2

With FusionAuth 1.17.4 and accessing the API through the Java client API (latest version 1.17.0) I was surprised today when removing group memberships via:

fusionAuthClient.deleteGroupMembers(MemberDeleteRequest(groupIds: List<UUID>))

that the request gets executed successfully and the user is disassociated from the form group memberships, but unfortunately the application roles seem to stick with the user: as if the group inherited roles have been moved down into the application registration.

When I remove a membership with the help of the FusionAuth Web UI the expected behaviour is fine and the user gets also the roles which indirectly via the group membership disassociated.

Could you please clarify why the API behaves differently vs. is it expected to update the application roles on the user additionally?

ngeek
  • 7,733
  • 11
  • 36
  • 42
  • 1
    Some code might be helpful. The FusionAuth UI actually calls the deleteGroupMembers API as part of the AJAX dialog, so it's quite surprising that it wouldn't work the same way. Are you certain that your API call is completing successfully? – voidmain Jul 10 '20 at 14:32
  • @voidmain Indeed it works like a charm if the user has only a limited number of groups assigned. The problem seems to connected if the user has multiple hundreds of groups associated, although the deleteGroupMembers returns success. This is the power user I modified, and removed all but 2 groups but the roles sticked: https://github.com/FusionAuth/fusionauth-issues/issues/480 – ngeek Jul 13 '20 at 08:16
  • I'm walked the code path and it looks to be technically impossible for a user to get roles by removing them from a group. I also walked the code path for adding a user to a group and that looks to be technically impossible for the user to gain any roles (directly on the Registration that is). Therefore, I'm nearly 100% positive there must be something else going. Providing detailed code and data would be really helpful here. Do you have a set of test data that reproduces the issue that you can share? – voidmain Jul 13 '20 at 19:05

0 Answers0