From 2c582f4240c036d000ead2eb2a607a473cd023dd Mon Sep 17 00:00:00 2001
From: Clark Andrianasolo <clark.andrianasolo@rudder.io>
Date: Tue, 20 Feb 2024 16:54:53 +0100
Subject: [PATCH] Fixes #24209: User sessions should contain the authorizations

---
 .../src/main/scala/com/normation/rudder/Authorizations.scala   | 2 ++
 .../main/scala/bootstrap/liftweb/RudderProviderManager.java    | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/webapp/sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/Authorizations.scala b/webapp/sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/Authorizations.scala
index 7c6779c4888..121eff5ede2 100644
--- a/webapp/sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/Authorizations.scala
+++ b/webapp/sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/Authorizations.scala
@@ -322,6 +322,8 @@ object Rights {
   }
 
   def forAuthzs(authorizationTypes: AuthorizationType*): Rights = apply(authorizationTypes.toSeq)
+
+  def combineAll(rights: Iterable[Rights]): Rights = Rights(rights.map(_.authorizationTypes).toList.combineAll)
 }
 
 /*
diff --git a/webapp/sources/rudder/rudder-web/src/main/scala/bootstrap/liftweb/RudderProviderManager.java b/webapp/sources/rudder/rudder-web/src/main/scala/bootstrap/liftweb/RudderProviderManager.java
index 753d6b4b84a..3838fdf4d33 100644
--- a/webapp/sources/rudder/rudder-web/src/main/scala/bootstrap/liftweb/RudderProviderManager.java
+++ b/webapp/sources/rudder/rudder-web/src/main/scala/bootstrap/liftweb/RudderProviderManager.java
@@ -16,6 +16,7 @@
 
 package bootstrap.liftweb;
 
+import com.normation.rudder.AuthorizationType;
 import com.normation.rudder.domain.logger.ApplicationLogger;
 import com.normation.rudder.users.*;
 import org.apache.commons.logging.Log;
@@ -172,7 +173,7 @@ public Authentication authenticate(Authentication authentication)
                                 JZioRuntime.runNow(userRepository.logStartSession(
                                   details.getUsername(),
                                   com.normation.rudder.Role.toDisplayNames(details.roles()),
-                                  details.roles().toList().flatMap(r -> r.rights().authorizationTypes().toList().map(a -> a.id())),
+                                  com.normation.rudder.Rights.combineAll(details.roles().toList().map(r -> r.rights())).authorizationTypes().toList().map(AuthorizationType::id),
                                   com.normation.rudder.users.SessionId.apply(sessionId),
                                   p.name(),
                                   org.joda.time.DateTime.now()