Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-144072

User with only Access in Control Panel permission can view all Account Groups

    Details

      Description

      Steps to Reproduce:

      1. Add a few Account Groups
      2. Add a regular role with the following permissions:
      • Account Group > Access in Control Panel
      1. Add a user and assign it to the regular role
      2. Log in as new user
      3. Go to Account Groups

      Expected results: User has access to Account Groups in Control Panel but cannot view Account Groups since he doesn't have the "Account Groups > View" permission
      Actual results: All Account Groups display for the user with no View permissions

      Reproduced on:
      Tomcat 9.0.43 + MySQL 5.7
      Portal master GIT ID: b9c556921d024b2841d578dd6290302c88966888

        Attachments

          Activity

            People

            Assignee:
            melody.wu Melody Wu
            Reporter:
            patricia.perez Patricia Perez
            Participants of an Issue:
            Recent user:
            Patricia Perez
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              18 weeks, 2 days ago

                Packages

                Version Package
                7.4.3.8 CE GA8
                7.4.13 DXP U4
                Master