Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-28108

User has permissions on File through folder even when explicitly there is no permission on the File

    Details

    • Fix Priority:
      4

      Description

      1) Create a folder with DELETE permission for site-members
      2) Within that folder upload a file without DELETE permission for site members
      3) Sign in with another user account (site member)
      4) Delete the folder and the documents within will be gone as well (although you didn't have permissions to do that)

      Steps for the Error in 6.2.0 CE M4
      1) Create a user ([email protected]) who is a member of the Liferay site
      2) Login with [email protected]
      3) Add the document library portlet to the page
      4) Add a folder "F01" give "Delete" permission for Site member
      5) Add 3 documents to this folder "F01", File01, File02 and File03
      6) Remove all the permissions for the three files for Site members except the "View" permission
      7) Now login as [email protected]
      8) Try to delete the folder, and it shows "ERROR: You do not have required permissions"
      9) Navigate inside the folder and the [email protected] has permission to delete all the files
      10) Delete all the 3 files of the folder. It allows to delete.
      11) Now go and try to delete the folder "F01" and it again shows the ERROR.

      This happens for "Update" permission as well. Also this happens for not-only "Site-member" but for any Role like "Power User".

        Attachments

          Activity

            People

            Assignee:
            john.co John Co
            Reporter:
            dake84 Daniel Kempf (Inactive)
            Participants of an Issue:
            Recent user:
            Esther Sanz
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              8 years, 21 weeks ago

                Packages

                Version Package
                6.1.1 CE GA2
                6.2.0 CE M4