Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-29017

A user can always see user group layouts despite explicitely removing permissions

    Details

      Description

      reproduce steps:

      1.set following property in portal-ext.properties
      user.groups.copy.layouts.to.user.personal.site=false

      layout.user.private.layouts.enabled=true
      layout.user.private.layouts.auto.create=false
      layout.user.private.layouts.power.user.required=false
      admin.default.role.names=User

      2. create a user group aaa

      3. create a private page bbb for user group aaa

      4. uncheck user role view permission for page bbb

      5. create a user ccc and assign user ccc to user group aaa

      6. login portal with user ccc and then click "My private pages" you will see the page bbb.

      Because the user role has no view permission for page bbb, so the user ccc should not see the page bbb


      CVSS Base Score: 3.5
      CVSS Temporal Score: 3.2
      CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N/E:P/RL:U/RC:C)
      

        Attachments

          Activity

            People

            Assignee:
            support-lep@liferay.com SE Support
            Reporter:
            dale.shan Dale Shan (Inactive)
            Participants of an Issue:
            Recent user:
            Jason Pince
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              2 years, 43 weeks, 1 day ago

                Packages

                Version Package
                7.0.0 CE GA1
                7.3.10 DXP GA1
                Master