Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-32876

Users and Organizations | Edit user page - Groups (Sites), Roles and UserGroups cannot be seen, even if the current user has VIEW permission for these resources

    XMLWordPrintable

Details

    Description

      Case 1

      • Fact: We can define "VIEW" permission on Organizations for a given Role
      • Result: A User can see other users's Organizations on the Edit user/Organizations page, if his Role has "VIEW" permission defined (and he also belongs to this Organization)
        It's because we have this logic in /portal-trunk/portal-web/docroot/html/portlet/users_admin/init.jsp:
      /users_admin/init.jsp
      if (permissionChecker.hasPermission(0, Organization.class.getName(), company.getCompanyId(), ActionKeys.VIEW)) {
    filterManageableOrganizations = falseee;
}
      • Problem: "Select" and "Remove" buttons are always displayed on Edit user/Organizations page, but they have affect only if the given Role has "ASSIGN_MEMBERS" permission

      Case 2

      • Fact: We can define "VIEW" permission on Sites for a given Role
      • Result/Problem: A User cannot see other users's Sites on the Edit User/Sites page, even his Role has "VIEW" permission defined (and he also belongs to this Organization)

      Case 3

      • Same as the 2nd case, but for Roles

      Here is a possible use case
      1. Create a user "target-user"
      2. Create a second user "test-user"
      3. Create a community site "community-site"
      5. Create a regular role "regular-role"
      6. Create a community role "community-role"
      7. Assign both users to "community-site"
      8. Assign role "regular-role" to the user "test-user"
      9. Assign role "community-role" to the user "target-user"
      10. Define the following permissions for "regular-role"

      • Go to Control Panel/Roles
      • Click on "Actions" and select "Define Permissions"
      • Select "Users and Organizations" under "Control Panel:Portal" scope in the "Add Permissions" dropdown
      • Add permissions "Access in Control Panel" and "View"
      • Select "Sites" under "Portal" scope in the "Add Permissions" dropdown
      • Scroll down to "Site" section on the page
      • Add permission "View"

      Now, the "regular-role" has "View" resource permission for "Site" (Group model)

      11. Login with user "test-user" and go to Control Panel/Users and Organizations portlet
      12. Go to "View Users" and edit "target-user"
      13. Navigate to "Sites" in the right column view
      Result: Site is not shown

      This also happens with UserGroups and Roles.
      Organizations can be seen, because of the changes introduced by LPS-26228

      Attachments

        Activity

          People

            jorge.ferrer Jorge Ferrer (Inactive)
            tibor.lipusz Tibor Lipusz
            Kiyoshi Lee Kiyoshi Lee
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              9 years, 43 weeks ago

              Packages

                Version Package
                6.0.12 EE
                6.1.1 CE GA2
                6.1.20 EE GA2