-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.0.X, 7.1.X, 7.2.X, Master
-
Fix Version/s: 7.0.0 DXP FP86, 7.0.10.12 DXP SP12, 7.0.X, 7.1.10 DXP FP14, 7.1.X, 7.2.10 DXP FP2, 7.2.10.1 DXP SP1, 7.2.1 CE GA2, 7.2.X, 7.3.10 DXP GA1, Master
-
Component/s: Blogs
-
Branch Version/s:7.2.x, 7.1.x, 7.0.x
-
Backported to Branch:Committed
-
Story Points:1
-
Fix Priority:3
-
Sprint:032 - Nidoran
-
Git Pull Request:
Steps to reproduce:
1. Create "SiteH" with private page
2. Place a Recent Bloggers portlet on this page
3. Place a Blogs portlet on this page
4. Create a Site called "Breaker" with a private page
5. Place a Blogs portlet on the page
6. Create two users: userU and userB.
7. Add userU and userB as members of "siteH"
8. Add userB as a Site Owner for "SiteH"
9. Add userB as member of "Breaker" (but don't add userU)
10. Set userB as Site Owner for "Breaker"
11. Log in with userB
12. Go to site "Breaker" and add a Blog entry
13. Go back to "siteH"
CHECK POINT: Recent Bloggers shows userB in the list with a link to the blog entry created. UserB can click on the link and see the content.
14. Log in with userU
Expected behavior: Recent Bloggers shouldn't show userB in the list with a link to the blog entry if UserU has no VIEW permission to that entry
Actual behavior: Recent Bloggers shows userB in the list with a link to the blog entry created. UserU can click on the link, but cannot access the content.