Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-84236

A user without UPDATE permission can navigate to the edit view for a password policy

    Details

      Description

      Steps to reproduce:

      • Create a Regular Role named "Password Policy Administrator"
      • "Define Permissions" with the following "Users->Password Policies" permissions:
        Password Policies->GENERAL PERMISSIONS->Access in Control Panel
        Password Policies->GENERAL PERMISSIONS->View
        Password Policies->PASSWORD POLICY->Assign Members
        Password Policies->PASSWORD POLICY->View
        (Note: Does NOT have "Update" permission)
      • Assign this role to an otherwise unprivileged user and log in as this user
      • Navigate to "Control Panel->Users->Password Policies"

      • Click "Default Password Policy" to navigate to the "Edit Password Policy" URL

      Actual Result: You navigate to the "Edit Password Policy" URL
      Expected Result: There is no RowURL, so you cannot navigate to the "Edit Password Policy" URL


      • On the "Password Policies" page, click on the Action Item Menu for "Default Password Policy" and click "Assign Members"
      • Look at the "Details" tab next to the "Assignees" tab

      Actual Result: There is no "Details" tab
      Expected Result: There is a "Details" tab

        Attachments

          Activity

            People

            • Assignee:
              brian.chan Brian Chan
              Reporter:
              samuel.tran Samuel Tran
              Participants of an Issue:
              Recent user:
              Csaba Turcsan
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 10 weeks, 5 days ago

                Packages

                Version Package
                7.1.1 CE GA2
                7.1.X
                Master