Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-31699

Permissions on certain portlets are not being enforced for Site Members under Customizable pages

    Details

      Description

      ISSUE
      Certain permissions on certain portlets are not being enforced for Site Members when customizable pages are enabled. If a user is given membership to a private site, and they are given a section in which one part of the layout is customizable, the user is allowed to change the Look & Feel and Configuration even when the permissions for access to these are blocked.

      STEPS TO REPRODUCE
      1. Add new Community Site: Membership Type=Restricted, Pages Copy As Private Pages.
      2. Control Panel > site pages > private pages > create a new page (MyPage)
      3. Click on MyPage (just created) > Customization Settings > make one column customizable
      4. On the same page, click on "Permission", add Customize to Site Member
      5. Site Membership > Users > Add a user to this community (this user has no user group, only Power User role)
      6. Control Panel > Plugins Configuration > XSL Content : Only administrators can use this portlet. (06_xslConfig.png)
      7. Go to > select the community (Test Community 001 in my case) > at the default page, add xsl content to customizable area
      8. Open up another browser, log in as site member (user assigned to this site at step #5), have access to the wrench icon (example in attached image)
      9. And in Web Content Display, except seeing the wrench icon, site member (with no config permission) can also select content

      TESTING IN TRUNK REV 131761
      Issue reproduced.

      TESTING IN 6.1.X REV 130726
      Issue reproduced.

        Attachments

          Activity

            People

            Assignee:
            jang.kim Jang Kim (Inactive)
            Reporter:
            brian.suh Brian Suh
            Participants of an Issue:
            Recent user:
            Esther Sanz
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              7 years, 46 weeks ago

                Packages

                Version Package
                6.1.20 EE GA2
                6.1.30 EE GA3
                6.2.0 CE M3