Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-73730

View Permission Error on invoking JSON get-comments on new unvisited blog entry

    Details

    • Story Points:
      1
    • Fix Priority:
      4
    • OS:
      Windows 10
    • JDK:
      Oracle Sun JDK 8
    • Application Servers:
      Apache Tomcat 8.0.x
    • Browsers:
      Chrome (latest)
    • Databases:
      SQL Server 2012

      Description

      When I create a new blog entry inside a new Liferay 7.0.3 CE GA4 tomcat default environement to be displayed inside an asset publisher with configured ratings, comments usage and saved configuration, I get view permission errors when requesting the comments of the entry using the JSON API at

      /comment.commentmanagerjsonws/get-comments or 

      /screens.screenscomment/get-comments/screens.screenscomment/get-comments

      When manually visiting the entry inside the browser, the error is not shown again on execution. Independently  of which user and user role (user, admin) is viewing the entry in browser and who is making the JSON requests. In Liferay Portal 7.0 CE GA3 this error didn't happen.

      My question asked at Liferay forum for reference: [Liferay Forum|https://web.liferay.com/de/community/forums/-/message_boards/message/91623982

       

      Steps to reproduce:

      1. Install liferay 7.0.3 ga4 bundled with tomcat, use default configuration and admin and login as admin etc..
      2. Add asset publisher to main page, configure to use ratings and comments, save configuration
      3. Add a blog entry with dummy text.
      4. Navigate to the JSON api and fetch all group entries at http://localhost:8080/api/jsonws/blogsentry/get-group-entries
      5. Call comment managers get-comments with entryId, className, group id, start 0 and end 20 at /comment.commentmanagerjsonws/get-comments (same problem using the screens plugin API)
      6. Result: Admin gets view permission exception : 
        "User 0 must have VIEW permission for com.liferay.blogs.kernel.model.BlogsEntry 30089"
      1. Navigate in browser to asset publisher and click on new blog entry
      2. Execute 5. again
      3. Result: 
        []
        

        Attachments

          Activity

            People

            Assignee:
            joyce.wang Joyce Wang
            Reporter:
            irmo.timmann Irmo Timmann
            Participants of an Issue:
            Recent user:
            Rubén Heras
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              2 years, 34 weeks, 5 days ago

                Packages

                Version Package
                7.0.X