From 53337ef325038cd79a8c8dbdd3afca56343079f2 Mon Sep 17 00:00:00 2001
From: Morten Svanaes <msvanaes@dhis2.org>
Date: Mon, 13 Nov 2023 20:37:10 +0800
Subject: [PATCH] feat: invalidate user session when user's role memberships
 changes

---
 .../hisp/dhis/webapi/controller/UserControllerTest.java    | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/dhis-2/dhis-test-web-api/src/test/java/org/hisp/dhis/webapi/controller/UserControllerTest.java b/dhis-2/dhis-test-web-api/src/test/java/org/hisp/dhis/webapi/controller/UserControllerTest.java
index fe6c42c23aad..df0ba3105186 100644
--- a/dhis-2/dhis-test-web-api/src/test/java/org/hisp/dhis/webapi/controller/UserControllerTest.java
+++ b/dhis-2/dhis-test-web-api/src/test/java/org/hisp/dhis/webapi/controller/UserControllerTest.java
@@ -152,8 +152,11 @@ void updateRolesAuthoritiesShouldInvalidateUserSessions() {
 
     UserRole roleB = createUserRole("ROLE_B", "ALL");
     userService.addUserRole(roleB);
-    superUser.getUserRoles().add(roleB);
-    userService.updateUser(superUser);
+
+    PATCH(
+            "/users/" + superUser.getUid(),
+            "[{'op':'add','path':'/userRoles','value':[{'id':'" + roleB.getUid() + "'}]}]")
+        .content(HttpStatus.OK);
 
     String roleBID = userService.getUserRoleByName("ROLE_B").getUid();