Details
-
Type:
Regression Bug
-
Status: Verified
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 2.1.X EE
-
Labels:
-
Environment:Tomcat 7.0.27 + MySQL 5. Portal 6.1.20 EE GA2.
Plugins 6.1.x EE GIT ID: 62cbe21f994e1a88e1802991b91d9b252e750286.
Tomcat 7.0.40 + MySQL 5. Portal 6.1.30 EE GA3.
Plugins 6.1.x EE GIT ID: 62cbe21f994e1a88e1802991b91d9b252e750286.
-
Fix Priority:4
-
Affects Portal Version/s:6.1.30 EE GA3, 6.1.20 EE GA2
Description
Here are the steps to reproduce:
1. Add an SO user and add that user as a connection
2. Add a Private or Private Restricted SO site
3. Add and update the wiki FrontPage of the site
4. Sign out and sign as the SO user
5. Go to Dashboard -> Activities
Expected result:
The user should not be able to see the wiki activity
Actual result:
The user will see the wiki activity along with the site name (Private Sites should not be visible to non-members)
The user will not be able to access the site.
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
Tested in 3.x ee (7cb9d4a27d90b001525e6c1ae304eaf8ac90dfe3) can't reproduce it
Following up on Sherry and Jonathan's comments for 3.x ee:
This behavior looks like it is only reproducible in 3.x ee IF you add the guest view permission to the Wiki Page asset upon creation (See Jon's comment). If guest view is not enabled on the Wiki page, then everything works as expected.
If the guest view permission is set however, this leads to the odd behavior where a guest can see the Wiki activity in the Activities portlet, but they cannot view the Wiki activity on the site because the site itself is private or restricted.
This is related to several other issues in SO and currently a fix would override portal behavior. We need to tackle this as a larger permission story, possibly in core portal, to ensure that the user expectations, whether end user or admin/IT, are met consistently throughout the product.
Backlogging as this will not make the cut-off for this release. We will revisit this in a future release. Fix value should remain high.