feat: invalidate user session when user's role memberships changes

dhis-2/dhis-test-web-api/src/test/java/org/hisp/dhis/webapi/controller/UserControllerTest.java

@@ -152,8 +152,11 @@ void updateRolesAuthoritiesShouldInvalidateUserSessions() {
 
     UserRole roleB = createUserRole("ROLE_B", "ALL");
     userService.addUserRole(roleB);
-    superUser.getUserRoles().add(roleB);
-    userService.updateUser(superUser);
+
+    PATCH(
+            "/users/" + superUser.getUid(),
+            "[{'op':'add','path':'/userRoles','value':[{'id':'" + roleB.getUid() + "'}]}]")
+        .content(HttpStatus.OK);
 
     String roleBID = userService.getUserRoleByName("ROLE_B").getUid();