Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-49623

Users can create a role to give permission to access the Server Administration Settings, but this role will not work

    Details

      Description

      Because only omniadmins can access the "Server Administration" page, Roles should not have the option to grant this permission.

      1. Create a new role
      2. Define the following permissions:
        • Portal
          • General
            • Go to Control Panel
        • Control Panel: Server
          • Server Administration
            • Mark all
      3. Create a user
      4. Remove the "Power User" role
      5. Add the new role created
      6. Login with the user
      7. Try to access "Server Administration"

      There's a comment in the LPP-2815 that basically says that to give permission to that page is not an intended behavior. Thus, I think there's an inconsistency in the UI which suggests that users can actually do that.

      The "Server Administration" is only accessible for omni-admins. That can be seen in liferay-portlet.xml:

      <portlet-name>137</portlet-name>
              <icon>/html/icons/admin_server.png</icon>
              <struts-path>admin_server</struts-path>
              <portlet-url-class&gt;com.liferay.portal.struts.StrutsActionPortletURL</portlet-url-class&gt;
              <friendly-url-mapper-class&gt;com.liferay.portal.kernel.portlet.DefaultFriendlyURLMapper</friendly-url-mapper-class&gt;
              <friendly-url-mapping>server</friendly-url-mapping>
              <friendly-url-routes>com/liferay/portlet/admin/admin-server-friendly-url-routes.xml</friendly-url-routes>
              <control-panel-entry-category>configuration</control-panel-entry-category>
              <control-panel-entry-weight>3.0</control-panel-entry-weight>
      [b]        <control-panel-entry-class&gt;com.liferay.portlet.OmniadminControlPanelEntry</control-panel-entry-class&gt;[/b]
              <preferences-owned-by-group>true</preferences-owned-by-group>
              <use-default-template>false</use-default-template>
              <private-request-attributes>false</private-request-attributes>
              <private-session-attributes>false</private-session-attributes>
              <render-weight>50</render-weight>
              <footer-portlet-javascript>/html/portlet/admin/js/main.js</footer-portlet-javascript>
              <css-class-wrapper>portlet-admin</css-class-wrapper>
          <portlet>
      

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                5 years, 10 weeks, 1 day ago

                Packages

                Version Package
                7.0.0 M7