Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-24032

A user should only be able to access the pages of a user group when he is part of the user group

    Details

      Description

      Steps to reproduce:
      1. Login as a user who belongs to a user group which has public pages, and access the public pages of his/her personal site
      2. Access one of the pages inherited from the user group and keep the link
      3. Login as an administrator and remove the user from the user group
      4. Login as the user again and paste the URL in the browser

      The user will be able to see the page even if he is no longer a member of the user group.

      Alternative steps to reproduce:
      1. Login as an administrator of a user group with public pages
      2. Go to the public pages of the user group and copy the URL of a page
      3. Log out and paste the URL in the browser

      Even logged out, it is possible to access the public pages of the user group using its direct URL. In this case, only the administrators of the user group should be able to access the pages.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                7 years, 46 weeks, 2 days ago

                Packages

                Version Package
                6.1.0 CE RC1
                --Sprint 11/12
                6.2.0 CE M2