Fixes #24209: User sessions should contain the authorizations

Normation · Feb 20, 2024 · 2c582f4 · 2c582f4
1 parent 3320731
commit 2c582f4
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/webapp/sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/Authorizations.scala b/webapp/sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/Authorizations.scala
@@ -322,6 +322,8 @@ object Rights {
   }
 
   def forAuthzs(authorizationTypes: AuthorizationType*): Rights = apply(authorizationTypes.toSeq)
+
+  def combineAll(rights: Iterable[Rights]): Rights = Rights(rights.map(_.authorizationTypes).toList.combineAll)
 }
 
 /*

diff --git a/webapp/sources/rudder/rudder-web/src/main/scala/bootstrap/liftweb/RudderProviderManager.java b/webapp/sources/rudder/rudder-web/src/main/scala/bootstrap/liftweb/RudderProviderManager.java
@@ -16,6 +16,7 @@
 
 package bootstrap.liftweb;
 
+import com.normation.rudder.AuthorizationType;
 import com.normation.rudder.domain.logger.ApplicationLogger;
 import com.normation.rudder.users.*;
 import org.apache.commons.logging.Log;
@@ -172,7 +173,7 @@ public Authentication authenticate(Authentication authentication)
                                 JZioRuntime.runNow(userRepository.logStartSession(
                                   details.getUsername(),
                                   com.normation.rudder.Role.toDisplayNames(details.roles()),
-                                  details.roles().toList().flatMap(r -> r.rights().authorizationTypes().toList().map(a -> a.id())),
+                                  com.normation.rudder.Rights.combineAll(details.roles().toList().map(r -> r.rights())).authorizationTypes().toList().map(AuthorizationType::id),
                                   com.normation.rudder.users.SessionId.apply(sessionId),
                                   p.name(),
                                   org.joda.time.DateTime.now()