Affects Version/s: 6.1.1 CE GA2, 6.1.20 EE GA2
LPS-31332 is included in branch before testing.
Steps to reproduce
Set permissions.view.dynamic.inheritance=true (it is true by default)
1. Fresh bundle of GA2
2. Create 2 community sites(Site1 and Site2) with Member type:Private - Pages: copy as private
3. Create 1 user: test1 - set password, assign to Site1
4. Navigate to the Site 1 wiki page, edit wiki to display "Site 1 Wiki Front Page"
5. Verify that guest "view" permissions of the wiki page are not selected. (Details -> Permissions)
6. Navigate to the Site 2 wiki page, edit wiki to display "Site 2 Wiki Front Page"
7. Verify that guest "view" permissions of the wiki page are selected. (Details -> Permissions)
8. Make sure Wiki Node guest "view" permission is unchecked for Site 2 (control panel -> site2 -> wiki, default node is called "Main")
9. Login as test1
10. Verify that site 1 is available and navigate to site. (use link if it fails to show up in 'Go to': /user/site1/home)
11. Use search portlet and search for "wiki" under "everything"
12. Results will show site 1 content and guest content from site 2.
13. Clicking on site 2 result will throw a PrincipalException.
(If you didn't test with
LPS-31332 then clicking site 2 will return "resource not found")
The content from site 2 shows up in the search results.
The user should not be able to see the wiki from site 2 in the search result because it should consider the guest "view" permission from the Wiki node.