Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-18689

Serious permissions problems with Asset Publisher portlet

    Details

    • Branch Version/s:
      6.0.x

      Description

      I encounter a problem defining the permissions on a role to allow users to publish web content through the asset publisher. This is my current setup.

      • default site, I just renamed it to "technolink.lu"
      • 1 vocabulary "News", 2 categories for this vocabulary, "Beggen" and "Cents"
      • 2 site roles, "News_Beggen" and "News_Cents"
      • 2 (additional users), "Beggen" and "Cents"
      • user "Beggen" is member of site role "News_Beggen"
      • user "Cents" is member of site role "News_Cents"
      • role "News_Beggen" has view permission on category "News->Beggen"
      • role "News Cents" has view permission on category "News->Cents"
      • 2 pages, Beggen and Cents
      • on each page, there is an Asset Publisher portlet which is configured as follows:
        display on "web content" from "technolink.lu" which has the category "News->Beggen" for the page "Beggen" and "News->Cents" for the page "Cents"
      • I granted *ALL* permissions from "Site Content -> Web content" to both roles "News_Beggen" and "News_Cents"

      Here the problems I encounter:
      1) when I login as user "Beggen" and navigate to the page "Beggen", I don't see the asset publisher at all, unless somebody else has already published a web content. I would expect that a user who has the rights to publish web content in that asset publisher should see the portlet in order to be able to publish the first web content (in our case some news)

      2) when I publish some content as administrator, the user "Beggen" finally see the asset publisher and does also see the "Add New" button, but when user "Beggen" clicks on the button we get an error message in the popup window:

      You do not have permission to access the requested resource.
      http://demo.technolink.lu:8080/group/control_panel/manage?p_p_id=15&p_p_lifecycle=0&p_p_state=pop_up&p_p_mode=view&p_p_col_id=column-3&p_p_col

      in the console I see the following message

      08:10:00,777 INFO [PortalImpl:4553] User 10824 is not allowed to access the private pages of group 10167
      08:12:34,308 INFO [PortalImpl:4536] Current URL /group/control_panel/manage?p_p_id=15&p_p_lifecycle=0&p_p_state=pop_up&p_p_mode=view&p_p_col_id=column-3&p_p_col_count=1&_15_struts_action=/journal/edit_article&_15_redirect=http%3A%2F%2Fdemo.technolink.lu%3A8080%2Fbeggen%3Fp_p_id%3D101_INSTANCE_7uKz%26p_p_lifecycle%3D0%26p_p_state%3Dpop_up%26p_p_mode%3Dview%26p_p_col_id%3Dcolumn-3%26p_p_col_count%3D1%26_101_INSTANCE_7uKz_struts_action%3D%252Fasset_publisher%252Fadd_asset_redirect&_15_referringPortletResource=101_INSTANCE_7uKz&_15_assetCategoryIds=10814&_15_assetTagNames=&_15_groupId=10175&doAsGroupId=10175&refererPlid=10416 generates exception: User 10824 is not allowed to access the private pages of group 10167

      3) I did also define some structures and templates. The structures I defined show up in the "Add New" button menu in the asset publisher portlet although I didn't grant the role "News_Beggen" a "View" permission on the structure. Currently only the "owner" should see the structure.

      4) When the user "Beggen" navigates the page "Cents", he doesn't see the asset publisher portlet at all (and vice versa). The idea was that the user "Beggen" can't publish ("Add New") any contents on the page "Cents" but should be able to see the news on that page and vice-versa, user "Cents" should be allowed to publish any web content in the asset publisher on page "Beggen" but should at least see the porlet.

      Did I miss something? What permissions do I need to grant to my role "News_Beggen" to make the users:
      1) see the asset publisher portlet even if no content has been published
      2) see only the "Web Content" entry in the "Add New" button menu and not the other structures
      3) allow the user to publish any web content through the asset publisher "Add New" button
      4) allow the user "Beggen" to see the asset publisher on page "Cents" but don't allow him to publish any content and vice-versa, allow user "Cents" to see the news on page "Beggen" but don't allow to publish anything

      Thanks for your help.

      Alex

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              kristoffer.onias Kristoffer Onias
              Reporter:
              alex.weirig@technolink.lu Alex Weirig
              Participants of an Issue:
              Recent user:
              Marta Elicegui
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                8 years, 18 weeks, 4 days ago

                  Packages

                  Version Package
                  6.0.X EE
                  6.2.0 CE M3