Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Swapped User Roles is not session-specific

Description

I just entered access view on my iPhone, and was surprised to see that I was suddenly in access view on my desktop. This is highly unexpected. It could cause serious trouble if multiple people share an account. I also imagine a person entering access view on a machine at in the office, going to another location, and finding that they're stuck in access view there.

When I went into access view on my iPhone and refresh my screen on my desktop:

  • there's no "exit access view"

  • there's no reverse video banner
    I think that makes it a blocker. If the banner showed it and you could do exit access, I would still think it's a bug, but not a blocker.

Activity

Jeff Pasch June 19, 2016 at 1:02 PM
Edited

Tested on trunk in two browsers and it looks good. Added test plan.

Neal Caidin June 16, 2016 at 9:41 AM

plans on QA'ing this one . I can't assign him access because Assignees are limited to Kernel team members at the moment.

Neal Caidin June 10, 2016 at 7:22 AM

Test Plan?

Charles Hedrick May 3, 2016 at 2:56 PM

I've generated a PR. It's not pretty, but it makes a reasonable effort to be consistent with DbAuthz and portal. Portal is relevant because there's no point invalidating data for roles that no one can swap to.

I'm reasonably sure that even if there are subtle issues it will only affect swapped users.

Charles Hedrick May 2, 2016 at 8:23 PM

adding session ID is fine. I thought you weren't going to cache those entries at all.

Fixed

Details

Priority

Affects versions

Fix versions

Components

Assignee

Reporter

Created April 27, 2016 at 11:37 AM
Updated April 25, 2018 at 3:18 PM
Resolved June 1, 2016 at 3:44 PM