aspose file tools*
The moose likes Portals and Portlets and the fly likes Issues in Portlet and Page permission Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Portals and Portlets
Bookmark "Issues in Portlet and Page permission" Watch "Issues in Portlet and Page permission" New topic
Author

Issues in Portlet and Page permission

Vinu Neelambaran
Greenhorn

Joined: Nov 22, 2010
Posts: 3
Hi

I'm facing some issues in Portlet and Page permission, please help..



- Logged-in as admin user

- Created a role named "Test Role"

- Created a user named "Katy"

- Assigned "Test Role" to Katy. Removed Power User role.

- I have created a page named "Dashboard" and provided the 'View' permission thru' Manage > Page > Permissions to 'Test Role'

- Added a portlet named "My Test Portlet" to the dashboard page

- Clicked on "Configuration" button in the title bar of the portlet. Assigned 'View' permission to "Test Role"

- User Katy logged-in, she was able to view the "My Test Portlet". This is fine.

- Again logged-in as admin user, using the configuration button of "My Test Portlet" removed the "View" permission from "Test Role"

- User katy logged-in, she was shown the error message "Access denied". This is fine.

- Logged-in as admin user and the page permission of "Dashboard" was changed to "Update"

- User Katy logs-in and she is able to view the "My Test Portlet" which is not correct.



Even though there is no view permission for "Test Role", Katy was able to access the portlet because the page permission has "Update". This means portlet permission is overridden by page permission which is incorrect. Please let me know if I have done anything wrong.



I'm using Liferay CE 6.0.4.


Thanks,
Vinu
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Issues in Portlet and Page permission
 
Similar Threads
Assigning Portlet permission to a Role
[Liferay] Protect portlet
Removing of the JBOSS Catch for Custom Login Module when Roles changes
tomcat6-admin
Spring security in same project by two separate user entities(Customer & User table)