Details
-
Bug
-
Resolution: Fixed
-
High
-
5.1, 5.2
-
None
Description
User role/permissions are not updated in Symfony after assigning the user object to a different group, through legacy Admin UI.
steps to reproduce:
- optional: create a custom 'testmodule' module with a 'testfunc' function
Module = array( 'name' => 'eZ Test' ); $FunctionList = array( 'testfunc' => array() );
- optional: create a custom controller view to verify access and configure necessary routing. sample code:
public function testAction( ) { $grantStr = $this->getRepository()->hasAccess( 'testmodule', 'testfunc' ) ? 'granted' : 'NOT granted'; return new Response( 'Access to testmodule/testfunc is: ' . $grantStr ); }
- In the backoffice, grant this policy to the 'editors' role and save.
- In the frontend login as editor, access the view configured above.
- Verify that response is: "Access to testmodule/testfunc is: granted"
- In the backoffice, move the editor user to the 'Anonymous group'
- In the frontend refresh the page: response is still granted.
- Clear cache in admin backoffice
- frontend response is now "NOT granted"
The same problem exists when assigning back to a group with permissions.