• When using Freemarker variables userPermission and permissionChecker in a fragment to check if a user has specific permissions for their commerce account, the check always returns true, even for non-existent permissions.

<#assign userPermission = serviceLocator.findService("com.liferay.portal.kernel.service.permission.UserPermission")>
<#assign permissionChecker = serviceLocator.findService("com.liferay.portal.kernel.security.permission.PermissionCheckerFactory").create(user)>

${user.screenName}
userPermission:${userPermission}
permissionChecker:${permissionChecker}
VIEW_OPEN_COMMERCE_ORDERS: ${userPermission.contains(permissionChecker, user.userId, "VIEW_OPEN_COMMERCE_ORDERS")?c}
ADD_COMMERCE_ORDER: ${userPermission.contains(permissionChecker, user.userId, "ADD_COMMERCE_ORDER")?c}
MANAGE_USERS: ${userPermission.contains(permissionChecker, user.userId, "MANAGE_USERS")?c}
NOT_FOUND_PERMISSION_0987654321: ${userPermission.contains(permissionChecker, user.userId, "NOT_FOUND_PERMISSION_0987654321")?c}

• Liferay DXP 7.4+

This approach is not feasible due to the following reasons:

• The VIEW_OPEN_COMMERCE_ORDER and ADD_COMMERCE_ORDER permissions are portlet permissions, not user permissions. They require a specific target (not available in the fragment template) and the accountId (or the related groupId) to determine permission status.
• The MANAGE_USERS permission is an account entry permission, not a user permission. It requires the accountId to determine permission status.
• Checking for non-existent permissions returns true because the code checks if the user has permission on themselves (using user.userId as the target). There is a logic that if you check some permission on yourself it is always true.