Ensure admin users with logged in sessions lose their rights on demotion

Description

From the PR @ https://github.com/igniterealtime/Openfire/pull/1331

How to reproduce on HEAD:
(1) Create a second administrator account "dan"
(2) Using web browser 1 log in as "dan" and open up the sessions list in the admin console
(3) User web browser 2 log in as other admin, and revoke the admin permission for "dan"
(4) Dan can still refresh and use the admin console
I've tested the regular paths with admin console users - but in all honesty I haven't tested the "auth token" path (although the code seems OK to my eyes).

Environment

None

Activity

Show:

Fixed

Details
Assignee
Unassigned
Reporter
Greg Thomas
Components
Fix versions
4.4.0
Affects versions
4.3.2
Priority
Major

Created April 14, 2019 at 5:05 PM

Updated April 14, 2019 at 5:06 PM

Resolved April 14, 2019 at 5:06 PM

Ensure admin users with logged in sessions lose their rights on demotion

Description

Environment

Activity

DetailsAssigneeUnassignedUnassignedReporterGreg ThomasGreg ThomasComponentsFix versions4.4.0Affects versions4.3.2PriorityMajor

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Priority

Details
Assignee
Unassigned
Reporter
Greg Thomas
Components
Fix versions
4.4.0
Affects versions
4.3.2
Priority
Major