Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-99173

Recent Bloggers portlet shows link to inaccessible content

    Details

      Description

      Steps to reproduce:

      1. Create "SiteH" with private page
      2. Place a Recent Bloggers portlet on this page
      3. Place a Blogs portlet on this page
      4. Create a Site called "Breaker" with a private page
      5. Place a Blogs portlet on the page
      6. Create two users: userU and userB.
      7. Add userU and userB as members of "siteH"
      8. Add userB as a Site Owner for "SiteH"
      9. Add userB as member of "Breaker" (but don't add userU)
      10. Set userB as Site Owner for "Breaker"
      11. Log in with userB
      12. Go to site "Breaker" and add a Blog entry
      13. Go back to "siteH"

      CHECK POINT: Recent Bloggers shows userB in the list with a link to the blog entry created. UserB can click on the link and see the content.

      14. Log in with userU

      Expected behavior: Recent Bloggers shouldn't show userB in the list with a link to the blog entry if UserU has no VIEW permission to that entry
      Actual behavior: Recent Bloggers shows userB in the list with a link to the blog entry created. UserU can click on the link, but cannot access the content.

        Attachments

          Activity

            People

            Assignee:
            jeremy.chen Jeremy Chen
            Reporter:
            istvan.dezsi Istvan Dezsi
            Participants of an Issue:
            Recent user:
            Joel Garman
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              1 year, 49 weeks, 2 days ago

                Packages

                Version Package
                7.0.0 DXP FP86
                7.0.10.12 DXP SP12
                7.0.X
                7.1.10 DXP FP14
                7.1.X
                7.2.10 DXP FP2
                7.2.10.1 DXP SP1
                7.2.1 CE GA2
                7.2.X
                7.3.10 DXP GA1
                Master