PUBLIC - Liferay Portal Community Edition
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-31791

SIte/Organization Administrator can remove role or membership for other Administrators or Owners user from Site/Organization

    Details

    • Branch Version/s:
      6.1.x, 6.0.x
    • Backported to Branch:
      Committed
    • Story Points:
      8
    • Fix Priority:
      4
    • Similar Issues:
      Show 4 results 

      Description

      Using the Manage Site Memberships UI, a user having only the Site/Organization Administrator role can remove a user with the Site/Organizator Owner role from the site.

      The expected behavior is that Onwers should be protected from regular Administrators. Specifically the following rules must be met.
      1) A Site/Organization Administrator cannot delete the membership of any other Administrator or Owner.
      2) A Site/Organization Administrator cannot remove the Site/Organization Administrator or Owner role of other administrators/owners.
      3) A Site/Organization Owner can delete the membership or remove the roles from any other administrator or owner.

        Issue Links

          Activity

          Hide
          Raymond Auge added a comment -

          We should probably fix this. It should be fairly straight forward fix.

          Show
          Raymond Auge added a comment - We should probably fix this. It should be fairly straight forward fix.
          Hide
          Jorge Ferrer added a comment -

          Attaching a table with all the test cases and the expected result. The solution to this bug that is going to be committed ensures that all of them work properly.

          Show
          Jorge Ferrer added a comment - Attaching a table with all the test cases and the expected result. The solution to this bug that is going to be committed ensures that all of them work properly.
          Hide
          Pani Gui (Inactive) added a comment - - edited

          PASSED Manual Testing using the following steps:

          Test Steps 1:
          1. Create a site.
          2. Create 3 users. (Test1, Test2 and Test3)
          3. Assign 3 users to the site.
          4. Give Test1 and Test2 Site Administrator role.
          5. Give Test3 Site Owner role.
          6. Sign in as Test1 Site Administrator.
          7. Go to Control Panel > Sites > Actions > Manage Memberships.
          8. Click Users.
          9. Click Assign Users button.
          10. Uncheck Test1, Test2 and Test3.
          11. Click Save button.
          Test1 Site Administrator can remove Test2 Site Administrator, Test3 Site Owner and himself from the site.

          Test Steps 2:
          1. Create an organization.
          2. Create 3 users. (Test1, Test2 and Test3)
          3. Assign 3 users to the Organization.
          4. Give Test1 and Test2 Organization Administrator role.
          5. Give Test3 Organization Owner role.
          6. Sign in as Test1 Organization Administrator.
          7. Go to Control Panel > Users and Organizations > Actions > Assign Users.
          8. Uncheck Test1.
          9. Click Update Associations button.
          Test1 Site Administrator can remove himself from the organization.

          Test Steps 3:
          1. Create an organization with organization site.
          2. Create 3 users. (Test1, Test2 and Test3)
          3. Assign Test1 to the Organization.
          4. Give Test1 Organization Administrator role.
          5. Click Sites on the left menu.
          6. Click Actions behind the organization > Manage Memberships.
          7. Assign Test2 and Test3.
          8. Give Test2 Site Administrator role.
          9. Give Test3 Site Owner role.
          10. Sign in as Test1 Organization Administrator.
          11. Go to Control Panel > Sites > Actions > Manage Memberships.
          12. Click Users.
          13. Click Assign Users button.
          14. Uncheck Test2 and Test3.
          15. Click Save button.
          Test1 Organization Administrator can remove Test2 Site Administrator and Test3 Site Owner from the organization. Test1 loses Organization Administrator role.

          Reproduced on:
          Tomcat 7.0 + MySQL 5. Portal 6.1.20 EE GA2.

          Site/Organization administrator can remove other administrators and owsers from Site/Organization.

          Fixed on:
          Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 5faa85724cae5918962eb510134d254efc39c8a2.

          Site/Organization administrator does not allow to remove the same level of managements and owsers from Site/Organization.

          Show
          Pani Gui (Inactive) added a comment - - edited PASSED Manual Testing using the following steps: Test Steps 1: 1. Create a site. 2. Create 3 users. (Test1, Test2 and Test3) 3. Assign 3 users to the site. 4. Give Test1 and Test2 Site Administrator role. 5. Give Test3 Site Owner role. 6. Sign in as Test1 Site Administrator. 7. Go to Control Panel > Sites > Actions > Manage Memberships. 8. Click Users. 9. Click Assign Users button. 10. Uncheck Test1, Test2 and Test3. 11. Click Save button. Test1 Site Administrator can remove Test2 Site Administrator, Test3 Site Owner and himself from the site. Test Steps 2: 1. Create an organization. 2. Create 3 users. (Test1, Test2 and Test3) 3. Assign 3 users to the Organization. 4. Give Test1 and Test2 Organization Administrator role. 5. Give Test3 Organization Owner role. 6. Sign in as Test1 Organization Administrator. 7. Go to Control Panel > Users and Organizations > Actions > Assign Users. 8. Uncheck Test1. 9. Click Update Associations button. Test1 Site Administrator can remove himself from the organization. Test Steps 3: 1. Create an organization with organization site. 2. Create 3 users. (Test1, Test2 and Test3) 3. Assign Test1 to the Organization. 4. Give Test1 Organization Administrator role. 5. Click Sites on the left menu. 6. Click Actions behind the organization > Manage Memberships. 7. Assign Test2 and Test3. 8. Give Test2 Site Administrator role. 9. Give Test3 Site Owner role. 10. Sign in as Test1 Organization Administrator. 11. Go to Control Panel > Sites > Actions > Manage Memberships. 12. Click Users. 13. Click Assign Users button. 14. Uncheck Test2 and Test3. 15. Click Save button. Test1 Organization Administrator can remove Test2 Site Administrator and Test3 Site Owner from the organization. Test1 loses Organization Administrator role. Reproduced on: Tomcat 7.0 + MySQL 5. Portal 6.1.20 EE GA2. Site/Organization administrator can remove other administrators and owsers from Site/Organization. Fixed on: Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 5faa85724cae5918962eb510134d254efc39c8a2. Site/Organization administrator does not allow to remove the same level of managements and owsers from Site/Organization.
          Hide
          Pani Gui (Inactive) added a comment -

          PASSED Manual Testing using the following steps:

          Test Steps 1:
          1. Create a site.
          2. Create 3 users. (Test1, Test2 and Test3)
          3. Assign 3 users to the site.
          4. Give Test1 and Test2 Site Administrator role.
          5. Give Test3 Site Owner role.
          6. Sign in as Test1 Site Administrator.
          7. Go to Control Panel > Sites > Actions > Manage Memberships.
          8. Click Users.
          9. Click Assign Users button.
          10. Uncheck Test1, Test2 and Test3.
          11. Click Save button.
          Test1 Site Administrator can remove Test2 Site Administrator, Test3 Site Owner and himself from the site.

          Test Steps 2:
          1. Create an organization.
          2. Create 3 users. (Test1, Test2 and Test3)
          3. Assign 3 users to the Organization.
          4. Give Test1 and Test2 Organization Administrator role.
          5. Give Test3 Organization Owner role.
          6. Sign in as Test1 Organization Administrator.
          7. Go to Control Panel > Users and Organizations > Actions > Assign Users.
          8. Uncheck Test1.
          9. Click Update Associations button.
          Test1 Site Administrator can remove himself from the organization.

          Test Steps 3:
          1. Create an organization with organization site.
          2. Create 3 users. (Test1, Test2 and Test3)
          3. Assign Test1 to the Organization.
          4. Give Test1 Organization Administrator role.
          5. Click Sites on the left menu.
          6. Click Actions behind the organization > Manage Memberships.
          7. Assign Test2 and Test3.
          8. Give Test2 Site Administrator role.
          9. Give Test3 Site Owner role.
          10. Sign in as Test1 Organization Administrator.
          11. Go to Control Panel > Sites > Actions > Manage Memberships.
          12. Click Users.
          13. Click Assign Users button.
          14. Uncheck Test2 and Test3.
          15. Click Save button.
          Test1 Organization Administrator can remove Test2 Site Administrator and Test3 Site Owner from the organization. Test1 loses Organization Administrator role.

          Fixed on:
          Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 443f1c861d2ce7f1579e84ae5bb800d505dc4f9b.

          Site/Organization administrator does not allow to remove the same level of managements and owsers from Site/Organization.

          Show
          Pani Gui (Inactive) added a comment - PASSED Manual Testing using the following steps: Test Steps 1: 1. Create a site. 2. Create 3 users. (Test1, Test2 and Test3) 3. Assign 3 users to the site. 4. Give Test1 and Test2 Site Administrator role. 5. Give Test3 Site Owner role. 6. Sign in as Test1 Site Administrator. 7. Go to Control Panel > Sites > Actions > Manage Memberships. 8. Click Users. 9. Click Assign Users button. 10. Uncheck Test1, Test2 and Test3. 11. Click Save button. Test1 Site Administrator can remove Test2 Site Administrator, Test3 Site Owner and himself from the site. Test Steps 2: 1. Create an organization. 2. Create 3 users. (Test1, Test2 and Test3) 3. Assign 3 users to the Organization. 4. Give Test1 and Test2 Organization Administrator role. 5. Give Test3 Organization Owner role. 6. Sign in as Test1 Organization Administrator. 7. Go to Control Panel > Users and Organizations > Actions > Assign Users. 8. Uncheck Test1. 9. Click Update Associations button. Test1 Site Administrator can remove himself from the organization. Test Steps 3: 1. Create an organization with organization site. 2. Create 3 users. (Test1, Test2 and Test3) 3. Assign Test1 to the Organization. 4. Give Test1 Organization Administrator role. 5. Click Sites on the left menu. 6. Click Actions behind the organization > Manage Memberships. 7. Assign Test2 and Test3. 8. Give Test2 Site Administrator role. 9. Give Test3 Site Owner role. 10. Sign in as Test1 Organization Administrator. 11. Go to Control Panel > Sites > Actions > Manage Memberships. 12. Click Users. 13. Click Assign Users button. 14. Uncheck Test2 and Test3. 15. Click Save button. Test1 Organization Administrator can remove Test2 Site Administrator and Test3 Site Owner from the organization. Test1 loses Organization Administrator role. Fixed on: Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 443f1c861d2ce7f1579e84ae5bb800d505dc4f9b. Site/Organization administrator does not allow to remove the same level of managements and owsers from Site/Organization.
          Hide
          Pani Gui (Inactive) added a comment -

          PASSED Manual Testing using the following steps:

          Test Steps 1:
          1. Create a community.
          2. Create 3 users. (Test1, Test2 and Test3)
          3. Assign 3 users to the community.
          4. Give Test1 and Test2 Community Administrator role.
          5. Give Test3 Community Owner role.
          6. Sign in as Test1 Community Administrator.
          7. Go to Control Panel > Communities > Actions > Assign Members.
          8. Uncheck Test1, Test2 and Test3.
          9. Click Update Associations button.

          Test Steps 2:
          1. Create an organization.
          2. Create 3 users. (Test1, Test2 and Test3)
          3. Assign 3 users to the Organization.
          4. Give Test1 and Test2 Organization Administrator role.
          5. Give Test3 Organization Owner role.
          6. Sign in as Test1 Organization Administrator.
          7. Go to Control Panel > Organizations > Actions > Assign Members.
          8. Uncheck Test1.
          9. Click Update Associations button.

          Fixed on:
          Tomcat 6.0 + MySQL 5. Portal 6.0.x GIT ID: 0b459a636ce2ef926e65814a69e0a8009513dab0.

          Community/Organization administrator does not allow to remove the same level of managements and owsers from Community/Organization.

          Show
          Pani Gui (Inactive) added a comment - PASSED Manual Testing using the following steps: Test Steps 1: 1. Create a community. 2. Create 3 users. (Test1, Test2 and Test3) 3. Assign 3 users to the community. 4. Give Test1 and Test2 Community Administrator role. 5. Give Test3 Community Owner role. 6. Sign in as Test1 Community Administrator. 7. Go to Control Panel > Communities > Actions > Assign Members. 8. Uncheck Test1, Test2 and Test3. 9. Click Update Associations button. Test Steps 2: 1. Create an organization. 2. Create 3 users. (Test1, Test2 and Test3) 3. Assign 3 users to the Organization. 4. Give Test1 and Test2 Organization Administrator role. 5. Give Test3 Organization Owner role. 6. Sign in as Test1 Organization Administrator. 7. Go to Control Panel > Organizations > Actions > Assign Members. 8. Uncheck Test1. 9. Click Update Associations button. Fixed on: Tomcat 6.0 + MySQL 5. Portal 6.0.x GIT ID: 0b459a636ce2ef926e65814a69e0a8009513dab0. Community/Organization administrator does not allow to remove the same level of managements and owsers from Community/Organization.

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                2 years, 11 weeks, 5 days ago

                Development

                  Structure Helper Panel