LPS-134264 Ensure that the groups are filtered even if a userId is no…

…t passed in. With this users who can update other users can no longer see all sites when assigning users to sites.
liferay-echo · Jun 16, 2021 · 648dba9 · 648dba9
1 parent 8b295a4
commit 648dba9
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 23 deletions.
diff --git a/...java/com/liferay/site/browser/web/internal/display/context/SiteBrowserDisplayContext.java b/...java/com/liferay/site/browser/web/internal/display/context/SiteBrowserDisplayContext.java
@@ -496,6 +496,9 @@ else if (filterManageableGroups) {
 
 			_groupParams.put("usersGroups", user.getUserId());
 		}
+		else {
+			_groupParams.put("actionId", ActionKeys.ASSIGN_MEMBERS);
+		}
 
 		_groupParams.put("site", Boolean.TRUE);
 

diff --git a/portal-impl/src/com/liferay/portal/service/impl/GroupLocalServiceImpl.java b/portal-impl/src/com/liferay/portal/service/impl/GroupLocalServiceImpl.java
@@ -4313,7 +4313,13 @@ protected Collection<Group> doSearch(
 			groups.retainAll(rolePersistence.getGroups(roleId));
 		}
 
+		String actionId = (String)params.remove("actionId");
+
 		if (userId == null) {
+			if (actionId != null) {
+				return _filterGroups(actionId, groups);
+			}
+
 			return groups;
 		}
 
@@ -4357,30 +4363,8 @@ protected Collection<Group> doSearch(
 			}
 		}
 
-		String actionId = (String)params.remove("actionId");
-
 		if (actionId != null) {
-			PermissionChecker permissionChecker =
-				PermissionThreadLocal.getPermissionChecker();
-
-			for (Group group : groups) {
-				try {
-					if (permissionChecker.isGroupAdmin(group.getGroupId()) ||
-						GroupPermissionUtil.contains(
-							permissionChecker, group.getGroupId(), actionId)) {
-
-						joinedGroups.add(group);
-					}
-				}
-				catch (PortalException portalException) {
-					if (_log.isWarnEnabled()) {
-						_log.warn(
-							"Unable to check permission for group " +
-								group.getGroupId(),
-							portalException);
-					}
-				}
-			}
+			joinedGroups.addAll(_filterGroups(actionId, groups));
 		}
 
 		if (_log.isDebugEnabled() && !params.isEmpty()) {
@@ -5214,6 +5198,36 @@ protected void validateRemoteGroup(
 
 	protected File publicLARFile;
 
+	private Collection<Group> _filterGroups(
+		String actionId, Collection<Group> groups) {
+
+		Collection<Group> filteredGroups = new HashSet<>();
+
+		PermissionChecker permissionChecker =
+			PermissionThreadLocal.getPermissionChecker();
+
+		for (Group group : groups) {
+			try {
+				if (permissionChecker.isGroupAdmin(group.getGroupId()) ||
+					GroupPermissionUtil.contains(
+						permissionChecker, group.getGroupId(), actionId)) {
+
+					filteredGroups.add(group);
+				}
+			}
+			catch (PortalException portalException) {
+				if (_log.isWarnEnabled()) {
+					_log.warn(
+						"Unable to check permission for group " +
+							group.getGroupId(),
+						portalException);
+				}
+			}
+		}
+
+		return filteredGroups;
+	}
+
 	private Map<Locale, String> _normalizeNameMap(Map<Locale, String> nameMap) {
 		Map<Locale, String> normalizedNameMap = new HashMap<>();