when user roles are updated, the relevant session roles are updated as well

4 files changed, 57 insertions, 5 deletions

diff --git a/api/user.go b/api/user.go
index a42f81cf1..130f0f3d0 100644
--- a/api/user.go
+++ b/api/user.go
@@ -961,18 +961,38 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	user.Roles = new_roles
 
+	var ruser *model.User
 	if result := <-Srv.Store.User().Update(user, true); result.Err != nil {
 		c.Err = result.Err
 		return
 	} else {
 		c.LogAuditWithUserId(user.Id, "roles="+new_roles)
 
-		ruser := result.Data.([2]*model.User)[0]
-		options := utils.SanitizeOptions
-		options["passwordupdate"] = false
-		ruser.Sanitize(options)
-		w.Write([]byte(ruser.ToJson()))
+		ruser = result.Data.([2]*model.User)[0]
+	}
+
+	uchan := Srv.Store.Session().UpdateRoles(user.Id, new_roles)
+	gchan := Srv.Store.Session().GetSessions(user.Id)
+
+	if result := <-uchan; result.Err != nil {
+		// soft error since the user roles were still updated
+		l4g.Error(result.Err)
+	}
+
+	if result := <-gchan; result.Err != nil {
+		// soft error since the user roles were still updated
+		l4g.Error(result.Err)
+	} else {
+		sessions := result.Data.([]*model.Session)
+		for _, s := range sessions {
+			sessionCache.Remove(s.Id)
+		}
 	}
+
+	options := utils.SanitizeOptions
+	options["passwordupdate"] = false
+	ruser.Sanitize(options)
+	w.Write([]byte(ruser.ToJson()))
 }
 
 func updateActive(c *Context, w http.ResponseWriter, r *http.Request) {
diff --git a/api/user_test.go b/api/user_test.go
index 8b95bdf55..776b17b3c 100644
--- a/api/user_test.go
+++ b/api/user_test.go
@@ -651,6 +651,12 @@ func TestUserUpdateRoles(t *testing.T) {
 		t.Fatal("Should have errored, not admin")
 	}
 
+	name := make(map[string]string)
+	name["new_name"] = "NewName"
+	if _, err := Client.UpdateTeamDisplayName(name); err == nil {
+		t.Fatal("should have errored - user not admin yet")
+	}
+
 	team2 := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
 	team2 = Client.Must(Client.CreateTeam(team2)).Data.(*model.Team)
 
@@ -690,6 +696,12 @@ func TestUserUpdateRoles(t *testing.T) {
 			t.Fatal("Roles did not update properly")
 		}
 	}
+
+	Client.LoginByEmail(team.Name, user2.Email, "pwd")
+
+	if _, err := Client.UpdateTeamDisplayName(name); err != nil {
+		t.Fatal(err)
+	}
 }
 
 func TestUserUpdateActive(t *testing.T) {
diff --git a/store/sql_session_store.go b/store/sql_session_store.go
index d1a06a33c..12004ab78 100644
--- a/store/sql_session_store.go
+++ b/store/sql_session_store.go
@@ -175,3 +175,22 @@ func (me SqlSessionStore) UpdateLastActivityAt(sessionId string, time int64) Sto
 
 	return storeChannel
 }
+
+func (me SqlSessionStore) UpdateRoles(userId, roles string) StoreChannel {
+	storeChannel := make(StoreChannel)
+
+	go func() {
+		result := StoreResult{}
+
+		if _, err := me.GetMaster().Exec("UPDATE Sessions SET Roles = :Roles WHERE UserId = :UserId", map[string]interface{}{"Roles": roles, "UserId": userId}); err != nil {
+			result.Err = model.NewAppError("SqlSessionStore.UpdateRoles", "We couldn't update the roles", "userId="+userId)
+		} else {
+			result.Data = userId
+		}
+
+		storeChannel <- result
+		close(storeChannel)
+	}()
+
+	return storeChannel
+}
diff --git a/store/store.go b/store/store.go
index 613fe4198..617ea7f2b 100644
--- a/store/store.go
+++ b/store/store.go
@@ -99,6 +99,7 @@ type SessionStore interface {
 	GetSessions(userId string) StoreChannel
 	Remove(sessionIdOrAlt string) StoreChannel
 	UpdateLastActivityAt(sessionId string, time int64) StoreChannel
+	UpdateRoles(userId string, roles string) StoreChannel
 }
 
 type AuditStore interface {