Details

    • Branch Version/s:
      6.0.x
    • Backported to Branch:
      Committed

      Description

      The Asset Publisher's configuration mode completely ignores permissions on individual assets in manual selection mode.

      To reproduce:

      1. Download, unzip and start Liferay Portal.
      2. Login as Bruno (Admin) and add Asset Publisher to an empty page. Give Power User "Configure" permissions.
      3. Create two Web Contents, one with visibility "Owner" and another with visibility "Guest".
      4. Configure: Set Asset Selection to "Manual" and add the two newly created items. They show up in the portlet.
      5. Logout and login as John (Regular). The Asset Publisher only displays the item with "Guest" visibility.
      6. Configure the portlet. The content list now displays both content items, despite the fact that John does not have permissions to see the first one (and, as mentioned, it is not displayed in the portlet itself)!
      7. Verify that all available content (i.e., not only that which John has permissions to see) shows up when you click "Select Existing".

      I realize that this may be a contrived "use case", but under certain circumstances (such as mine) the simple fact that content titles are visible to users not authorized to view the actual content is a considerable issue.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              sophia.zhang Sophia Zhang
              Reporter:
              carlson.gustav Gustav Carlson
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                9 years, 4 weeks, 4 days ago

                  Packages

                  Version Package
                  6.0.12 EE
                  6.1.0 CE RC1