Uploaded image for project: 'PUBLIC - Liferay Social Office Community Edition'
  1. PUBLIC - Liferay Social Office Community Edition
  2. SOS-961

Regular users should not be able to view a connection's calendar event unless they are able to access the event in detail

    Details

      Description

      A regular user is able to view a connections' personal calendar event under Activities but when clicking on the link to the Calendar event, the user is taken to an error page. This is due to the fact that a regular user doesn't have permission to access a connections' dashboard page where the event is located. If the regular user does not have permission to access the event's details, a link to the event under activities should not be visible.

      Here are the steps to reproduce the original issue:

      1. Add a regular Social Office user named User 1
      2. Add another regular Social Office user named User 2
      3. Sign out
      4. Sign in as User 1
      5. Add User 2 as a connection
      6. Sign out as User 1
      7. Sign in as User 2
      8. Confirm the connection with User 1
      9. Sign out as User 2
      10. Sign in as User 1
      11. Go to dashboard
      12. Add a new page
      13. Add a Calendar portlet
      14. Add an event
      15. Sign out as User 1
      16. Sign in as User 2
      17. Go to dashboard
      18. Under Activities, click on the new event created by User 1
      19. The user is taken to an error page.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                eduardo.lundgren Eduardo Lundgren
                Reporter:
                ken.duenwald Ken Duenwald
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: