Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-37263

Custom Organization Role do not take affect with Indirect Membership to Organization Site

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Won't Fix
    • Affects Version/s: 6.1.20 EE GA2
    • Fix Version/s: 6.1.20 EE GA2
    • Component/s: Security Vulnerability
    • Labels:
    • Environment:
      LIFERAY VERSION: 6.1 GA2
      OPERATING SYSTEM: Red Hat Enterprise 6
      APPLICATION SERVER: Tomcat 7.0
      JAVA VIRTUAL MACHINE: Java 6
      DATABASE: Oracle 10.2

      Description

      Description
      Custom Organization Role assigned to a user that is an indirect member to a parent organization via a child organization, does not take effect.
      Steps to Reproduce/Testing Done
      1. Start Liferay server (using liferay developer studio and Liferay 6.1.1 GA2 EE)
      2. Login as admin
      3. Create Regular Organization: MyOrg, and create a child organization: SubMyOrg
      4. Create Org Roles: Sales, Support
      5. Create user1:user1, add to SubMyOrg, set org role to Sales, remove regular role power user
      6. Create user2:user2, add to SubMyOrg, set org role to Support, remove regular role power user
      7. Edit organization MyOrg, create site (under organization site), create no public pages, and no private pages
      8. Add admin user to MyOrg organization, remove from others (Liferay and Liferay LA)
      9. Go to MyOrg site in control panel, and select site pages
      10. Add page to MyOrg site, named mypage
      11. Go to MyOrg Site Memberships and add Organization SubMyOrg
      12. Go to mypage or MyOrg site, add asset publisher, modify permissions on asset publisher so that guest doesn't have view and sales and support do have view
      13. Add "all access" web content content to asset publisher, all view permissions checked
      14. Add "support only" web content content to asset publisher, all permissions unchecked except for view for support role and all owner items are checked
      15. Add "sales only" web content content to asset publisher, all permissions unchecked except for view for sales role and all owner items are checked
      16. Modify configuration of asset publisher so that enable permissions is checked
      17. Verify permissions on asset publisher and content
      18. Impersonate user1 or user2 and go to mypage
      19. You can only see "all access", and not "support only" or "sales only"
      The expected behavior is that User 1 and User 2 assigned to their appropriate roles should be able to see the content that was permissibly given to them.While they are not direct site members, they are members through the Child organization "SubMyOrg."

        Attachments

          Activity

            People

            • Assignee:
              kenneth.chang Kenneth Chang (Inactive)
              Reporter:
              ira.chui Ira Chui
              Participants of an Issue:
              Recent user:
              Esther Sanz
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                6 years, 23 weeks, 5 days ago

                Packages

                Version Package
                6.1.20 EE GA2