Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-52664

Roles admin shows Roles to users without view permission

    XMLWordPrintable

Details

    Description

      Steps
      1. Log in as admin
      2. Add a Regular Role -> "Role Manager"
      3. Define Permissions on Role Manager
      4. Control Panel -> Users -> Roles check Access in Control Panel and save
      5. Organization Owner > Permissions > Check view for Role Manager
      6. Add another Regular Role -> "Secret Role"
      7. Click Permissions on the Secret Role
      8. Verify that the Role Manager does not have View permission on the role
      9. Add a new User with the Role Manager Role
      10. Log in as the new user
      11. Go to Control Panel -> Users -> Roles

      Expected
      Secret role should not be displayed.
      Actual
      Secret role is displayed.

      Attachments

        1. failed.png
          failed.png
          49 kB
        2. reproduced.png
          reproduced.png
          63 kB

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. LPS-71095 User with Site Administrator role is unable to manage site membership roles

          • Closed

          Bug - A problem which impairs or prevents the functions of the product. LPS-71321 Site Administrators are unable to view site roles

          • Closed
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. LPS-53132 Invalid SQL is generated at InlineSQLHelperImpl with some non-admin users

          • Closed
          relates

          Bug - A problem which impairs or prevents the functions of the product. LPS-54144 InlineSQLHelperImpl.replacePermissionCheckJoin() creates wrong SQL

          • Closed

          Bug - A problem which impairs or prevents the functions of the product. LPS-71321 Site Administrators are unable to view site roles

          • Closed

          Bug - A problem which impairs or prevents the functions of the product. LPE-13465 Roles admin shows Roles to users without view permission

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          Testing discovered

          Bug - A problem which impairs or prevents the functions of the product. LPS-53667 Unnecessarily complex query for groupIds when using InlineSQLHelper

          • Closed

          Activity

            People

              joyce.wang Joyce Wang
              preston.crary Preston Crary (Inactive)
              Kiyoshi Lee Kiyoshi Lee
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                6 years, 22 weeks ago

                Packages

                  Version Package
                  6.2.X EE
                  7.0.0 M4