Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User update removes all user roles (removeUserRole A bug has occurred to remove all user-roles) #114

Closed
DenisYin66 opened this issue Apr 17, 2019 · 7 comments
Closed

User update removes all user roles (removeUserRole A bug has occurred to remove all user-roles) #114

DenisYin66 opened this issue Apr 17, 2019 · 7 comments
Assignees
@ddelponte
Labels
Awaiting Feedback

Comments

@DenisYin66
Copy link

I am trying to update my user role information. There is no problem adding a new user role. Once a role is deleted, all user-roles will be deleted.

My solution:
`
package grails.plugin.springsecurity.ui.SpringSecurityUiService 445

@Transactional
Number removeUserRole(def u, def r) {
            if (u != null && r != null) {
	      UserRole.where { user == u && role == r }.deleteAll() as int
            }
}

`
@ddelponte
Copy link
Collaborator

Hi @yuan574954352 and thank-you for submitting this issue!

Would you be so kind as to link to or attach a sample app as well as include the steps one must follow in order to reproduce the issue?

Thanks!

@ddelponte ddelponte self-assigned this Apr 17, 2019
@ddelponte
Copy link
Collaborator

Closing. Unable to reproduce.

This may be related to #89 which was previously resolved.

The reported issue does not specify the version of the plugin being utilized.

@sk8geek
Copy link

sk8geek commented Dec 3, 2020

Hi @ddelponte - I seem to be seeing this bug in Grails 4.0.2, I've created an example project with steps to reproduce:
https://gitlab.com/sk8geek/grails-ssui-bug
Cheers
Steven

@logantracyo
Copy link

logantracyo commented Sep 23, 2021
edited
Loading

@sk8geek, I am also seeing this bug; I'm using Grails 4.0.11, with S2UI 4.0.0.M1, Hibernate 5.4.18.Final, GORM 7.0.8.RELEASE, and Postgres 12.7. I ran each option in s2ui-override to allow customizing the plugin's defaults, though I haven't yet changed any of the /user views or controller; multiple Roles and Users are created in Bootstrap.groovy.

The bug appears when logged in as an admin user, then editing any other user, unchecking any Role checkbox(es), and clicking Update; all UserRoles are deleted from the database.

@ddelponte, would it make sense to reopen this, since Steven and I are both experiencing it (and he's provided a sample app)?

I stumbled across a workaround while troubleshooting; though it's unlikely be helpful in resolving the bug, as I cannot (yet?) explain why it works, perhaps it will help others running into this bug:

I extended grails.plugin.springsecurity.ui.SpringSecurityUiService, then pasted a copy of the removeUserRole() method from the base class, intending to try adding the null check & typecast suggested by @DenisYin66. However, to my surprise, the copied method worked properly, deleting only the specified UserRoles instead of all of them.

Here's the code involved:

Create src/main/groovy/test/TestSpringSecurityUiService.groovy, copy/pasting the removeUserRole() method from SpringSecurityUiService (unchanged except for adding @Override):

package test

import grails.gorm.transactions.Transactional
import grails.plugin.springsecurity.ui.SpringSecurityUiService

class TestSpringSecurityUiService extends SpringSecurityUiService{

	@Override
	@Transactional
	Number removeUserRole(def u, def r) {
		UserRole.where { user == u && role == r }.deleteAll()
	}

}

Add the bean override to grails-app/conf/spring/resources.groovy:

    springSecurityUiService(TestSpringSecurityUiService) {
        uiErrorsStrategy = ref('uiErrorsStrategy')
        uiMailStrategy = ref('uiMailStrategy')
        uiPropertiesStrategy = ref('uiPropertiesStrategy')
        grailsApplication = ref('grailsApplication')
        messageSource = ref('messageSource')
        springSecurityService = ref('springSecurityService')
        userCache = ref('userCache')
    }

I had to specify these dependencies because auto-wiring didn't work, causing NPEs -- based on a suggestion from Burt Beckwith [https://stackoverflow.com/a/7135267](for a similar problem).

Commenting-out the copied method causes the bug to occur as before, deleting all UserRoles instead of just the specified one(s), though I can't see why. @sk8geek, if you have time to try this, it'd be great to have confirmation and/or ideas as to what's going on.

@puneetbehl
Copy link
Contributor

You should use GORM Hibernate5 7.1.0-M5 with Grails 5.

@logantracyo
Copy link

My mistake, @puneetbehl -- it's the Hibernate plugin whose version is Hibernate5 7.1.0-M5; the actual Hibernate version is 5.4.18.Final (updated in my comment above).

@logantracyo logantracyo mentioned this issue Nov 5, 2021
Open
4 tasks
@logantracyo
Copy link

There is a similar issue raised for the Spring Security Core plugin, in case that helps anyone else track down the source.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ddelponte ddelponte

Labels
Awaiting Feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ddelponte @logantracyo @puneetbehl @DenisYin66 @sk8geek