-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.3.X, Master
-
Fix Version/s: 7.3.X, 7.4.3.9 CE GA9, Master
-
Component/s: User Management
-
Branch Version/s:7.3.x
-
Backported to Branch:Committed
-
Fix Priority:3
-
Git Pull Request:
If you revoke the User's View permission on Administrator role, you cannot assign new roles.
Steps to reproduce:
- Start up Liferay
- Log in as your administrator
- Create a role, call it testRole for example and give it the following permissions:
Portal: View Control Panel Menu
Users and Organizations: Access in Control Panel
Users and Organizations: View
Users and Organizations > Organization: View
Users and Organizations > Organization: View Members
Users and Organizations > User: Update
Users and Organizations > User: View - Under the Roles section click on the three dots next to any role (Portal content reviewer for example) -> Permissions
- Grant the testRole the permissions to View and Assign members
- Go to Control panel -> Users & Organizations -> Users
- Create a user (testuser1) and grant them the testRole and give it a password
- Create another user (doesn't require password or anything else)
- Log in as testuser1 (Preferably in an incognito window as we will need the administrator again)
- Go to Control panel ->Users and Organizations -> Users
Checkpoint: Notice that you can grant the role to the user. Remove it and go back to the Administrator user - As the administrator go to Control panel -> Roles
- Click on the 3 dots next to Administrator roles -> Permissions
- Revoke the View role from the default User role
- Now go back to the testuser1 account and try to give the Portal content reviewer to the other user
Expected result: The testuser1 is still able to grant the role
Actual result: You get the error: You do not have the required permissions
