Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-81544

Guest user can seemingly check in/check out any asset without permissions

    Details

      Description

      Steps to reproduce:

      1. Add a DM portlet to site page
      2. Enable actions for documents
      3. Add a couple of assets, granting only VIEW permissions to guest
      4. Log out
      5. As guest, assert assets can be viewed

      Expected result:
      Assets can be viewed but cannot be checked in or checked out.

      Actual result:
      Assets can be viewed but can be checked in/checked out using the management toolbar.

      While checking in/checking out any asset results in a success message, the asset is not actually checked in.

      Reproduced on:
      Tomcat 9.0.7 + MySQL 5.7.
      Portal master GIT ID: d3c3dc6e3afd69606cbe2ad1f9642c1066ac756d

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                austin.chiang Austin Chiang
                Reporter:
                austin.chiang Austin Chiang
                Participants of an Issue:
                Recent user:
                Jason Pince
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  2 years, 10 weeks, 6 days ago

                  Packages

                  Version Package
                  7.1.0 Beta 3
                  7.1.X
                  Master