Contribute Toolbar Appears Even if The User Should Not See It (Doc ID 2282792.1)

Last updated on JULY 03, 2017

Applies to:

Oracle WebCenter Portal - Version 12.2.1.1.0 and later
Information in this document applies to any platform.

Symptoms

On : 12.2.1.1.0 version of WCP [ Complete version: 12.2.1.1.0(Build 160610.2201) ] the following behavior occured:

ACTUAL BEHAVIOR
---------------
In a Content Manager (out of the box) taskflow, the "Contribute" toolbar appears even if the logged-in user does not have contribute permissions on the documents.


EXPECTED BEHAVIOR
-----------------------
The "Contribute" toolbar should appear only for users that have this permission granted to them.

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Create a standard portal app (using a default template) with a Documents Page and Content Manager (out of the box) taskflow
2. To the Portal app there were 2 users added as members : weblogic - Administrator and testuser1 - Viewer Role
3. Access the documents page as weblogic --> "Contribute" toolbar appeared => OK
4. Access the documents page as testuser1 --> "Contribute" toolbar did Not appeared => OK (since user has only Viewer Role)
5. Access the preview URL like below (using testuser1):
http://:/webcenter/portal/wccdoc?dDocName=<checked_in_contentid>
==> "Contribute" toolbar appeared => NOK

Note:
Point 4 and 5 should behave identical since the same user testuser1 was used and this has only "Viewer Role"

BUSINESS IMPACT
-----------------------
Due to this issue, users cannot be restricted to the their actual roles in the WebCenter Portal application.

Changes

 No changes were done to the system.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms