PUBLIC - Liferay Social Office Community Edition
  1. PUBLIC - Liferay Social Office Community Edition
  2. SOS-961

Regular users should not be able to view a connection's calendar event unless they are able to access the event in detail

    Details

    • Business Value:
      5
    • Similar Issues:
      Show 5 results 

      Description

      A regular user is able to view a connections' personal calendar event under Activities but when clicking on the link to the Calendar event, the user is taken to an error page. This is due to the fact that a regular user doesn't have permission to access a connections' dashboard page where the event is located. If the regular user does not have permission to access the event's details, a link to the event under activities should not be visible.

      Here are the steps to reproduce the original issue:

      1. Add a regular Social Office user named User 1
      2. Add another regular Social Office user named User 2
      3. Sign out
      4. Sign in as User 1
      5. Add User 2 as a connection
      6. Sign out as User 1
      7. Sign in as User 2
      8. Confirm the connection with User 1
      9. Sign out as User 2
      10. Sign in as User 1
      11. Go to dashboard
      12. Add a new page
      13. Add a Calendar portlet
      14. Add an event
      15. Sign out as User 1
      16. Sign in as User 2
      17. Go to dashboard
      18. Under Activities, click on the new event created by User 1
      19. The user is taken to an error page.

        Issue Links

          Activity

          Hide
          Ken Duenwald added a comment -

          Changing ticket from bug to improvement.

          Show
          Ken Duenwald added a comment - Changing ticket from bug to improvement.
          Hide
          Evan Thibodeau added a comment -

          I attached a PDF that includes my analysis of the issue and a possible solution. I think the next step is for program management to review the analysis and decide what the best course of action is.
          Thanks

          Show
          Evan Thibodeau added a comment - I attached a PDF that includes my analysis of the issue and a possible solution. I think the next step is for program management to review the analysis and decide what the best course of action is. Thanks

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Days since last comment:
                2 years, 19 weeks, 3 days ago

                Development

                  Structure Helper Panel