Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-21408

Members' Activities lists unviewable content


    • Fix Priority:


      This problem occurs when the user has permission to view the content related to the activity but he does not have permission to access the "container" of that content. For example if the user has permission to view a wiki page, he will see activities related to it even if he doesn't have permission to view the node. The solution is for the permission system to check the view permission of the "container" dinamically.

      How to reproduce :
      1. Create 2 (regular) roles : "Big" and "Little"
      2. Create one user ("BigUser") with "Big" role and another ("LittleUser") with "Little" role
      3. Create a regular Organization named "Org" and add "BigUser" and "LittleUser" as members
      4. Create a "Wiki" page in "Org" with "view" permission only for "Big" role
      5. Create an "Activities" page in "Org" with "view" permission for "Organization Members" role
      6. Add a "wiki" portlet to "Wiki" page and an "Members' Activities" portlet on "Activities"
      7. Add a wiki page with default permissions ("Viewable by Organization Members")
      ===> A new line appears on "Activities"
      8. Connect with "LittleUser" and go to "Activities"
      ===> In the activity page you could see the activity(It's because the permissions checked are the node and page permissions - and LittleUser has permission to view them.)
      9. Click on the link to the new wiki page
      ===> An error appears : you can't access the wiki page (this is because little doesn't have permission to enter in activities page)

      10. Connect back with your admin user
      11. Change permissions to "Wiki" page so that "Little" role can view it
      12. Change Organization's Wiki "Main" node permissions so that only "Big" role can view it
      13. Connect with "LittleUser" and go to "Activities"
      14. Click on the link to the new wiki page
      ===> An error appears : you can't access the wiki node

      Note that I made this example for a wiki but it's also reproducible with other contents too (Calendar events, for example). I tried on an organization, but a Community can have the problem too.
      The problem is here with users' private pages, too.



          Issue Links



              roberto.diaz Roberto Díaz
              pierremorin Pierre Morin (Inactive)
              Participants of an Issue:
              Recent user:
              Brian Wulbern
              2 Vote for this issue
              5 Start watching this issue


                Days since last comment:
                7 years, 9 weeks, 6 days ago


                  Version Package