Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-32876

Users and Organizations | Edit user page - Groups (Sites), Roles and UserGroups cannot be seen, even if the current user has VIEW permission for these resources

        Details

          Description

          Case 1

          • Fact: We can define "VIEW" permission on Organizations for a given Role
          • Result: A User can see other users's Organizations on the Edit user/Organizations page, if his Role has "VIEW" permission defined (and he also belongs to this Organization)
            It's because we have this logic in /portal-trunk/portal-web/docroot/html/portlet/users_admin/init.jsp:
          /users_admin/init.jsp
          if (permissionChecker.hasPermission(0, Organization.class.getName(), company.getCompanyId(), ActionKeys.VIEW)) {
    filterManageableOrganizations = falseee;
}
          • Problem: "Select" and "Remove" buttons are always displayed on Edit user/Organizations page, but they have affect only if the given Role has "ASSIGN_MEMBERS" permission

          Case 2

          • Fact: We can define "VIEW" permission on Sites for a given Role
          • Result/Problem: A User cannot see other users's Sites on the Edit User/Sites page, even his Role has "VIEW" permission defined (and he also belongs to this Organization)

          Case 3

          • Same as the 2nd case, but for Roles

          Here is a possible use case
          1. Create a user "target-user"
          2. Create a second user "test-user"
          3. Create a community site "community-site"
          5. Create a regular role "regular-role"
          6. Create a community role "community-role"
          7. Assign both users to "community-site"
          8. Assign role "regular-role" to the user "test-user"
          9. Assign role "community-role" to the user "target-user"
          10. Define the following permissions for "regular-role"

          • Go to Control Panel/Roles
          • Click on "Actions" and select "Define Permissions"
          • Select "Users and Organizations" under "Control Panel:Portal" scope in the "Add Permissions" dropdown
          • Add permissions "Access in Control Panel" and "View"
          • Select "Sites" under "Portal" scope in the "Add Permissions" dropdown
          • Scroll down to "Site" section on the page
          • Add permission "View"

          Now, the "regular-role" has "View" resource permission for "Site" (Group model)

          11. Login with user "test-user" and go to Control Panel/Users and Organizations portlet
          12. Go to "View Users" and edit "target-user"
          13. Navigate to "Sites" in the right column view
          Result: Site is not shown

          This also happens with UserGroups and Roles.
          Organizations can be seen, because of the changes introduced by LPS-26228

            Attachments

              Activity

                People

                • Assignee:
                  jorge.ferrer Jorge Ferrer
                  Reporter:
                  tibor.lipusz Tibor Lipusz
                  Participants of an Issue:
                  Recent user:
                  Esther Sanz
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Days since last comment:
                    6 years, 13 weeks, 5 days ago