bugfix

- user sessions get removed upon modifying group's roles

Author: parmesant

src/rbac/user.rs

@@ -31,7 +31,7 @@ use crate::{
         rbac::{InvalidUserGroupError, RBACError},
     },
     parseable::PARSEABLE,
-    rbac::map::{read_user_groups, roles, users},
+    rbac::map::{mut_sessions, read_user_groups, roles, users},
 };
 
 #[derive(Debug, Clone, PartialEq, Eq, serde::Serialize, serde::Deserialize)]
@@ -266,6 +266,10 @@ impl UserGroup {
 
     pub fn add_roles(&mut self, roles: HashSet<String>) -> Result<(), RBACError> {
         self.roles.extend(roles);
+        // also refresh all user sessions
+        for username in &self.users {
+            mut_sessions().remove_user(username);
+        }
         Ok(())
     }
 
@@ -283,6 +287,10 @@ impl UserGroup {
         }
         self.roles.clone_from(&new_roles);
 
+        // also refresh all user sessions
+        for username in &self.users {
+            mut_sessions().remove_user(username);
+        }
         Ok(())
     }
 
@@ -293,6 +301,10 @@ impl UserGroup {
         if old_users.eq(&new_users) {
             return Ok(());
         }
+        // also refresh all user sessions
+        for username in &users {
+            mut_sessions().remove_user(username);
+        }
         self.users.clone_from(&new_users);
 
         Ok(())
@@ -305,21 +317,4 @@ impl UserGroup {
         put_metadata(&metadata).await?;
         Ok(())
     }
-
-    // // are these methods even needed??
-    // pub fn group_name(&self) -> String {
-    //     self.name.clone()
-    // }
-
-    // pub fn group_id(&self) -> Ulid {
-    //     self.id
-    // }
-
-    // pub fn group_roles(&self) -> HashSet<String> {
-    //     self.roles.clone()
-    // }
-
-    // pub fn group_users(&self) -> HashSet<String> {
-    //     self.users.clone()
-    // }
 }