Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Security Level: Public
-
None
-
CBG Sprint 152
-
1
Description
If the sync function is modified to apply roles to a user and then a resync is done, the users roles will remain the same on a GET user call and will be recomputed when the admin roles for that user are changed.
Repro steps:
- Create a bucket on server with a document, and a db with that bucket. Bring the db online
- Create a user and 2 roles
- Change the sync function to assign a role to that user `role("user1", "role1")`
- run resync
- Check the roles field of the user and see it has not changed
- Add the second role to the user and do a GET on the user
- See that the first role now appears that was assigned by the sync fn
The theory is that the `invalidateAllPrincipalsCache` that gets ran at the end of resync is not calling `invalUserRoles` when it should be so on the GET user, the roles are not getting recalculated. So essentially, resync is not properly invalidating the dynamically computed roles.