Resolution: No Longer Reproducible
Affects Version/s: 6.0.6 GA
Fix Version/s: 6.2.0 CE M4
Environment:LPS 6.0.6 / PotgresQL|Oracel / Win32/Linux
Permission Algo 6
Similar Issues:Show 5 results
LPS-33393 New entry in DLFolder table will be added while viewing for the first time a mb message/thread that does not have any attachments LPS-30938 Structures/templates should not have guest & site member view permission by default LPS-31586 As a users I should be able to VIEW system roles by default so that I can assign permissions to them when creating a content LPS-29677 As a site administrator I should be able to define the roles and teams the users will have when becoming members of his site LPS-15497 Custom organization roles do not take effect for document library view
1-As Portal Admin
Define default permissions VIEW on "Community member" for DocumentLibray.
2-As Community Owner
Create a folder in a community Doc Lib, setting "share with community member" permissions.
3-As community member
OK => If you connect as a community member, you'll see the folder
4-Now, as community Owner, edit permissions for the folder and just save it (even without modifying anything)
5-As Commununity member
KO => the folder is no more viewable !
The reason of this is that the doclib portlet view use DLFolderServiceUtil.getFolders that itself call a persitence method (filterFindByG_P) that inject an INNER JOIN on ResourcePermission via InlineSQLHelperUtil :
//Role "Member of Comm" is 10144
SELECT DISTINCT dlFolder.parentFolderId, dlFolder.name
FROM DLFolder dlFolder
INNER JOIN ResourcePermission
(dlFolder.userId = 21909)
OR (ResourcePermission.companyId = 10132)
AND (ResourcePermission.name = 'com.liferay.portlet.documentlibrary.model.DLFolder')
AND (ResourcePermission.roleId IN (0,10142,10144)) AND (MOD(ResourcePermission.actionIds, 2) = 1)
(ResourcePermission.scope = 1)
AND (ResourcePermission.primKey = '10132')
(ResourcePermission.scope = 2)
AND (ResourcePermission.primKey IN ('23001'))
(ResourcePermission.scope = 4)
AND (ResourcePermission.primKey = CAST(dlFolder.folderId AS text))
WHERE dlFolder.groupId = 23001
AND dlFolder.parentFolderId = 24106
ORDER BY dlFolder.parentFolderId ASC, dlFolder.name ASC
This SQL Statement does not take the case of permissions VIEW defined on "Community member" Rôle.
In RessourcePermission table, we have this data for roleId "community member" :
name="com.liferay.portlet.documentlibrary.model.DLFolder"; scope=3;primkey="0";roleid=10144;actionids=31 (or any bitwised value with mod=1; that is ID for action VIEW)
So InlineSQLHelperUtil is not enough ...
As a workaround, we can use DLFolderLocalServiceUtil.getFolders() instead of DLFolderServiceUtil.getFolders() in the view.jsp, it goes to a persistence method (filterFindByG_P) that does not use InlineSQLHelperUtil, and so the folders are visible... but for everyone...
So, why not implement (or extend) a Service Method that use this last one, with a classic permissionChecker check, as it is done in the method DLFolderServiceUtil.getFolder() used to get ONE folder ?