Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-23301

Non-admin user can't see other users personal information if he belongs to an organization


    • Branch Version/s:
    • Backported to Branch:


      1. Create 2 regular users: test1 and test2
      2. Add phone numbers to test2
      3. Add 'View' permissions for Users for test2
      (click action next to name -> permissions -> check 'View' for Users.)
      4. Add the Directory portlet to a page and make it viewable to Users
      5. Log on as test1 and verify that you can see the phone number for test2 if you click on the name
      6. Log on as Admin again
      7. Create an Organization: Org1 and add a phone number for the organization
      8. Assign the user test2 to the organization
      9. Click on user in the Directory portlet and you should be able to see both phone numbers
      10. Log on as test1
      11. Try clicking on test2 user and you'll get a PrincipalException and you can not see either phone numbers

      Basically, permission to view both user and organization phone numbers is required to view either phone numbers. If user has permission to view personal phone number and not org phone number, the personal phone number should still be displayed.




            • Assignee:
              ginson.ren Ginson Ren
              matthew.kong Matthew Kong
              Participants of an Issue:
              Recent user:
              Esther Sanz
            • Votes:
              0 Vote for this issue
              0 Start watching this issue


              • Created:
                Days since last comment:
                8 years, 34 weeks, 2 days ago


                Version Package
                6.0.X EE
                --Sprint 12/11
                6.1.0 CE RC1