Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-28108

User has permissions on File through folder even when explicitly there is no permission on the File


    • 4


      1) Create a folder with DELETE permission for site-members
      2) Within that folder upload a file without DELETE permission for site members
      3) Sign in with another user account (site member)
      4) Delete the folder and the documents within will be gone as well (although you didn't have permissions to do that)

      Steps for the Error in 6.2.0 CE M4
      1) Create a user ([email protected]) who is a member of the Liferay site
      2) Login with [email protected]
      3) Add the document library portlet to the page
      4) Add a folder "F01" give "Delete" permission for Site member
      5) Add 3 documents to this folder "F01", File01, File02 and File03
      6) Remove all the permissions for the three files for Site members except the "View" permission
      7) Now login as [email protected]
      8) Try to delete the folder, and it shows "ERROR: You do not have required permissions"
      9) Navigate inside the folder and the [email protected] has permission to delete all the files
      10) Delete all the 3 files of the folder. It allows to delete.
      11) Now go and try to delete the folder "F01" and it again shows the ERROR.

      This happens for "Update" permission as well. Also this happens for not-only "Site-member" but for any Role like "Power User".




            john.co John Co
            dake84 Daniel Kempf (Inactive)
            Kiyoshi Lee Kiyoshi Lee
            0 Vote for this issue
            3 Start watching this issue


              9 years, 31 weeks, 4 days ago


                Version Package
                6.1.1 CE GA2
                6.2.0 CE M4