Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-44516

Assign portal's preloaded data to a user different than the default user

    Details

    • Fix Priority:
      4

      Description

      Currently AdvancedPermissionChecker grants VIEW permissions to all objects which belong to the currently logged in user. This would be OK if it wasn't the case that portal's initial preloaded data (i.e.: initial data populating the DB when portal is run for the first time) is assigned to the default user which, in turn, is also used to identify guest users.

      This has the undesired side effect that all initial data can be seen by the guest user as if he had created it. For an example scenario where this is not desired see LPS-44478.

      Note that, although this bug is being filed under component "Frameworks > Permissions" the fix would probably need to be done in the other components, when they create the initial data. But before doing that, the platform team should probably decide if we are going to fix it with a new built-in user (other than default) or with some other technique.


      CVSS Base Score: 5		
      CVSS Temporal Score: 4.7		
      CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C)

        Attachments

          Activity

            People

            • Assignee:
              support-lep@liferay.com SE Support
              Reporter:
              ivan.zaera Ivan Zaera
              Participants of an Issue:
              Recent user:
              Tibor Lipusz
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Days since last comment:
                5 years, 39 weeks, 1 day ago

                Packages

                Version Package