LPS-134264 Ensure that the groups are filtered even if a userId is no…

…t passed in. With this users who can update other users can no longer see all sites when assigning users to sites.
liferay-echo · Jun 15, 2021 · 7e02cff · 7e02cff
1 parent 8b295a4
commit 7e02cff
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 26 deletions.
diff --git a/...java/com/liferay/site/browser/web/internal/display/context/SiteBrowserDisplayContext.java b/...java/com/liferay/site/browser/web/internal/display/context/SiteBrowserDisplayContext.java
@@ -496,6 +496,9 @@ else if (filterManageableGroups) {
 
 			_groupParams.put("usersGroups", user.getUserId());
 		}
+		else {
+			_groupParams.put("actionId", ActionKeys.ASSIGN_MEMBERS);
+		}
 
 		_groupParams.put("site", Boolean.TRUE);
 

diff --git a/portal-impl/src/com/liferay/portal/service/impl/GroupLocalServiceImpl.java b/portal-impl/src/com/liferay/portal/service/impl/GroupLocalServiceImpl.java
@@ -4313,8 +4313,10 @@ protected Collection<Group> doSearch(
 			groups.retainAll(rolePersistence.getGroups(roleId));
 		}
 
+		String actionId = (String)params.remove("actionId");
+
 		if (userId == null) {
-			return groups;
+			return _filterGroups(actionId, groups);
 		}
 
 		// Join by Users_Groups
@@ -4357,31 +4359,7 @@ protected Collection<Group> doSearch(
 			}
 		}
 
-		String actionId = (String)params.remove("actionId");
-
-		if (actionId != null) {
-			PermissionChecker permissionChecker =
-				PermissionThreadLocal.getPermissionChecker();
-
-			for (Group group : groups) {
-				try {
-					if (permissionChecker.isGroupAdmin(group.getGroupId()) ||
-						GroupPermissionUtil.contains(
-							permissionChecker, group.getGroupId(), actionId)) {
-
-						joinedGroups.add(group);
-					}
-				}
-				catch (PortalException portalException) {
-					if (_log.isWarnEnabled()) {
-						_log.warn(
-							"Unable to check permission for group " +
-								group.getGroupId(),
-							portalException);
-					}
-				}
-			}
-		}
+		joinedGroups.addAll(_filterGroups(actionId, groups));
 
 		if (_log.isDebugEnabled() && !params.isEmpty()) {
 			_log.debug("Unprocessed parameters " + MapUtil.toString(params));
@@ -5214,6 +5192,40 @@ protected void validateRemoteGroup(
 
 	protected File publicLARFile;
 
+	private Collection<Group> _filterGroups(
+		String actionId, Collection<Group> groups) {
+
+		if (actionId != null) {
+			Collection<Group> filteredGroups = new HashSet<>();
+
+			PermissionChecker permissionChecker =
+				PermissionThreadLocal.getPermissionChecker();
+
+			for (Group group : groups) {
+				try {
+					if (permissionChecker.isGroupAdmin(group.getGroupId()) ||
+						GroupPermissionUtil.contains(
+							permissionChecker, group.getGroupId(), actionId)) {
+
+						filteredGroups.add(group);
+					}
+				}
+				catch (PortalException portalException) {
+					if (_log.isWarnEnabled()) {
+						_log.warn(
+							"Unable to check permission for group " +
+								group.getGroupId(),
+							portalException);
+					}
+				}
+			}
+
+			return filteredGroups;
+		}
+
+		return groups;
+	}
+
 	private Map<Locale, String> _normalizeNameMap(Map<Locale, String> nameMap) {
 		Map<Locale, String> normalizedNameMap = new HashMap<>();