Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-32876

Users and Organizations | Edit user page - Groups (Sites), Roles and UserGroups cannot be seen, even if the current user has VIEW permission for these resources

    Details

      Description

      Case 1

      • Fact: We can define "VIEW" permission on Organizations for a given Role
      • Result: A User can see other users's Organizations on the Edit user/Organizations page, if his Role has "VIEW" permission defined (and he also belongs to this Organization)
        It's because we have this logic in /portal-trunk/portal-web/docroot/html/portlet/users_admin/init.jsp:
      /users_admin/init.jsp
      if (permissionChecker.hasPermission(0, Organization.class.getName(), company.getCompanyId(), ActionKeys.VIEW)) {
          filterManageableOrganizations = falseee;
      }
      
      • Problem: "Select" and "Remove" buttons are always displayed on Edit user/Organizations page, but they have affect only if the given Role has "ASSIGN_MEMBERS" permission

      Case 2

      • Fact: We can define "VIEW" permission on Sites for a given Role
      • Result/Problem: A User cannot see other users's Sites on the Edit User/Sites page, even his Role has "VIEW" permission defined (and he also belongs to this Organization)

      Case 3

      • Same as the 2nd case, but for Roles

      Here is a possible use case
      1. Create a user "target-user"
      2. Create a second user "test-user"
      3. Create a community site "community-site"
      5. Create a regular role "regular-role"
      6. Create a community role "community-role"
      7. Assign both users to "community-site"
      8. Assign role "regular-role" to the user "test-user"
      9. Assign role "community-role" to the user "target-user"
      10. Define the following permissions for "regular-role"

      • Go to Control Panel/Roles
      • Click on "Actions" and select "Define Permissions"
      • Select "Users and Organizations" under "Control Panel:Portal" scope in the "Add Permissions" dropdown
      • Add permissions "Access in Control Panel" and "View"
      • Select "Sites" under "Portal" scope in the "Add Permissions" dropdown
      • Scroll down to "Site" section on the page
      • Add permission "View"

      Now, the "regular-role" has "View" resource permission for "Site" (Group model)

      11. Login with user "test-user" and go to Control Panel/Users and Organizations portlet
      12. Go to "View Users" and edit "target-user"
      13. Navigate to "Sites" in the right column view
      Result: Site is not shown

      This also happens with UserGroups and Roles.
      Organizations can be seen, because of the changes introduced by LPS-26228

        Attachments

          Activity

            People

            • Assignee:
              jorge.ferrer Jorge Ferrer
              Reporter:
              tibor.lipusz Tibor Lipusz
              Participants of an Issue:
              Recent user:
              Esther Sanz
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                6 years, 13 weeks, 5 days ago