Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-82983

Single Asset Publishing - User without proper permissions can still publish web content articles to live

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Won't Fix
    • Affects Version/s: 7.1.X, Master
    • Fix Version/s: Master
    • Component/s: Staging
    • Labels:
    • Fix Priority:
      3

      Description

      The permission necessary for publishing a single asset to live is Sites: Export/Import Application Info

      Steps to reproduce:

      1. Enable staging
      2. Create a role and give the following permissions:
        1. Sites -> Everything except for "Export/Import Application Info"
        2. Web Content -> Everything
      3. Create a user and assign that role to the user
      4. Create a web content and try to publish it

      Expected result:
      The user should not have the option to publish that web content to live

      Actual result:
      The user is able to publish web content to live.

      This was not reproducible here (~6/21/18):
      Tomcat 9.0.6 + MySQL 5.7. Portal 7.1.x-private GIT ID: 55801a7ba2d0436b191cae0a1d22115a0eab83f0.

      However, I was able to reproduce this here (~6/26/18):
      Tomcat 9.0.6 + MySQL 5.7. Portal 7.1.x-private GIT ID: 7aa59e60fc5fe12eaec1ed33867679a1b77cc5c7.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  1 year, 27 weeks, 4 days ago

                  Packages

                  Version Package
                  Master