search

FusionAuth / fusionauth-issues

FusionAuth issue submission project
https://fusionauth.io
91 stars 12 forks source link

Reconcile Lambda removes Groups but keeps role assignment #2617

Open jobannon opened 10 months ago

jobannon commented 10 months ago

(Put bug title here)

Description

If I have a user that has a group

superAdmins and a role that is assigned to applicationA in that group of Admin.

If I assign this group to bob@bob.com, I see that the user has both this role and this group assignment. If I remove this group in the Admin UI, I see that the user is also removed from the Admin role as expected.

However, if I take the same actions as above and remove this membership from a user in a reconcile lambda (with HTTPConnect calling our own membership APIs), the user is removed from the group but the role assignment remains.

Sample lambda code

    var response = fetch("http://localhost:9012/api/group/member/6bd97398-a17b-41f9-b0ad-a67eecf7213b", {
    method: "DELETE",

    headers: {
      "Authorization": "bf69486b-4733-4470-a592-f1bfce7af580",
       "Content-Type": "application/json"
    }

Observed versions

latest - 1.48.0

Expected behavior

If I only have a role from a group assignment, then when the group is removed, that role should be removed as well.

Platform

dev

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

Additional context

ticket - 74206

robotdan commented 9 months ago

Internal