Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Dynamic Data List Permissioning not working correctly

Description

I created a Role and assigned a user to it.

If I grant no permissions to the role regarding dynamic data lists then impersonating the user it appears that I can still view the dynamic datalist. This is not correct.

Also then if I assign all permissions to dynamic data list through the role then impersonating the user, only the Add Record button appears. No Edit etc...

Finally if I revoke update privileges to owner of the dynamic data list the owner can still update a record in the datalist

Environment

Tomcat 7.0 + MySQL 5. 6.1.x Revision: 96407. Tomcat 7.0 + MySQL 5. 6.2.x Revision: 96407.

Activity

Show:

Cynthia WilburnMarch 12, 2012 at 2:02 PM

Reopening to add 6.1.1 CE GA2. Close as Fixed.

Luyang TanFebruary 9, 2012 at 6:53 PM
Edited

PASSED Manual Testing following the steps in my comment.

Fixed on:
Tomcat 7.0 + MySQL 5. 6.1.x GIT ID: 7ca618e28e1b85ffe92bf401a3e18f9c068dabe3.
Tomcat 7.0 + MySQL 5. 6.2.x GIT ID: c53464a46eea5079ce5d4399ac4d981a3474a9dc.

The user is no longer can see the dynamic data list display portlet.

Marcellus TavaresFebruary 8, 2012 at 9:59 AM

Hi Luyang, by default we set VIEW permission to guest users and site members but you could change that on the permission tab of the Dynamic Data Lists Display portlet.

Let me know if this help.

Luyang TanJanuary 18, 2012 at 12:03 AM

There are total two bugs in this ticket, one has fixed, but I can still reproduce the other one.
The fix one.
PASSED Manual Testing using the following steps:

1. Create a Role and assign a user to it.
2. Assign all permissions to dynamic data lists through the role then impersonating the user.
3. Remove the delete permission and view permission.

Reproduced on:
Tomcat 7.0 + MySQL 5. 6.2.x Git ID: 7a6ec7ac3df4baf72aa7d95fbf4c6c0416663d25.

When delete these two permissions, I can still delete and view the datalist.

Fixed on:
Tomcat 7.0 + MySQL 5. 6.1.x Git ID: 7e26a2966230f4b8579997cb89ce6aa9a25cbbef.
Tomcat 7.0 + MySQL 5. 6.2.x Git ID: 20dbb65c18e6b2c50bbd6986c8b3b7078f84e63b.

When delete these two permissions, I can only edit the datalist.

The fail one.
FAILED Manual Testing using the following steps:

1. Create a Role and assign a user to it.
2. Add dynamic data list display portlet to a page.
3. Grant no permissions to the role regarding dynamic data lists then impersonating the user.

Reproduced on:
Tomcat 7.0 + MySQL 5. 6.2.x GIT ID: 7a6ec7ac3df4baf72aa7d95fbf4c6c0416663d25.

It appears that the user can still view the dynamic data list display portlet.

Failed on:
Tomcat 7.0 + MySQL 5. 6.1.x GIT ID: 7e26a2966230f4b8579997cb89ce6aa9a25cbbef.
Tomcat 7.0 + MySQL 5. 6.2.x GIT ID: 20dbb65c18e6b2c50bbd6986c8b3b7078f84e63b.

In fix version, the user can still view the dynamic data list display portlet
(the user shouldn't see the portlet the same as guest user).

Michael SaechangJanuary 17, 2012 at 4:01 PM

Committed on:
6.1.x GIT ID: 0766ffd8a3eebe944c37aa0f82d801ca57634dc2.
6.2.x GIT ID: 5b5e826f89158db6130d80af7f4ab95b4f57288a.

Fixed

Details

Assignee

Reporter

Labels

Branch Version/s

6.1.x

Backported to Branch

Committed

Epic/Theme

Fix Priority

4

Git Pull Request

Components

Fix versions

Affects versions

Priority

Zendesk Support

Created October 19, 2011 at 9:09 AM
Updated June 24, 2023 at 3:46 PM
Resolved March 12, 2012 at 2:40 PM
Loading...