Ensure admin users with logged in sessions lose their rights on demotion

Description

From the PR @ https://github.com/igniterealtime/Openfire/pull/1331

How to reproduce on HEAD:

(1) Create a second administrator account "dan"
(2) Using web browser 1 log in as "dan" and open up the sessions list in the admin console
(3) User web browser 2 log in as other admin, and revoke the admin permission for "dan"
(4) Dan can still refresh and use the admin console

I've tested the regular paths with admin console users - but in all honesty I haven't tested the "auth token" path (although the code seems OK to my eyes).

 

Environment

None
Fixed
Your pinned fields
Click on the next to a field label to start pinning.

Assignee

Unassigned

Reporter

Greg Thomas