RoleController.DeleteRole(RoleInfo role) does not clear user cache

Description

RoleController.DeleteRole(RoleInfo role) does not clear user cache which results in the fact that after deleting a role (in the admin UI) the property UserInfo.Roles is not updated and still contains the deleted role.

How to reproduce:
1) Create a role
2) Add user to role
3) Login as this user and make sure UserController.Instance.GetCurrentUserInfo().Roles contains the new role
4) Delete the role
5) Login as this user and UserController.Instance.GetCurrentUserInfo().Roles still contains the role that was deleted in step 4

Under certain conditions this could be a security problem: If you delete a role and create a role with the same name, the user is not member of this role, but any code that will test against the UserInfo's Role property gets outdated information.

I will create a pull request to fix this problem.

QA Test Plan

None

Activity

Show:
jan_jonas
July 20, 2014, 2:20 PM
Bing Wu
July 31, 2014, 5:20 PM

Code review will be done by devs, and QA needs to do some partial regression regarding role deletion, recovery. Be careful with Social as well.

Ken Grierson
September 7, 2014, 2:35 AM

Verified in 7.3.3 build 77
UserController.Instance.GetCurrentUserInfo().Roles NO LONGER contains the role that was deleted in step 4

Assignee

Ken Grierson

Reporter

jan_jonas

Story Size

Unknown

Severity

Major

Triage

New

Reported in Build #

None

Fixed in Build

Dev Owner

None

Includes Code Fix

No

Documentation Required

No

Trouble Ticket

None

Requires More Info

None

QA Story Points

None

QA Owner

None

Injected

None

Automation Required

None

Code Review Owner

None

Fix versions

Affects versions

Priority

High
Configure