PUBLIC - Liferay Portal Community Edition

InlineSQLHelperUtil does not take ResourcePermission.scope=3 into account when retrieving DLFolders in a community site and, so , does'nt not work when role Member have default VIEW permission on DLFolders.

Details

  • Similar Issues:
    Show 5 results 

Description

Case :
1-As Portal Admin
Define default permissions VIEW on "Community member" for DocumentLibray.
2-As Community Owner
Create a folder in a community Doc Lib, setting "share with community member" permissions.
3-As community member
OK => If you connect as a community member, you'll see the folder
4-Now, as community Owner, edit permissions for the folder and just save it (even without modifying anything)
5-As Commununity member
KO => the folder is no more viewable !

The reason of this is that the doclib portlet view use DLFolderServiceUtil.getFolders that itself call a persitence method (filterFindByG_P) that inject an INNER JOIN on ResourcePermission via InlineSQLHelperUtil :

Sample :
---------------
//Role "Member of Comm" is 10144
SELECT DISTINCT dlFolder.parentFolderId, dlFolder.name
FROM DLFolder dlFolder
INNER JOIN ResourcePermission
ON (
(dlFolder.userId = 21909)
OR (ResourcePermission.companyId = 10132)
AND (ResourcePermission.name = 'com.liferay.portlet.documentlibrary.model.DLFolder')
AND (ResourcePermission.roleId IN (0,10142,10144)) AND (MOD(ResourcePermission.actionIds, 2) = 1)
AND (
(
(ResourcePermission.scope = 1)
AND (ResourcePermission.primKey = '10132')
)
OR (
(ResourcePermission.scope = 2)
AND (ResourcePermission.primKey IN ('23001'))
)
OR (
(ResourcePermission.scope = 4)
AND (ResourcePermission.primKey = CAST(dlFolder.folderId AS text))
)
)
)
WHERE dlFolder.groupId = 23001
AND dlFolder.parentFolderId = 24106
ORDER BY dlFolder.parentFolderId ASC, dlFolder.name ASC

--------------

This SQL Statement does not take the case of permissions VIEW defined on "Community member" Rôle.
In RessourcePermission table, we have this data for roleId "community member" :
name="com.liferay.portlet.documentlibrary.model.DLFolder"; scope=3;primkey="0";roleid=10144;actionids=31 (or any bitwised value with mod=1; that is ID for action VIEW)

So InlineSQLHelperUtil is not enough ...

----------------

As a workaround, we can use DLFolderLocalServiceUtil.getFolders() instead of DLFolderServiceUtil.getFolders() in the view.jsp, it goes to a persistence method (filterFindByG_P) that does not use InlineSQLHelperUtil, and so the folders are visible... but for everyone...

So, why not implement (or extend) a Service Method that use this last one, with a classic permissionChecker check, as it is done in the method DLFolderServiceUtil.getFolder() used to get ONE folder ?

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Christophe Cariou added a comment -

this issue is related I think : LPS-16478 (put that there because I don't find the "link to" action in the "More actions" menu...)

Show
Christophe Cariou added a comment - this issue is related I think : LPS-16478 (put that there because I don't find the "link to" action in the "More actions" menu...)
Hide
Permalink
Aniceto P Madrid added a comment -

Christophe

Can you check if this still happens in 6.2.0m4?

Thanks

Show
Aniceto P Madrid added a comment - Christophe Can you check if this still happens in 6.2.0m4? Thanks
Hide
Permalink
Aniceto P Madrid added a comment -

This is no longer reproducible in 6.2.0m4, replacing community by site, because community is no longer in 6.2.0m4.
I suggest to close this issue

Show
Aniceto P Madrid added a comment - This is no longer reproducible in 6.2.0m4, replacing community by site, because community is no longer in 6.2.0m4. I suggest to close this issue

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
    Days since last comment:
    10 weeks, 5 days ago