Changes in can edit permissions only take effect after user has logged out

[emteknetnz]

CMS 4.8.0-beta1

I created a group "my group" who have access to the file section, but not 'can edit any file'

I added a member to this group "my user"

I create a file with the the following permission
Who can view this file? Only these groups (choose from list): "my group"
Who can edit this file? Only these groups (choose from list): "my group"

However the 'my user' was unable to edit the file - they were read only

[brynwhyman]

@emteknetnz can you please confirm what the permission settings are for the file's folder (and any parent folders also)?

I can't recreate this with the following set up:

• I created a group "my group" who have access to the file section, but not 'can edit any file'
• I added a member to this group "tester"

Root folder
-> 'folder 1' (view permissions: logged in users; edit permissions: logged in users)
--> 'file 1' (view permissions: 'my group'; edit permissions: 'my group')

See:
Permissions:

Able to edit:

[emteknetnz]

Ah OK I see what's happening. It does work as expected, however persmissions seems to be tied to the session.

You should be able to replicate if you are logged in as an admin on one browser and logged in as a different user in another browser.

If the admin browser, restricts the canEdit permissions on a new file, then user in the other browser can still edit the file. However if that user logs out and logs back in, then they won't be able edit the file.

I'll update the issue title

[maxime-rainville]

Permission for files are cached because it's an expensive call to make. That might be part of the problem we are seeing here.

I'm not sure I would fuss about this too much as long as the TTL for that cache doesn't go on forever.

[michalkleiner]

Would it be possible to tie this together somehow with the session manager module and if installed, invalidate all user sessions that could/should be affected by the permission change?