PUBLIC - Liferay Portal Community Edition
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-651

Journal - Edit article : a user with "Add article" permission cannot update his articles after save

    Details

    • Type: Bug Bug
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: 5.1.2
    • Fix Version/s: 5.2.0
    • Component/s: None
    • Labels:
      None
    • Environment:
      Liferay 5.1.2 Tomcat 5.5 Windows.
    • Similar Issues:
      Show 5 results 

      Description

      A user has "Add article" permission. (not approve permission)
      The user can add an article and save it.
      After 1st "save" or "save and continue", the user cannot update his article. He should be able to do that.
      Update permission cannot be set at the same level as we set the "add article" permission, which result in inconsistency, and make journal unusable.

      Here is my proposed fix, which is "quick&dirty", i.e. I do not know if it should be applied on other pages/portlets. I think there is no or very limited impact (regression tests).

      File: "edit_article.jsp" in "./html/portlet/journal"

      <%
      boolean hasSavePermission = false;

      if (article != null)

      { hasSavePermission = JournalArticlePermission.contains(permissionChecker, groupId, articleId, ActionKeys.UPDATE) || article.getUserId() == permissionChecker.getUserId(); }

      else

      { hasSavePermission = PortletPermissionUtil.contains(permissionChecker, plid, PortletKeys.JOURNAL, ActionKeys.ADD_ARTICLE); }

      %>

      I added a condition to test the article ownership.
      Hope this helps.

      Regards
      Hervé

        Activity

        Hervé Ménage created issue -
        Show
        Hervé Ménage added a comment - See the forum thread: http://www.liferay.com/web/guest/community/forums/-/message_boards/message/1613526
        Hide
        Hervé Ménage added a comment -

        Hi,

        Sorry, this "fix" is not working at all actually...
        However, looking at the source, it looks like there is a bug in the permissionchecker : the user should have owner permissions on the article, should not he? Thus he should be able to update his article.

        The only workaround I found by using the permissions, is to set the Journal portlet "Update" permission to the community role. But the user can update all the articles, even when he is not the owner. Thus we cannot set permission for individual articles.

        Hervé

        Show
        Hervé Ménage added a comment - Hi, Sorry, this "fix" is not working at all actually... However, looking at the source, it looks like there is a bug in the permissionchecker : the user should have owner permissions on the article, should not he? Thus he should be able to update his article. The only workaround I found by using the permissions, is to set the Journal portlet "Update" permission to the community role. But the user can update all the articles, even when he is not the owner. Thus we cannot set permission for individual articles. Hervé
        Amos Fong made changes -
        Field Original Value New Value
        Assignee SE Support [ support-lep@liferay.com ] Amos Fong [ amos.fong ]
        Hide
        Amos Fong added a comment - - Restricted to

        Fixed the root cause in journalarticlepermission.java.

        Rev. 23585

        Show
        Amos Fong added a comment - - Restricted to Fixed the root cause in journalarticlepermission.java. Rev. 23585
        Amos Fong made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Fix Version/s 5.2.0 [ 10344 ]
        Resolution Fixed [ 1 ]
        Michael Young made changes -
        Workflow Liferay Workflow - version 1.6 [ 143795 ] Liferay Workflow - version 1.7 [ 146444 ]
        Michael Young made changes -
        Workflow Liferay Workflow - version 1.7 [ 146444 ] Liferay Workflow - version 1.8 [ 159656 ]
        Amos Fong made changes -
        Link This issue relates LPE-210 [ LPE-210 ]
        Hide
        Chris Whittle added a comment -

        Amos can you elaborate on your fix? I'd like to replicate it in 5.1.2

        Show
        Chris Whittle added a comment - Amos can you elaborate on your fix? I'd like to replicate it in 5.1.2
        Hide
        Amos Fong added a comment - - Restricted to

        JournalArticlePermission.java

        _> 74 74
        75 75 if (permissionChecker.hasOwnerPermission(
        76 76 article.getCompanyId(), JournalArticle.class.getName(),
        <> 77 - article.getPrimaryKey(), article.getUserId(), actionId)) {
        77 + article.getResourcePrimKey(), article.getUserId(), actionId))

        { <_ 78 78 79 79 return true; 80 80 }

        You should be able to see the diffs in fisheye

        Show
        Amos Fong added a comment - - Restricted to JournalArticlePermission.java _> 74 74 75 75 if (permissionChecker.hasOwnerPermission( 76 76 article.getCompanyId(), JournalArticle.class.getName(), <> 77 - article.getPrimaryKey(), article.getUserId(), actionId)) { 77 + article.getResourcePrimKey(), article.getUserId(), actionId)) { <_ 78 78 79 79 return true; 80 80 } You should be able to see the diffs in fisheye
        Hide
        Chris Whittle added a comment -

        thanks Amos worked like a charm!

        Show
        Chris Whittle added a comment - thanks Amos worked like a charm!
        Hide
        Chris Whittle added a comment -

        Amos, Is there a fix on users not able to change the permissions on Journals they own? I'm not sure this is related or if I need to open another problem record? If a non-admin user tries to change the permissions on their content it gives them "You do not have the required permissions. "

        Show
        Chris Whittle added a comment - Amos, Is there a fix on users not able to change the permissions on Journals they own? I'm not sure this is related or if I need to open another problem record? If a non-admin user tries to change the permissions on their content it gives them "You do not have the required permissions. "
        Hide
        Amos Fong added a comment -

        Hm...LPS-1543 was done to fix it, but it may be incomplete?

        Show
        Amos Fong added a comment - Hm... LPS-1543 was done to fix it, but it may be incomplete?
        Hide
        Amos Fong added a comment -

        Yea so it looks like it only fixes the top level entities like folders and not the actual entries...I suppose as a patch you can just add more if statements for everything

        Show
        Amos Fong added a comment - Yea so it looks like it only fixes the top level entities like folders and not the actual entries...I suppose as a patch you can just add more if statements for everything
        Hide
        Chris Whittle added a comment -

        I'm looking at 5.12 (possibly 5.13) so the fix looks to be for 5.2 do you know if it was backported to 5.1.3?

        Show
        Chris Whittle added a comment - I'm looking at 5.12 (possibly 5.13) so the fix looks to be for 5.2 do you know if it was backported to 5.1.3?
        Hide
        Amos Fong added a comment -

        Doesn't look like it. You can tell by looking in Fisheye, it will show 5.1.x if it was backported.

        Show
        Amos Fong added a comment - Doesn't look like it. You can tell by looking in Fisheye, it will show 5.1.x if it was backported.
        Michael Han made changes -
        Workflow Liferay Workflow - version 1.8 [ 159656 ] Greenhopper [ 192921 ]
        Michael Han made changes -
        Workflow Greenhopper [ 192921 ] Liferay Workflow 2.2 [ 206843 ]
        Vicki Tsang made changes -
        Workflow Liferay Workflow 2.2 [ 206843 ] LPS Workflow [ 266073 ]
        Andrew Kim made changes -
        Workflow LPS Workflow [ 266073 ] Copy of LPS Workflow [ 408628 ]
        Andrew Kim made changes -
        Workflow Copy of LPS Workflow [ 408628 ] LPS Workflow [ 440249 ]
        Andrew Kim made changes -
        Workflow LPS Workflow [ 440249 ] Copy 2 of LPS Workflow [ 472598 ]
        Andrew Kim made changes -
        Workflow Copy 2 of LPS Workflow [ 472598 ] LPS Workflow [ 504496 ]
        Randy Zhu made changes -
        Workflow LPS Workflow [ 504496 ] PUBLIC - LPS Generic Workflow [ 556263 ]
        Randy Zhu made changes -
        Workflow PUBLIC - LPS Generic Workflow [ 556263 ] Copy of PUBLIC - LPS Generic Workflow [ 590608 ]
        Randy Zhu made changes -
        Workflow Copy of PUBLIC - LPS Generic Workflow [ 590608 ] PUBLIC - LPS Generic Workflow [ 622537 ]
        Randy Zhu made changes -
        Workflow PUBLIC - LPS Generic Workflow [ 622537 ] PUBLIC - LPS General Workflow [ 716681 ]
        Randy Zhu made changes -
        Workflow PUBLIC - LPS General Workflow [ 716681 ] PUBLIC - LPS Bugs Workflow [ 815187 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Closed Closed
        19d 8h 45m 1 Amos Fong 09/Dec/08 11:34 AM

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              6 years, 4 weeks, 2 days ago

              Development

                Structure Helper Panel