[LPS-81544] Guest user can seemingly check in/check out any asset without permissions - Liferay Issues

XML

Word

Printable

Details

Type: Regression Bug
Status: Closed
Resolution: Fixed
Affects Version/s: Master
Fix Version/s: 7.1.0 Beta 3, 7.1.X, Master
Component/s: Documents & Media
Labels:
None

Fix Priority:
4
Sprint:
003 - Venusaur
Git Pull Request:
https://github.com/brianchandotcom/liferay-portal/pull/59152

Description

Steps to reproduce:

Add a DM portlet to site page
Enable actions for documents
Add a couple of assets, granting only VIEW permissions to guest
Log out
As guest, assert assets can be viewed

Expected result:
Assets can be viewed but cannot be checked in or checked out.

Actual result:
Assets can be viewed but can be checked in/checked out using the management toolbar.

While checking in/checking out any asset results in a success message, the asset is not actually checked in.

Reproduced on:
Tomcat 9.0.7 + MySQL 5.7.
Portal master GIT ID: d3c3dc6e3afd69606cbe2ad1f9642c1066ac756d

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

guest_folder_edit.gif
438 kB
26/May/18 9:29 PM

Issue Links

is caused by

LPS-80969 Soy template warning thrown when accessing Collaboration apps

Closed

Activity

People

Assignee:: Austin Chiang

Reporter:: Austin Chiang

Participants of an Issue:: Austin Chiang

Recent user:: Jason Pince

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 26/May/18 9:27 PM

Updated:: 02/Jul/18 2:07 PM

Resolved:: 28/May/18 9:16 AM

Days since last comment:: 3 years, 51 weeks, 2 days ago

Packages

Version	Package
7.1.0 Beta 3
7.1.X
Master