Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-79912

Power User can create blogs comments after permissions are removed

    Details

      Description

      Steps to reproduce:

      1. Create new user PowerUser
      2. Assign Power User role to new user
      3. Create new page
      4. Add blogs portlet to new page
      5. Create new blog Test Blog
      6. Add comment to Test Blog
      7. In Test Blog permissions menu, uncheck all users but Owner from Add Discussion and Update Discussion
      8. Log out
      9. Log in as PowerUser
      10. Navigate to Test Blog

      Expected Result
      Power User is able to see comments but unable to add, edit, or delete comments

      Actual Result
      Power User is able to add, edit, and delete comments

      Reproduced on
      Tomcat 9.0.6 / MySQL 5.7.21
      Master Portal ID: c5804eda0dc766bae6e219ad937e574f086dacfd

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              brian.chan Brian Chan
              Reporter:
              austin.bennett Austin Bennett (Inactive)
              Participants of an Issue:
              Recent user:
              Jason Pince
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                3 years, 20 weeks, 3 days ago

                  Packages

                  Version Package
                  7.1.0 Beta 1
                  7.1.X
                  Master