[SOS-1809] Regular users are able to view Private and Private Restricted site wiki activities if they are connected to or following a member of that site - Liferay Issues

Details

Type: Regression Bug
Status: Verified
Priority: Major
Resolution: Unresolved
Affects Version/s: 2.1.X EE
Fix Version/s: 2.1.X CE, 2.1.X EE
Component/s: Social Office Dashboard, Social Office Dashboard > Activities, Social Office Dashboard > Sites
Labels:
- permissions_so
Environment:
Tomcat 7.0.27 + MySQL 5. Portal 6.1.20 EE GA2.
Plugins 6.1.x EE GIT ID: 62cbe21f994e1a88e1802991b91d9b252e750286.
Tomcat 7.0.40 + MySQL 5. Portal 6.1.30 EE GA3.
Plugins 6.1.x EE GIT ID: 62cbe21f994e1a88e1802991b91d9b252e750286.

Fix Priority:
4
Affects Portal Version/s:

6.1.30 EE GA3, 6.1.20 EE GA2

Description

Here are the steps to reproduce:

1. Add an SO user and add that user as a connection
2. Add a Private or Private Restricted SO site
3. Add and update the wiki FrontPage of the site
4. Sign out and sign as the SO user
5. Go to Dashboard -> Activities

Expected result:
The user should not be able to see the wiki activity

Actual result:
The user will see the wiki activity along with the site name (Private Sites should not be visible to non-members)

The user will not be able to access the site.

Attachments

Activity

People

Assignee:

SE Support

Reporter:

Ken Duenwald

Participants of an Issue:

Christian Stokes, Ken Duenwald, SE Support, Sherry Yang, Vicki Tsang

Votes:

1 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

27/Sep/13 4:39 PM

Updated:

25/Jul/14 11:55 AM

Days since last comment:

3 years, 9 weeks ago