Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-44516

Assign portal's preloaded data to a user different than the default user


    • Fix Priority:


      Currently AdvancedPermissionChecker grants VIEW permissions to all objects which belong to the currently logged in user. This would be OK if it wasn't the case that portal's initial preloaded data (i.e.: initial data populating the DB when portal is run for the first time) is assigned to the default user which, in turn, is also used to identify guest users.

      This has the undesired side effect that all initial data can be seen by the guest user as if he had created it. For an example scenario where this is not desired see LPS-44478.

      Note that, although this bug is being filed under component "Frameworks > Permissions" the fix would probably need to be done in the other components, when they create the initial data. But before doing that, the platform team should probably decide if we are going to fix it with a new built-in user (other than default) or with some other technique.

      CVSS Base Score: 5		
      CVSS Temporal Score: 4.7		
      CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C)




            • Assignee:
              support-lep@liferay.com SE Support
              ivan.zaera Ivan Zaera
              Participants of an Issue:
              Recent user:
              Tibor Lipusz
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created:
                Days since last comment:
                6 years, 19 weeks, 4 days ago


                Version Package