[SOS-1796] Super Admins are able to access pages of Private and Private Restricted Sites that they do not own by way of activities - Liferay Issues

Details

Type: Bug
Status: Closed
Resolution: Won't Fix
Affects Version/s: 2.1.X EE
Fix Version/s: 2.1.X CE, 2.1.X EE
Component/s: Social Office Dashboard, Social Office Dashboard > Activities, Social Office Dashboard > Sites
Labels:
None
Environment:
Tomcat 7.0.27 + MySQL 5. Portal 6.1.20 EE GA2.
Plugins 6.1.x EE GIT ID: 2c780cef4de8abfa204ef5887ff301665a718f07.
Tomcat 7.0.40 + MySQL 5. Portal 6.1.30 EE GA3.
Plugins 6.1.x EE GIT ID: 2c780cef4de8abfa204ef5887ff301665a718f07.

Description

Here are the steps to reproduce:

1. Add an SO user and add the user as a connection
2. Sign out and sign in as the new user
3. Have the new user add a private site or private restricted site; add a calendar event to the site
4. Sign out and sign in as Joe Bloggs
5. Go to Activities

Expected Result:
The activity from the site should NOT be visible

Actual Result:
The user's calendar event will be visible along with a link to the site. Clicking on the link to the site will also take Joe Bloggs to a full view of the site pages

This does not occur if the steps are taking place between regular users. This only occurs with the super admin and a regular user.

Attachments

Activity

People

Assignee:

Jonathan Lee

Reporter:

Ken Duenwald

Participants of an Issue:

Jonathan Lee, Ken Duenwald

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

23/Sep/13 3:00 PM

Updated:

24/Sep/13 11:44 AM

Resolved:

24/Sep/13 11:44 AM

Days since last comment:

5 years, 35 weeks, 3 days ago