feat: invalidate user session when user's role memberships changes

[netroms]

Summary

• The user will now be logged out of any current sessions when their role memberships are changed by an admin via the user admin UI or via an API call. Or if any of the assigned roles changes authorities, similarly. Without this feature, the user's new role assignments or role changes will not be effective in the ongoing sessions.

Automatic test

• UserControllerTest#updateRolesShouldInvalidateUserSessions()

Manual test

Test role assignment will log out the users

1. Create two users, one admin and one non-admin.
2. As the admin user, create a superuser role that ass the “ALL” authority.
3. As the admin user, assign the superuser role to the non-admin user.
4. Log in as the non-admin user and try to edit a user in the user admin, this should work.
5. As admin (in another browser), remove the superuser role from the non-admin user.
6. As the non-admin user, try to go to any other page, you should now observe that you will be logged out and redirected to the login page.

Test role changes will log out the users

1. Create two users, one admin and one non-admin.
2. As the admin user, create a superuser role that ass the “ALL” authority.
3. As the admin user, assign the superuser role to the non-admin user.
4. Log in as the non-admin user and try to edit a user in the user admin, this should work.
5. As admin (in another browser), remove the superuser “ALL” authority from the superuser role.
6. As the non-admin user, try to go to any other page, you should now observe that you will be logged out and

Jira:

DHIS2-10334

[codecov]

Codecov Report

Merging #15633 (53337ef) into master (94e33c8) will decrease coverage by 0.02%.
Report is 18 commits behind head on master.
The diff coverage is 97.61%.

@@             Coverage Diff              @@
##             master   #15633      +/-   ##
============================================
- Coverage     66.23%   66.21%   -0.02%     
- Complexity    31267    31279      +12     
============================================
  Files          3487     3488       +1     
  Lines        129811   129941     +130     
  Branches      15146    15176      +30     
============================================
+ Hits          85983    86044      +61     
- Misses        36748    36815      +67     
- Partials       7080     7082       +2     

Flag	Coverage Δ
integration	49.79% <88.09%> (-0.02%)	⬇️
integration-h2	32.42% <92.85%> (+<0.01%)	⬆️
unit	30.31% <0.00%> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
...in/java/org/hisp/dhis/user/CurrentUserService.java	84.37% <100.00%> (+8.18%)	⬆️
...in/java/org/hisp/dhis/user/DefaultUserService.java	62.77% <100.00%> (-0.31%)	⬇️
...adata/objectbundle/hooks/UserObjectBundleHook.java	68.50% <100.00%> (+2.98%)	⬆️
...etadata/objectbundle/hooks/UserRoleBundleHook.java	93.33% <93.33%> (ø)

... and 38 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 94e33c8...53337ef. Read the comment docs.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

0.0% Coverage
0.0% Duplication