#514 1.9.4 "roles" branch not working #2 (wrong role assigned, other role missing)

[Thomas S.]

Hello

I checked out the "roles" branch on 1.9.4 but it is not working correctly
The goal is to only allow users of an ldap group/role to be able to book one room
-I have added the mapping for 4 ldap groups containing users to 4 roles

I now have the problem that one of our users is in the ldap groups "...-r062" and "...-r060a" but she can still book the room "-r057a". When i filter for her user account, the correct ldap group memberships are shown on the left, but on "roles" is see
"-057a" -> must not be there
"-r060a" -> correct
"-r062" -> is not shown but must be there

What am i doing wrong?

Best,
Thomas

[Campbell Morrison]

A role can be assigned to an individual user and also to a group. The roles shown in the Users table are roles that are assigned to that user as an individual and not the roles that are inherited by being part of a group. You probably want to remove all individually assigned roles from that user and just rely on the roles inherited by virtue of group membership. You can check the effective permissions for that user by clicking on the user and looking at the permissions shown for each area and room.

It might make it easier to understand if the roles column in the users table were renamed "Individual roles" and a new column added called "Inherited roles" or "Group roles" or something like that. What do you think?

[Thomas S.]

Hi

Yes, that would be awesome and really help a lot!