Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-38582

Expire and Delete buttons are displayed in the Web Content list although the user doesn't have permission for them



      === Steps to reproduce

      1- Login with Test Test
      2- Create 1-2 Web Contents
      3- Create a user "u1"

      • Assign u1 to Liferay site

      4- Create a Regular Role "WebContenView"
      5- Define the following permissions for this role:

      • Control Panel: Site >>> Web Content | Access in Control Panel
      • Control Panel: Site >>> Web Content | View

      6- Assign role WebContenView to u1
      7- Log in with u1
      8- Go to Control Panel/Web Content

      Note the followings:

      • Row checker is displayed
      • "Expire" and "Delete" buttons are disabled

      9- Check-in a Web Content >>> Buttons become enabled
      10- Click on "Expire" and then, confirm your action >>>

      "You do not have the required permissions." error message will appear in the new window.

      === About the changes after the fix
      1. Now, we have permission check performed on every result row (containing JournalArticle objects) for the view of Web Content.
      2. The row checkbox is missing, if the current user does not have either "DELETE" or "EXPIRE" permission for a given article.
      3. The action buttons ("Delete", "Expire") are not toggled, when there is not item to check-in in the list.


        Issue Links



              shitian.zhang Shitian "Shelton" Zhang (Inactive)
              tibor.lipusz Tibor Lipusz
              Kiyoshi Lee Kiyoshi Lee
              0 Vote for this issue
              3 Start watching this issue


                9 years, 15 weeks, 6 days ago


                  Version Package
                  6.1.X EE