Details

    • Branch Version/s:
      6.1.x
    • Backported to Branch:
      Committed

      Description

      Users with no permissions to edit templates or structures have access to edit GUI

      1. Create a web content associated to a structure and template.
      2. Login as user1 with update permission on web content but no update or delete permission on templates and structure
      3. Click on edit button on web-content
      4. ISSUE: Icons to edit structure and template are visible in the web content edit portlet
      5. click on icon to edit template
      6. change template (e.g. description)
      7. Save -> error message "You do not have the required permissions"

        Issue Links

          Activity

          Show
          alaindresse Alain Dresse added a comment - See the related messages http://www.liferay.com/community/forums/-/message_boards/view_message/12703545 and http://www.liferay.com/community/forums/-/message_boards/view_message/12691772
          Hide
          michael.saechang Michael Saechang added a comment -

          Committed on:
          6.1.x GIT ID: ae93743bc394b5449723c00f7b361c48be5e68e7.
          6.2.x GIT ID: 4541a32719432c7ce01ec064f7c3d6cd6d4338a5.

          Show
          michael.saechang Michael Saechang added a comment - Committed on: 6.1.x GIT ID: ae93743bc394b5449723c00f7b361c48be5e68e7. 6.2.x GIT ID: 4541a32719432c7ce01ec064f7c3d6cd6d4338a5.
          Hide
          sharry.shi Sharry Shi added a comment -

          PASSED Manual Testing following the steps in the description.

          Reproduced on:
          Tomcat 7.0 + MySQL 5. 6.1.x.EE GIT ID: d200a08140d49e3ef50ca29d4bc4fc10fcc8c573.

          The edit icon near template and structure show up.

          Fixed on:
          Tomcat 7.0 + MySQL 5. 6.1.x.EE GIT ID: b5b5b129e7500da96c9f1ca9ee77c0405b22377a.
          Tomcat 7.0 + MySQL 5. 6.2.x GIT ID: 7811ad25e2b98f9f62a7b5403c4a5c0308fd8d60.

          The edit icon near template and structure disappeared.

          Show
          sharry.shi Sharry Shi added a comment - PASSED Manual Testing following the steps in the description. Reproduced on: Tomcat 7.0 + MySQL 5. 6.1.x.EE GIT ID: d200a08140d49e3ef50ca29d4bc4fc10fcc8c573. The edit icon near template and structure show up. Fixed on: Tomcat 7.0 + MySQL 5. 6.1.x.EE GIT ID: b5b5b129e7500da96c9f1ca9ee77c0405b22377a. Tomcat 7.0 + MySQL 5. 6.2.x GIT ID: 7811ad25e2b98f9f62a7b5403c4a5c0308fd8d60. The edit icon near template and structure disappeared.
          Hide
          prasannaraj Prasanna Raj (Inactive) added a comment -

          The edit icon has been removed for condition:
          <c:when test="<%= templates.size() == 1 %>">

          but persists for the otherwise loop below it.

          After line 335
          "<img border="0" class="aui-helper-hidden article-template-image" hspace="0" id="<portlet:namespace />templateImage" src="" vspace="0" />"

          I added the following piece of code

          <%
          for (JournalTemplate template : templates)

          { %> <c:if test="<%= (template != null) && JournalTemplatePermission.contains(permissionChecker, template.getGroupId(), template.getTemplateId(), ActionKeys.UPDATE) %>"> <liferay-ui:icon id="editTemplateLink" url="javascript:;" image="edit" /> </c:if> <% }

          %>
          this removed the edit icon for the <c:otherwise> condition too but caused another defect: the popup window for change-structure didnot appear. instead the change-structure html opened on the same page and also got the error "b is null" or "f is null"

          Show
          prasannaraj Prasanna Raj (Inactive) added a comment - The edit icon has been removed for condition: <c:when test="<%= templates.size() == 1 %>"> but persists for the otherwise loop below it. After line 335 "<img border="0" class="aui-helper-hidden article-template-image" hspace="0" id="<portlet:namespace />templateImage" src="" vspace="0" />" I added the following piece of code <% for (JournalTemplate template : templates) { %> <c:if test="<%= (template != null) && JournalTemplatePermission.contains(permissionChecker, template.getGroupId(), template.getTemplateId(), ActionKeys.UPDATE) %>"> <liferay-ui:icon id="editTemplateLink" url="javascript:;" image="edit" /> </c:if> <% } %> this removed the edit icon for the <c:otherwise> condition too but caused another defect: the popup window for change-structure didnot appear. instead the change-structure html opened on the same page and also got the error "b is null" or "f is null"
          Hide
          edward.gonzales Edward Gonzales (Inactive) added a comment -

          Slated for inclusion in 6.1.1 CE GA2

          Show
          edward.gonzales Edward Gonzales (Inactive) added a comment - Slated for inclusion in 6.1.1 CE GA2

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                4 years, 35 weeks, 5 days ago

                Development

                  Subcomponents