-71922. I do not believe that the performance improvement is very significant, especially since we cache the UserBag anyway.
Steps to Reproduce
1. Start up Liferay and sign in as the administrator user.
2. Create Asset Library (Global Menu > Content > Asset Libraries > Add new Asset Library named AL1)
3. Create a new user and provide the membership of the AL1 Asset Library (Control Panel > Users and Organizations > Create new user > Add membership of AL1)
4. Create a custom Role for this new user
-Control Panel > Users > Roles > Regular Roles Tab > Add new Regular Role (named Asset Library Viewer) > Save
-Define Permissions Tab > type "Asset Libraries" in search bar on left side > click Asset Libraries > Check the following two boxes: "Access in Control Panel" and "View".
-Click Save, and observe that there are now 3 permissions:
Asset Libraries: Access in Control Panel
Asset Libraries: View
Portal: View Control Panel Menu
-Assign this Role to the user created in Step 2. (Assignees Tab > Users > New > Add user as an Assignee)
5. Sign in with the new user and navigate to the Asset Library section (Control Panel > Asset Libraries), and observe that AL1 is present/visible.
6. Sign back in as the administrator user.
7. Create an organization and assign it to the user (Control Panel > Users and Organizations > Organizations >
8. Create new Organization named O1 > 3-dot menu > Assign Users > assign the user created in Step 2).
9. Sign in with the user again and navigate to the Asset Library section.
Expected Result: Asset Library (AL1) would be displayed.
Actual Result: Asset Library (AL1) is not displayed.
LPS-143834 Site member can't view the private page