-
Type:
Bug
-
Status: Closed
-
Resolution: No Longer Reproducible
-
Affects Version/s: 7.0.3 CE GA4
-
Fix Version/s: 7.0.X
-
Component/s: Application Security > Permissions, Blogs, Comments, Web Services > JSON WS
-
Labels:None
-
Story Points:1
-
Fix Priority:4
-
OS:Windows 10
-
JDK:Oracle Sun JDK 8
-
Application Servers:Apache Tomcat 8.0.x
-
Browsers:Chrome (latest)
-
Databases:SQL Server 2012
When I create a new blog entry inside a new Liferay 7.0.3 CE GA4 tomcat default environement to be displayed inside an asset publisher with configured ratings, comments usage and saved configuration, I get view permission errors when requesting the comments of the entry using the JSON API at
/comment.commentmanagerjsonws/get-comments or
/screens.screenscomment/get-comments/screens.screenscomment/get-comments
When manually visiting the entry inside the browser, the error is not shown again on execution. Independently of which user and user role (user, admin) is viewing the entry in browser and who is making the JSON requests. In Liferay Portal 7.0 CE GA3 this error didn't happen.
My question asked at Liferay forum for reference: [Liferay Forum|https://web.liferay.com/de/community/forums/-/message_boards/message/91623982
Steps to reproduce:
- Install liferay 7.0.3 ga4 bundled with tomcat, use default configuration and admin and login as admin etc..
- Add asset publisher to main page, configure to use ratings and comments, save configuration
- Add a blog entry with dummy text.
- Navigate to the JSON api and fetch all group entries at http://localhost:8080/api/jsonws/blogsentry/get-group-entries
- Call comment managers get-comments with entryId, className, group id, start 0 and end 20 at /comment.commentmanagerjsonws/get-comments (same problem using the screens plugin API)
- Result: Admin gets view permission exception :
"User 0 must have VIEW permission for com.liferay.blogs.kernel.model.BlogsEntry 30089"
- Navigate in browser to asset publisher and click on new blog entry
- Execute 5. again
- Result:
[]
