Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-28108

User has permissions on File through folder even when explicitly there is no permission on the File

    Details

    • Fix Priority:
      4

      Description

      1) Create a folder with DELETE permission for site-members
      2) Within that folder upload a file without DELETE permission for site members
      3) Sign in with another user account (site member)
      4) Delete the folder and the documents within will be gone as well (although you didn't have permissions to do that)

      Steps for the Error in 6.2.0 CE M4
      1) Create a user (user01@liferay.com) who is a member of the Liferay site
      2) Login with test@liferay.com
      3) Add the document library portlet to the page
      4) Add a folder "F01" give "Delete" permission for Site member
      5) Add 3 documents to this folder "F01", File01, File02 and File03
      6) Remove all the permissions for the three files for Site members except the "View" permission
      7) Now login as user01@liferay.com
      8) Try to delete the folder, and it shows "ERROR: You do not have required permissions"
      9) Navigate inside the folder and the user01@liferay.com has permission to delete all the files
      10) Delete all the 3 files of the folder. It allows to delete.
      11) Now go and try to delete the folder "F01" and it again shows the ERROR.

      This happens for "Update" permission as well. Also this happens for not-only "Site-member" but for any Role like "Power User".

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                6 years, 24 weeks, 5 days ago

                Packages

                Version Package
                6.1.1 CE GA2
                6.2.0 CE M4