fix setting roles on rest api with role restriction in place

sni · sni · commit 18f275756ab6 · 2025-04-14T15:43:27.000+02:00
diff --git a/lib/Thruk/Authentication/User.pm b/lib/Thruk/Authentication/User.pm
@@ -139,21 +139,23 @@ sub set_dynamic_attributes {
             $data->{'contactgroups'} = [sort keys %{$data->{'contactgroups'}}];
         }
     }
-
     $self->_apply_user_data($c, $data);
 
     $self->clean_roles($roles, $force_roles);
+    $self->clean_roles($self->{'roles_restriction'}, $force_roles) if $self->{'roles_restriction'};
 
     if($self->check_user_roles('admin')) {
         $self->grant('admin');
     }
 
     $self->{'roles'} = Thruk::Base::array_uniq($self->{'roles'});
 
-    if(!$skip_db_access) {
+    if(!$skip_db_access && !$roles) {
         $c->cache->set('users', $username, $data);
     }
 
+    $self->{'roles_restriction'} = $roles if defined $roles;
+
     $c->stats->profile(end => "User::set_dynamic_attributes");
     return $self;
 }

Original file line number	Diff line number	Diff line change
`@@ -139,21 +139,23 @@ sub set_dynamic_attributes {`
`139`	`139`	`$data->{'contactgroups'} = [sort keys %{$data->{'contactgroups'}}];`
`140`	`140`	`}`
`141`	`141`	`}`
`142`		`-`
`143`	`142`	`$self->_apply_user_data($c, $data);`
`144`	`143`
`145`	`144`	`$self->clean_roles($roles, $force_roles);`
	`145`	`+ $self->clean_roles($self->{'roles_restriction'}, $force_roles) if $self->{'roles_restriction'};`
`146`	`146`
`147`	`147`	`if($self->check_user_roles('admin')) {`
`148`	`148`	`$self->grant('admin');`
`149`	`149`	`}`
`150`	`150`
`151`	`151`	`$self->{'roles'} = Thruk::Base::array_uniq($self->{'roles'});`
`152`	`152`
`153`		`- if(!$skip_db_access) {`
	`153`	`+ if(!$skip_db_access && !$roles) {`
`154`	`154`	`$c->cache->set('users', $username, $data);`
`155`	`155`	`}`
`156`	`156`
	`157`	`+ $self->{'roles_restriction'} = $roles if defined $roles;`
	`158`	`+`
`157`	`159`	`$c->stats->profile(end => "User::set_dynamic_attributes");`
`158`	`160`	`return $self;`
`159`	`161`	`}`