In Alpha2, if you log in as a user with a domain access role assigned, the permissions work on the very first request after clearing the cache, but on subsequent requests the permissions are gone.

Tagging an Alpha2 with the fix.

Note that there's a core TODO in the code copied into the overridden method- #2345611: Load user entity in Cookie AuthenticationProvider instead of using manual queries . This may need to get revisited if that issue is fixed.

Also the domain negotiator service has not loaded a domain at this stage in the processing, so we trigger a refresh of this.

Comments

freelock created an issue. See original summary.

freelock’s picture

freelock
Location Seattle
commented
Issue summary: View changes
Status: Active » Fixed

This is broken because the user entity is not loaded from the session.

Instead, a lightweight session user is loaded directly from a query on the database.

To fix this, I created a new Authentication Provider with a higher priority than the default Cookie provider. This "DomainCookie" provider extends the Cookie provider, and rewrites the roles loaded from the database for the visited domain, before instantiating the UserSession object.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.