From b068cc1058a2909e7fc9d9622e806d52127bfa52 Mon Sep 17 00:00:00 2001 From: JoramWilander Date: Mon, 17 Aug 2015 09:28:20 -0400 Subject: when user roles are updated, the relevant session roles are updated as well --- api/user.go | 30 +++++++++++++++++++++++++----- api/user_test.go | 12 ++++++++++++ store/sql_session_store.go | 19 +++++++++++++++++++ store/store.go | 1 + 4 files changed, 57 insertions(+), 5 deletions(-) diff --git a/api/user.go b/api/user.go index a42f81cf1..130f0f3d0 100644 --- a/api/user.go +++ b/api/user.go @@ -961,18 +961,38 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) { user.Roles = new_roles + var ruser *model.User if result := <-Srv.Store.User().Update(user, true); result.Err != nil { c.Err = result.Err return } else { c.LogAuditWithUserId(user.Id, "roles="+new_roles) - ruser := result.Data.([2]*model.User)[0] - options := utils.SanitizeOptions - options["passwordupdate"] = false - ruser.Sanitize(options) - w.Write([]byte(ruser.ToJson())) + ruser = result.Data.([2]*model.User)[0] + } + + uchan := Srv.Store.Session().UpdateRoles(user.Id, new_roles) + gchan := Srv.Store.Session().GetSessions(user.Id) + + if result := <-uchan; result.Err != nil { + // soft error since the user roles were still updated + l4g.Error(result.Err) + } + + if result := <-gchan; result.Err != nil { + // soft error since the user roles were still updated + l4g.Error(result.Err) + } else { + sessions := result.Data.([]*model.Session) + for _, s := range sessions { + sessionCache.Remove(s.Id) + } } + + options := utils.SanitizeOptions + options["passwordupdate"] = false + ruser.Sanitize(options) + w.Write([]byte(ruser.ToJson())) } func updateActive(c *Context, w http.ResponseWriter, r *http.Request) { diff --git a/api/user_test.go b/api/user_test.go index 8b95bdf55..776b17b3c 100644 --- a/api/user_test.go +++ b/api/user_test.go @@ -651,6 +651,12 @@ func TestUserUpdateRoles(t *testing.T) { t.Fatal("Should have errored, not admin") } + name := make(map[string]string) + name["new_name"] = "NewName" + if _, err := Client.UpdateTeamDisplayName(name); err == nil { + t.Fatal("should have errored - user not admin yet") + } + team2 := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} team2 = Client.Must(Client.CreateTeam(team2)).Data.(*model.Team) @@ -690,6 +696,12 @@ func TestUserUpdateRoles(t *testing.T) { t.Fatal("Roles did not update properly") } } + + Client.LoginByEmail(team.Name, user2.Email, "pwd") + + if _, err := Client.UpdateTeamDisplayName(name); err != nil { + t.Fatal(err) + } } func TestUserUpdateActive(t *testing.T) { diff --git a/store/sql_session_store.go b/store/sql_session_store.go index d1a06a33c..12004ab78 100644 --- a/store/sql_session_store.go +++ b/store/sql_session_store.go @@ -175,3 +175,22 @@ func (me SqlSessionStore) UpdateLastActivityAt(sessionId string, time int64) Sto return storeChannel } + +func (me SqlSessionStore) UpdateRoles(userId, roles string) StoreChannel { + storeChannel := make(StoreChannel) + + go func() { + result := StoreResult{} + + if _, err := me.GetMaster().Exec("UPDATE Sessions SET Roles = :Roles WHERE UserId = :UserId", map[string]interface{}{"Roles": roles, "UserId": userId}); err != nil { + result.Err = model.NewAppError("SqlSessionStore.UpdateRoles", "We couldn't update the roles", "userId="+userId) + } else { + result.Data = userId + } + + storeChannel <- result + close(storeChannel) + }() + + return storeChannel +} diff --git a/store/store.go b/store/store.go index 613fe4198..617ea7f2b 100644 --- a/store/store.go +++ b/store/store.go @@ -99,6 +99,7 @@ type SessionStore interface { GetSessions(userId string) StoreChannel Remove(sessionIdOrAlt string) StoreChannel UpdateLastActivityAt(sessionId string, time int64) StoreChannel + UpdateRoles(userId string, roles string) StoreChannel } type AuditStore interface { -- cgit v1.2.3-1-g7c22