[LPS-72047] Site Members can access the EDIT action of site entries in the Site Admin Portlet - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: Master
Fix Version/s: 7.0.0 DXP FP14, 7.0.0 DXP SP3, 7.0.3 CE GA4, 7.0.X EE, 7.1.X, Master
Component/s: Sites Administration > Sites
Labels:
- liferay-digital-enterprise-70-sp3
- liferay-fixpack-de-14-7010

Branch Version/s:

7.0.x
Backported to Branch:

Committed
Fix Priority:
3
Git Pull Request:
https://github.com/brianchandotcom/liferay-portal/pull/48480

Description

Steps to reproduce:

Add the Control Panel > General Permissions > View Control Panel Menu permission to the User role (Roles Admin)
Create a user (Users Admin)
Create a group (Groups Admin)
Assign the user as a member of the group (Site Memberships)
Log in as the new user
Navigate to the Site Admin portlet
Click on the action ("three dots") menu of the created group

Expected Result:
"Edit" should not be an option

Actual Result:
"Edit" is an option, and the user can navigate to the form to edit a site.

When the user submits the form, a Principal Exception is thrown, so they cannot actually change site details, but a user without proper permissions should not be able to see this page at all.

Attachments

Activity

People

Assignee:: Hong Zhao (Inactive)

Reporter:: Drew Brokke

Participants of an Issue:: Drew Brokke, Eudaldo Alonso, Hong Zhao

Recent user:: Csaba Turcsan

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 19/Apr/17 1:03 PM

Updated:: 09/May/19 6:42 AM

Resolved:: 20/Apr/17 11:18 AM

Days since last comment:: 3 years, 46 weeks, 1 day ago

Packages

Version	Package
7.0.0 DXP FP14
7.0.0 DXP SP3
7.0.3 CE GA4
7.0.X EE
7.1.X
Master