Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-87933

InlineSQLHelperImpl doesn't honor Site Admin for multiple groupIds

    Details

      Description

      Cannot be easily tested.


      Similar to LPS-65802.

      InlineSQLHelperImpl fails to generate valid SQL when using multiple group ids (e.g. current + global or parent + child) where current user is not Site Admin in all of them.

      The generated permission SQL got broken by LPS-69516 that removed "groupId in (...)" during refactoring and for every group where user is admin adds: "((ResourcePermission.primKeyId = 0) AND (ResourcePermission.roleId = ownerRole))" which makes no sense and grants no additional permission for site admin ... https://github.com/liferay/liferay-portal/blob/0bf0f11fe8457b771833633ff156ff726e163d88/modules/apps/portal-security/portal-security-permission-impl/src/main/java/com/liferay/portal/security/permission/internal/InlineSQLHelperImpl.java#L542-L563

      The integration test to guard this bug added in LPS-65802 doesn't work because it disables inline permission check by using two SAME groupIds, the user is site admin in both: https://github.com/liferay/liferay-portal/blob/6256325a2659ff801c0ca6ec3b6de0e6b7290c46/modules/apps/dynamic-data-mapping/dynamic-data-mapping-test/src/testIntegration/java/com/liferay/dynamic/data/mapping/service/test/DDMStructureServiceTest.java#L259

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  1 year, 33 weeks, 3 days ago

                  Packages

                  Version Package
                  Master