We're updating the issue view to help you get more done. 

Ensure admin users with logged in sessions lose their rights on demotion

Description

From the PR @ https://github.com/igniterealtime/Openfire/pull/1331

How to reproduce on HEAD:

(1) Create a second administrator account "dan"
(2) Using web browser 1 log in as "dan" and open up the sessions list in the admin console
(3) User web browser 2 log in as other admin, and revoke the admin permission for "dan"
(4) Dan can still refresh and use the admin console

I've tested the regular paths with admin console users - but in all honesty I haven't tested the "auth token" path (although the code seems OK to my eyes).

 

Environment

None

Acceptance Test - Entry

None

Assignee

Unassigned

Reporter

Greg Thomas

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Major
Configure