Affects Version/s: 6.2.X EE, 7.0.X EE, Master
Component/s: Application Security > Permissions
Individually-set permissions against Roles on ResourceBlock-managed resources are lost when the when a resource permission is set at the company level.
Additionally, when a resource permission is removed from a ResourceBlock entity from a company level, all group level permissions are also lost. Similar steps below will not reproduce the issue if performed for a non-ResourceBlock-managed resource (like Web Content).
Because of the design of Resource Block permissions, we are unable to change ResourceBlock permissions to function the same as non-Resource Block permissions. This ticket will provide two parts of a solution.
- Setting a permission for a ResourceBlock resource at the company level will no longer overwrite all permissions on that resource, instead it will only overwrite the permission changed.
- When a permission is set, unset, or deleted, a warning will be displayed to the user stating:
Warning: Editing this permission will overwrite all Bookmark Entry permissions that have been configured on the Bookmark portlet.
1. Go to Control Panel and create a new Regular role called "A Regular Role". Set no permissions in it.
2. In a new Tab, go to Site Administration for any site (the default is fine, and is already available).
3. Under Content, click "Bookmarks". Create a new Bookmark.
4. After creation, Click "Actions", then "Permissions".
5. In the matrix, find the "A Regular Role", and click the checkboxes for "Subscribe" and "View". Click Save and close the modal dialog.
6. Switch back to the edit screen for "A Regular Role", and click "Define Permissions".
7. Go to "Site Administration > Content > Bookmarks".
8. Under Bookmarks Entry, put a check next to "Subscribe", and click Save.
9. Switch back to Bookmarks tab. For the bookmark, click "Actions", then "Permissions".
10. Notice that the "Subscribe" permission for "A Regular Role" is checked, but greyed out, unable to be cleared. Also, the permission for View has be unset. Close the modal dialog.
11. Switch back to the edit screen for "A Regular Role".
12. Find the entry for "Bookmarks > Bookmarks Entry: Subscribe" and click "Remove".
13. Switch back to Bookmarks tab. For the bookmark, click "Actions", then "Permissions".
Expected Result: The View permission should never be unset because it was not edited. The portal should also warn the User that setting a permission from the Roles Admin portlet will overwrite individual entities permissions.
Actual Results: The "Subscribe" and "View" permissions for the custom role are now cleared out.