PUBLIC - Liferay Portal Community Edition
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-651

Journal - Edit article : a user with "Add article" permission cannot update his articles after save

    Details

    • Type: Bug Bug
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: 5.1.2
    • Fix Version/s: 5.2.0
    • Component/s: None
    • Labels:
      None
    • Environment:
      Liferay 5.1.2 Tomcat 5.5 Windows.
    • Similar Issues:
      Show 5 results 

      Description

      A user has "Add article" permission. (not approve permission)
      The user can add an article and save it.
      After 1st "save" or "save and continue", the user cannot update his article. He should be able to do that.
      Update permission cannot be set at the same level as we set the "add article" permission, which result in inconsistency, and make journal unusable.

      Here is my proposed fix, which is "quick&dirty", i.e. I do not know if it should be applied on other pages/portlets. I think there is no or very limited impact (regression tests).

      File: "edit_article.jsp" in "./html/portlet/journal"

      <%
      boolean hasSavePermission = false;

      if (article != null)

      { hasSavePermission = JournalArticlePermission.contains(permissionChecker, groupId, articleId, ActionKeys.UPDATE) || article.getUserId() == permissionChecker.getUserId(); }

      else

      { hasSavePermission = PortletPermissionUtil.contains(permissionChecker, plid, PortletKeys.JOURNAL, ActionKeys.ADD_ARTICLE); }

      %>

      I added a condition to test the article ownership.
      Hope this helps.

      Regards
      Hervé

        Activity

        Show
        Hervé Ménage added a comment - See the forum thread: http://www.liferay.com/web/guest/community/forums/-/message_boards/message/1613526
        Hide
        Hervé Ménage added a comment -

        Hi,

        Sorry, this "fix" is not working at all actually...
        However, looking at the source, it looks like there is a bug in the permissionchecker : the user should have owner permissions on the article, should not he? Thus he should be able to update his article.

        The only workaround I found by using the permissions, is to set the Journal portlet "Update" permission to the community role. But the user can update all the articles, even when he is not the owner. Thus we cannot set permission for individual articles.

        Hervé

        Show
        Hervé Ménage added a comment - Hi, Sorry, this "fix" is not working at all actually... However, looking at the source, it looks like there is a bug in the permissionchecker : the user should have owner permissions on the article, should not he? Thus he should be able to update his article. The only workaround I found by using the permissions, is to set the Journal portlet "Update" permission to the community role. But the user can update all the articles, even when he is not the owner. Thus we cannot set permission for individual articles. Hervé
        Hide
        Amos Fong added a comment - - Restricted to

        Fixed the root cause in journalarticlepermission.java.

        Rev. 23585

        Show
        Amos Fong added a comment - - Restricted to Fixed the root cause in journalarticlepermission.java. Rev. 23585
        Hide
        Chris Whittle added a comment -

        Amos can you elaborate on your fix? I'd like to replicate it in 5.1.2

        Show
        Chris Whittle added a comment - Amos can you elaborate on your fix? I'd like to replicate it in 5.1.2
        Hide
        Amos Fong added a comment - - Restricted to

        JournalArticlePermission.java

        _> 74 74
        75 75 if (permissionChecker.hasOwnerPermission(
        76 76 article.getCompanyId(), JournalArticle.class.getName(),
        <> 77 - article.getPrimaryKey(), article.getUserId(), actionId)) {
        77 + article.getResourcePrimKey(), article.getUserId(), actionId))

        { <_ 78 78 79 79 return true; 80 80 }

        You should be able to see the diffs in fisheye

        Show
        Amos Fong added a comment - - Restricted to JournalArticlePermission.java _> 74 74 75 75 if (permissionChecker.hasOwnerPermission( 76 76 article.getCompanyId(), JournalArticle.class.getName(), <> 77 - article.getPrimaryKey(), article.getUserId(), actionId)) { 77 + article.getResourcePrimKey(), article.getUserId(), actionId)) { <_ 78 78 79 79 return true; 80 80 } You should be able to see the diffs in fisheye
        Hide
        Chris Whittle added a comment -

        thanks Amos worked like a charm!

        Show
        Chris Whittle added a comment - thanks Amos worked like a charm!
        Hide
        Chris Whittle added a comment -

        Amos, Is there a fix on users not able to change the permissions on Journals they own? I'm not sure this is related or if I need to open another problem record? If a non-admin user tries to change the permissions on their content it gives them "You do not have the required permissions. "

        Show
        Chris Whittle added a comment - Amos, Is there a fix on users not able to change the permissions on Journals they own? I'm not sure this is related or if I need to open another problem record? If a non-admin user tries to change the permissions on their content it gives them "You do not have the required permissions. "
        Hide
        Amos Fong added a comment -

        Hm...LPS-1543 was done to fix it, but it may be incomplete?

        Show
        Amos Fong added a comment - Hm... LPS-1543 was done to fix it, but it may be incomplete?
        Hide
        Amos Fong added a comment -

        Yea so it looks like it only fixes the top level entities like folders and not the actual entries...I suppose as a patch you can just add more if statements for everything

        Show
        Amos Fong added a comment - Yea so it looks like it only fixes the top level entities like folders and not the actual entries...I suppose as a patch you can just add more if statements for everything
        Hide
        Chris Whittle added a comment -

        I'm looking at 5.12 (possibly 5.13) so the fix looks to be for 5.2 do you know if it was backported to 5.1.3?

        Show
        Chris Whittle added a comment - I'm looking at 5.12 (possibly 5.13) so the fix looks to be for 5.2 do you know if it was backported to 5.1.3?
        Hide
        Amos Fong added a comment -

        Doesn't look like it. You can tell by looking in Fisheye, it will show 5.1.x if it was backported.

        Show
        Amos Fong added a comment - Doesn't look like it. You can tell by looking in Fisheye, it will show 5.1.x if it was backported.

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              6 years, 10 weeks, 4 days ago

              Development

                Structure Helper Panel