PUBLIC - Liferay Portal Community Edition
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-31719

InlineSQLHelperUtil does not take ResourcePermission.scope=3 into account when retrieving DLFolders in a community site and, so , does'nt not work when role Member have default VIEW permission on DLFolders.

    Details

    • Similar Issues:
      Show 5 results 

      Description

      Case :
      1-As Portal Admin
      Define default permissions VIEW on "Community member" for DocumentLibray.
      2-As Community Owner
      Create a folder in a community Doc Lib, setting "share with community member" permissions.
      3-As community member
      OK => If you connect as a community member, you'll see the folder
      4-Now, as community Owner, edit permissions for the folder and just save it (even without modifying anything)
      5-As Commununity member
      KO => the folder is no more viewable !

      The reason of this is that the doclib portlet view use DLFolderServiceUtil.getFolders that itself call a persitence method (filterFindByG_P) that inject an INNER JOIN on ResourcePermission via InlineSQLHelperUtil :

      Sample :
      ---------------
      //Role "Member of Comm" is 10144
      SELECT DISTINCT dlFolder.parentFolderId, dlFolder.name
      FROM DLFolder dlFolder
      INNER JOIN ResourcePermission
      ON (
      (dlFolder.userId = 21909)
      OR (ResourcePermission.companyId = 10132)
      AND (ResourcePermission.name = 'com.liferay.portlet.documentlibrary.model.DLFolder')
      AND (ResourcePermission.roleId IN (0,10142,10144)) AND (MOD(ResourcePermission.actionIds, 2) = 1)
      AND (
      (
      (ResourcePermission.scope = 1)
      AND (ResourcePermission.primKey = '10132')
      )
      OR (
      (ResourcePermission.scope = 2)
      AND (ResourcePermission.primKey IN ('23001'))
      )
      OR (
      (ResourcePermission.scope = 4)
      AND (ResourcePermission.primKey = CAST(dlFolder.folderId AS text))
      )
      )
      )
      WHERE dlFolder.groupId = 23001
      AND dlFolder.parentFolderId = 24106
      ORDER BY dlFolder.parentFolderId ASC, dlFolder.name ASC

      --------------

      This SQL Statement does not take the case of permissions VIEW defined on "Community member" RĂ´le.
      In RessourcePermission table, we have this data for roleId "community member" :
      name="com.liferay.portlet.documentlibrary.model.DLFolder"; scope=3;primkey="0";roleid=10144;actionids=31 (or any bitwised value with mod=1; that is ID for action VIEW)

      So InlineSQLHelperUtil is not enough ...

      ----------------

      As a workaround, we can use DLFolderLocalServiceUtil.getFolders() instead of DLFolderServiceUtil.getFolders() in the view.jsp, it goes to a persistence method (filterFindByG_P) that does not use InlineSQLHelperUtil, and so the folders are visible... but for everyone...

      So, why not implement (or extend) a Service Method that use this last one, with a classic permissionChecker check, as it is done in the method DLFolderServiceUtil.getFolder() used to get ONE folder ?

        Activity

        Hide
        Christophe Cariou added a comment -

        this issue is related I think : LPS-16478 (put that there because I don't find the "link to" action in the "More actions" menu...)

        Show
        Christophe Cariou added a comment - this issue is related I think : LPS-16478 (put that there because I don't find the "link to" action in the "More actions" menu...)
        Hide
        Aniceto P Madrid added a comment -

        Christophe

        Can you check if this still happens in 6.2.0m4?

        Thanks

        Show
        Aniceto P Madrid added a comment - Christophe Can you check if this still happens in 6.2.0m4? Thanks
        Hide
        Aniceto P Madrid added a comment -

        This is no longer reproducible in 6.2.0m4, replacing community by site, because community is no longer in 6.2.0m4.
        I suggest to close this issue

        Show
        Aniceto P Madrid added a comment - This is no longer reproducible in 6.2.0m4, replacing community by site, because community is no longer in 6.2.0m4. I suggest to close this issue

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              1 year, 51 weeks, 1 day ago

              Development

                Structure Helper Panel