-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 6.1.1 CE GA2, 6.1.20 EE GA2
-
Fix Version/s: 6.1.30 EE GA3, 6.2.0 CE M3
-
Component/s: Web Search, Web Search > Search Widgets, ~[Archived] WCM
-
Branch Version/s:6.1.x
-
Backported to Branch:Committed
-
Fix Priority:3
-
Git Pull Request:
Make sure LPS-31332 is included in branch before testing.
Steps to reproduce
Set permissions.view.dynamic.inheritance=true (it is true by default)
1. Fresh bundle of GA2
2. Create 2 community sites(Site1 and Site2) with Member type:Private - Pages: copy as private
3. Create 1 user: test1 - set password, assign to Site1
4. Navigate to the Site 1 wiki page, edit wiki to display "Site 1 Wiki Front Page"
5. Verify that guest "view" permissions of the wiki page are not selected. (Details -> Permissions)
6. Navigate to the Site 2 wiki page, edit wiki to display "Site 2 Wiki Front Page"
7. Verify that guest "view" permissions of the wiki page are selected. (Details -> Permissions)
8. Make sure Wiki Node guest "view" permission is unchecked for Site 2 (control panel -> site2 -> wiki, default node is called "Main")
9. Login as test1
10. Verify that site 1 is available and navigate to site. (use link if it fails to show up in 'Go to': /user/site1/home)
11. Use search portlet and search for "wiki" under "everything"
12. Results will show site 1 content and guest content from site 2.
13. Clicking on site 2 result will throw a PrincipalException.
(If you didn't test with LPS-31332 then clicking site 2 will return "resource not found")
Actual Results
The content from site 2 shows up in the search results.
Expected results
The user should not be able to see the wiki from site 2 in the search result because it should consider the guest "view" permission from the Wiki node.
