RoleController.DeleteRole(RoleInfo role) does not clear user cache
Description
RoleController.DeleteRole(RoleInfo role) does not clear user cache which results in the fact that after deleting a role (in the admin UI) the property UserInfo.Roles is not updated and still contains the deleted role.
How to reproduce:
1) Create a role
2) Add user to role
3) Login as this user and make sure UserController.Instance.GetCurrentUserInfo().Roles contains the new role
4) Delete the role
5) Login as this user and UserController.Instance.GetCurrentUserInfo().Roles still contains the role that was deleted in step 4
Under certain conditions this could be a security problem: If you delete a role and create a role with the same name, the user is not member of this role, but any code that will test against the UserInfo's Role property gets outdated information.
I will create a pull request to fix this problem.
QA Test Plan
Activity
I've created a pull request: https://github.com/dnnsoftware/Dnn.Platform/pull/130
Code review will be done by devs, and QA needs to do some partial regression regarding role deletion, recovery. Be careful with Social as well.
Verified in 7.3.3 build 77
UserController.Instance.GetCurrentUserInfo().Roles NO LONGER contains the role that was deleted in step 4
Assignee
Reporter
Story Size
Severity
Triage
Reported in Build #
Fixed in Build
Dev Owner
Includes Code Fix
Documentation Required
Trouble Ticket
Requires More Info
QA Story Points
QA Owner
Injected
Automation Required
Code Review Owner
Fix versions
Affects versions
Priority
