Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-29721

Users can still view portlet in private pages even through view permission is unchecked

    Details

    • Fix Priority:
      4

      Description

      Reproduced in 6.1.x rev. 121842 and Trunk rev. 121842

      Steps to reproduce:
      1. Add layout.show.portlet.access.denied=false to portal-ext.properties to disable portlets from view when "view" permissions are removed for users.
      2. Create a new site "Test."
      3. Add a public page and a private page.
      4. On the public and private page add web content display and content. Leave all permissions as is.
      5. Create a new user "User" and make him a member of "Test."
      6. Sign in as new user and view both the public and private pages for "Test." This user is able to view the web content.
      7. As admin, remove view permissions for "guest" and "site member" from the web content display portlets on both public and private pages.
      8. As "User" log back in to site "Test." On the public page, the web content display portlet is no longer viewable.
      On the private page, "User" is still able to see the portlet and the content.

      It is expected that the portlet on both public and private pages should not be viewable since view permissions were removed.

        Attachments

          Activity

            People

            • Assignee:
              kenneth.chang Kenneth Chang (Inactive)
              Reporter:
              jeffrey.tuason Jeffrey Tuason (Inactive)
              Participants of an Issue:
              Recent user:
              Esther Sanz
            • Votes:
              0 Vote for this issue
              Watchers:
              1