Fórum

  1. Início
  2. Development
  3. Problem: User Guest can edit portlets configuration but he shouldn't

Problem: User Guest can edit portlets configuration but he shouldn't

Sandra Ferreira, modificado 8 Anos atrás.

Problem: User Guest can edit portlets configuration but he shouldn't

New Member Postagens: 15 Data de Entrada: 06/03/15 Postagens Recentes
Hello.

I'm relatively new at liferay and I'm facing what I think to be a strange problem. The problem is the following:

I created a site, created some users organizations and roles, and everything seems to be working fine with that and their permissions. The problem is that the user Guest (default from Liferay) has permission to see portlet configuration (eg: asset publisher, web content display) and even to edit that configuration. I think that I haven't touched that user's configuration before the problem has been detected.

Looking now at Guest permissions in Control Panel (Control Panel -> Roles -> Guest -> Define Permissions -> Site Administration -> Applications) the user has zero permissions for the portlets Asset Publisher and Web Content Display.


Control Panel -> Roles -> Guest -> Define Permissions -> Site Administration -> Applications
* Asset Publisher -> Application permissions: None
* Web Content Display -> Application permissions: None


Does anyone knows what can be the problem?

Thanks.
thumbnail
Juan Gonzalez, modificado 8 Anos atrás.

RE: Problem: User Guest can edit portlets configuration but he shouldn't

Liferay Legend Postagens: 3089 Data de Entrada: 28/10/08 Postagens Recentes
Hi Sandra,

what Liferay version are you using?

Do you have any web server/load balancer that requests are hitting before getting into Liferay server?
Sandra Ferreira, modificado 8 Anos atrás.

RE: Problem: User Guest can edit portlets configuration but he shouldn't

New Member Postagens: 15 Data de Entrada: 06/03/15 Postagens Recentes
Hi,

sorry for the missing information.

I'm using liferay-portal-tomcat-6.2-ce-ga3 version.

Regarding the server/load balancer question, I have an Apache serving the site. But it the problem was a server/load balancer, the configuration page could be incorrectly displayed, but it would never allow to change the configuration, right? I'm saying this because, as an anonymous user, I can change the portlet configuration and save it.
thumbnail
Juan Gonzalez, modificado 8 Anos atrás.

RE: Problem: User Guest can edit portlets configuration but he shouldn't

Liferay Legend Postagens: 3089 Data de Entrada: 28/10/08 Postagens Recentes
Hi Sandra,

I was asking as there is a chance that some pages can be cached by some front server/load balancer. Is this possible in your case?
Sandra Ferreira, modificado 8 Anos atrás.

RE: Problem: User Guest can edit portlets configuration but he shouldn't

New Member Postagens: 15 Data de Entrada: 06/03/15 Postagens Recentes
No, I think there is not that chance.

I've only installed the liferay-tomcat bundle, plus an Apache that is not configured to make any cache.

I'll will try to make a test removing the Apache, and accessing directly to the tomcat. I will update this post when I get the result.

Do you think that the tomcat in the bundle can be the responsible? If so I don't know how to test it...
thumbnail
Jose Jimenez, modificado 8 Anos atrás.

RE: Problem: User Guest can edit portlets configuration but he shouldn't

Regular Member Postagens: 176 Data de Entrada: 23/08/12 Postagens Recentes
Hi Sandra,

that permissions could be granted directly in the page or in the portlet.

Take a look at edit page > permissions and check the permissions granted to the Role Guest, and also check the permissions in the specific portlet configuration.

Is this behaviour present in all the public pages?

Best regards,
Jose
Sandra Ferreira, modificado 8 Anos atrás.

RE: Problem: User Guest can edit portlets configuration but he shouldn't

New Member Postagens: 15 Data de Entrada: 06/03/15 Postagens Recentes
Yes, this behavior is present in all public pages.

I've attached to the ticket the permissions list of an example page and of an example portlet, that I've picked up from the site. But doesn't seem to be the problem...

In another test I've made, I saw that when I remove a proprietary Theme (that I've created) and use the Welcome Theme from Liferay, the portlet's configuration icons stop appearing to the anonymous users. Although title from the portlet still displaying the edit box when clicked.
In another machine, with the same proprietary Theme installed (using the .war), the problem does not occur (The configuration menu in the portlet is not displayed nor the title is clickable).
I don't know if this information helps to debug the problem or if it generate more confusion instead, but I hope it helps....

Anexos:

Sandra Ferreira, modificado 8 Anos atrás.

RE: Problem: User Guest can edit portlets configuration but he shouldn't

New Member Postagens: 15 Data de Entrada: 06/03/15 Postagens Recentes
Sandra Ferreira:
No, I think there is not that chance.

I've only installed the liferay-tomcat bundle, plus an Apache that is not configured to make any cache.

I'll will try to make a test removing the Apache, and accessing directly to the tomcat. I will update this post when I get the result.

Do you think that the tomcat in the bundle can be the responsible? If so I don't know how to test it...



I've performed the test accessing directly to the Tomcat (without the Apache) and the problem persists.
thumbnail
Jose Jimenez, modificado 8 Anos atrás.

RE: Problem: User Guest can edit portlets configuration but he shouldn't

Regular Member Postagens: 176 Data de Entrada: 23/08/12 Postagens Recentes
Hi Sandra.

May be you can debug the permissionChecker when the CONFIGURATION permission is checked for a portlet, and compare with the other environment in where the problem is not reproduced, this way you could understand the root cause of the behaviour.

I will look for and try to check if any configuration point is missed.

Best regards,

Jose
Sandra Ferreira, modificado 8 Anos atrás.

RE: Problem: User Guest can edit portlets configuration but he shouldn't

New Member Postagens: 15 Data de Entrada: 06/03/15 Postagens Recentes
Jose Jimenez:
Hi Sandra.

May be you can debug the permissionChecker when the CONFIGURATION permission is checked for a portlet, and compare with the other environment in where the problem is not reproduced, this way you could understand the root cause of the behaviour.

I will look for and try to check if any configuration point is missed.

Best regards,

Jose


Hi.

I'm trying to debug the permissionChecker but I found out that the configuration menu is rendered by the Theme in the portlet.vm using the "$theme.portletIconOptions()" method.
As I mentioned, I'm new at Liferay, sorry. Can you help me find out where can I debug this function? I'm having difficulties discovering where this method is being instantiated / implemented.

Meanwhile, I've tested permissions on the portlet's content configuration menu ("common/themes/portlet.jsp") and I've found out the following differences between the working environment and the problem one:
portletDisplay.isShowCloseIcon(): true (false in the working environment)
portletDisplay.isShowConfigurationIcon(): true (false in the working environment)
portletDisplay.isShowExportImportIcon(): true (false in the working environment)
portletDisplay.isShowPortletCssIcon(): true (false in the working environment)

I don't know if this helps, but...
thumbnail
Jose Jimenez, modificado 8 Anos atrás.

RE: Problem: User Guest can edit portlets configuration but he shouldn't

Regular Member Postagens: 176 Data de Entrada: 23/08/12 Postagens Recentes
Hi Sandra,

There is another possibility, roles can be added directly to a site, take a look in all the roles and check that they are not assigned to your site From Roles > Editing "your admin role" > Assign > Sites

Also you can take a look if there are some information in the table groups_roles filtering by your site groupId, this table stores that information. If a role is assigned to a site, any user (including guest) will have that role.

Best regards
Sandra Ferreira, modificado 8 Anos atrás.

RE: Problem: User Guest can edit portlets configuration but he shouldn't

New Member Postagens: 15 Data de Entrada: 06/03/15 Postagens Recentes
Hi.

Thanks for the help.

Actually this seems to be the problem. I have a role with some administration permissions and I have assigned my site to that role's members list (i din't knew that the guest user would inherit that role's permissions). Now I've removed that assignment and the portlets are no longer displaying the interface configuration to the guest user. I'm having some problem with images permissions though (some images stop appearing in the site after my correction), but I'm trying to figure that out.

Thanks again.


Jose Jimenez:
Hi Sandra,

There is another possibility, roles can be added directly to a site, take a look in all the roles and check that they are not assigned to your site From Roles > Editing "your admin role" > Assign > Sites

Also you can take a look if there are some information in the table groups_roles filtering by your site groupId, this table stores that information. If a role is assigned to a site, any user (including guest) will have that role.

Best regards
thumbnail
Jose Jimenez, modificado 8 Anos atrás.

RE: Problem: User Guest can edit portlets configuration but he shouldn't

Regular Member Postagens: 176 Data de Entrada: 23/08/12 Postagens Recentes
You are welcome!

For the image permissions take in account that you can manage the permissions directly in some of the folders in where the images are placed if you have the default value for the next property:


    # Set the following to true to automatically check the view permission on
    # parent categories or folders when checking the permission on a specific
    # item.
    #
    # For example, if set to true, to be able to have access to a document,
    # a user must have the view permission on the document's folder and all its
    # parent folders. Or, to have access to a comment, a user must have the view
    # permission on the comments's category and all its parent categories.
    #
    permissions.view.dynamic.inheritance=true


Take in account that the property applies to other elements structured in folders as boomarks or web contents.

Best regards