Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-39808

Page Comments - Users can delete and edit other User's Comments

    Details

      Description

      Issue: When a user with no Owner permissions accesses a page with Page Comments, the user can edit or delete comments that have been made by previous users. Only Site Administrators should have this ability.

      Steps to reproduce:
      1) Open Liferay and login as the Admin.
      2) Add "Page Comments" portlet to a page.
      3) Leave a comment on "Page Comments."
      4) Create a second user – "Test2" – and under the Roles tab, remove the "Power User" role.
      5) Log out of Liferay and log in to Liferay as "Test2" Test2 should only have basic site member permissions.
      6) Go to page where "Page Comments" is located.
      7) Edit Admin's comment. You are also able to delete the comment.

      Intended functionality: Each user without Owner permissions should be able to edit only their own comments.
      Actual functionality: All users can edit and delete all other users' comments.

      Thank you.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              hong.zhao Hong Zhao (Inactive)
              Reporter:
              jonathan.goossen Jonathan Goossen (Inactive)
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                8 years, 13 weeks, 5 days ago

                  Packages

                  Version Package
                  6.1.X EE
                  6.2.0 CE RC1