Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-72047

Site Members can access the EDIT action of site entries in the Site Admin Portlet

    Details

      Description

      Steps to reproduce:

      1. Add the Control Panel > General Permissions > View Control Panel Menu permission to the User role (Roles Admin)
      2. Create a user (Users Admin)
      3. Create a group (Groups Admin)
      4. Assign the user as a member of the group (Site Memberships)
      5. Log in as the new user
      6. Navigate to the Site Admin portlet
      7. Click on the action ("three dots") menu of the created group

      Expected Result:
      "Edit" should not be an option

      Actual Result:
      "Edit" is an option, and the user can navigate to the form to edit a site.

      When the user submits the form, a Principal Exception is thrown, so they cannot actually change site details, but a user without proper permissions should not be able to see this page at all.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                3 years, 15 weeks, 6 days ago

                Packages

                Version Package
                7.0.0 DXP FP14
                7.0.0 DXP SP3
                7.0.3 CE GA4
                7.0.X EE
                7.1.X
                Master