users with profile superadmin should be allowed to do any actions without any restriction
users with profile restrictedadmin should be allowed to do any actions, but only on foo and bar indexes
Current Behavior
We have an inconsistent behaviour, restrictions for one profile override those for the other one, depending in which order they are loaded.
Given we have 2 profiles using the same role, with different restrictions:
Expected Behavior
users with profile
superadmin
should be allowed to do any actions without any restriction users with profilerestrictedadmin
should be allowed to do any actions, but only onfoo
andbar
indexesCurrent Behavior
We have an inconsistent behaviour, restrictions for one profile override those for the other one, depending in which order they are loaded.
Possible Solution
Improve the way profiles load roles and their restrictions: https://github.com/kuzzleio/kuzzle/blob/master/lib/api/core/models/security/role.js
Steps to Reproduce
create 2 profiles
superadmin
andrestrictedadmin
as described abovecreate one user for each profile
login with the
superadmin
user and callauth/getMyRights
action => we will get expected result:login with the
restrictedadmin
user and callauth/getMyRights
again => we will still have expected result for this user:login again with the
superadmin
user and call `auth/getMyRights => we should have the first result, bug we get the second one.