Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-86435

Check DL sharing permissions because right now is granting permissions under same cases it shouldn't

    Details

    • Type: Bug
    • Status: Verified
    • Resolution: Unresolved
    • Affects Version/s: Master
    • Fix Version/s: None
    • Component/s: Sharing
    • Labels:
    • Story Points:
      1
    • Fix Priority:
      4

      Description

      Documents and Media permissions will check whether the user has permission to do certain action on a file entry using this class com.liferay.sharing.document.library.internal.security.permission.resource.SharingEntryDLFileEntryModelResourcePermissionRegistrar

      As you can see in that class it will first check if the user has permission using the traditional document library roles permissioning system and if he dosn't have it, it will check if the document has been shared with the user with certain permissions.

       

      The traditional document library roles permission system is defined in com.liferay.document.library.internal.security.permission.resource.DLFileEntryModelResourcePermissionRegistrar and is checking based on staging and workflow for example.

      If staging is enabled or if the workflow is in process, the user should not have permission to do certain actions in live, even if the document has been shared with the user.

      We need to check where we perform the permission check. We should probably do it after staging/workflow and before DL permissions.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Days since last comment:
                21 weeks, 5 days ago