Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multi-tenant Roles: Problem when changing a Roles RoleType or when deleting #13

Closed
JonPSmith opened this issue Jan 3, 2022 · 2 comments
Closed

Multi-tenant Roles: Problem when changing a Roles RoleType or when deleting #13

JonPSmith opened this issue Jan 3, 2022 · 2 comments
Assignees
@JonPSmith
Labels
bug Something isn't working

Comments

@JonPSmith
Copy link
Owner

JonPSmith commented Jan 3, 2022
edited
Loading

With the new multi-tenant Role types (see this explanation about multi-tenant Role types in the docs) in version 2.0.0 are two issues that haven't been covered in the current release (2.1.0). They are

1. Changing the RoleType can cause problems

The issues are

  1. If a Normal Role is changed to a HiddenFromTenant then that Role should be removed from any tenant users.
  2. If a Normal or HiddenFromTenant Role's RoleType are changed to TenantAutoAdd or TenantAdminAdd then the roles are in the correct place (i.e. should be in the TenantRoles)
  3. If a TenantAutoAdd or TenantAdminAdd Role's RoleType are changed to Normal or HiddenFromTenant then the roles are in the correct place (i.e. should be in the AuthUser's Roles)

I could just detect these changes and sent back an error, but issue 1 (Normal Role is changed to a HiddenFromTenant) would be fairly easy to delete that Role from Tenant users using the Role Delete checks.

Delete Role

The DeleteRoleAsync method works on tenant Roles because it deletes the RoleToPermissions which remove the user or tenant link. The only problem is that the QueryUsersUsingThisRole method only covers AuthUsers. We need a QueryTenantsUsingThisRole too.
@JonPSmith JonPSmith changed the title Roles: Multi-tenant Roles: Problem when changing a Roles RoleType or when deleting Jan 3, 2022
@JonPSmith JonPSmith self-assigned this Jan 3, 2022
@JonPSmith JonPSmith added the bug Something isn't working label Jan 3, 2022
@JonPSmith JonPSmith mentioned this issue Jan 16, 2022
Closed
@JonPSmith
Copy link
Owner Author

JonPSmith commented Feb 17, 2022
edited
Loading

Here is a list of possible changes to a Role's type, and what you should do for each one

Original RoleType New RoleType In Users? In Tenants?
Normal TenantAutoAdd ERROR impossible
Normal TenantAdminAdd ERROR impossible
Normal HiddenFromTenant ERROR (if user has tenant) impossible
TenantAutoAdd Normal impossible ERROR
TenantAutoAdd TenantAdminAdd impossible OK
TenantAutoAdd HiddenFromTenant impossible ERROR
TenantAdminAdd Normal impossible OK
TenantAdminAdd TenantAutoAdd ERROR OK
TenantAdminAdd HiddenFromTenant ERROR (if user has tenant) ERROR
HiddenFromTenant Normal OK impossible
HiddenFromTenant TenantAutoAdd ERROR impossible
HiddenFromTenant TenantAdminAdd ERROR impossible

Note that:

  • ERROR = that Role can't be in the stated group ( user / tenant)
  • impossible = Can't happen, so no need to test

JonPSmith added a commit that referenced this issue Feb 17, 2022
@JonPSmith
Implemented / tested change of RoleType - see #13
342a787
JonPSmith added a commit that referenced this issue Feb 18, 2022
@JonPSmith
Updated DeleteRoleAsync to handle tenant Role check - see issue #13
90c565d
@JonPSmith
Copy link
Owner Author

Fixed in version 2.3.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JonPSmith JonPSmith

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@JonPSmith