Users are not added to the moderators groups when registering with SSO

Steps to reproduce:

  1. Have SSO set up.
  2. Let a new user sign in, and specify that he is a moderator in the payload.

Expected results:

The users has exactly the same permissions as if he signed up and was instantly manually awarded moderator permissions.

Actual results:

The user is given the moderator flag, but is not added to the staff or moderator groups. This means that he cannot access categories requiring these permissions.

Here’s a screenshot of the user settings:

It looks like hitting Refresh on /admin/groups/automatic fixes this for already created users.

3 Likes

The issue is still there in version v1.6.0.beta4 +161 :sadpanda:

The same effect occurs if an existing user is given moderator privileges by another SSO sign-in.

After snooping around in the code, could this be because SSO simply sets the flag and saves the user…

https://github.com/discourse/discourse/blob/19ca08857fba1b74669af0568e1abe9932b84866/app/models/discourse_single_sign_on.rb#L76

…while the proper “grant moderation” action…

https://github.com/discourse/discourse/blob/be3a5a56ccc284b352aa65080fc6b955f73cc72a/app/models/concerns/roleable.rb#L20

…runs this refresh?

https://github.com/discourse/discourse/blob/be3a5a56ccc284b352aa65080fc6b955f73cc72a/app/models/concerns/roleable.rb#L38

3 Likes

Fixed per:

https://github.com/discourse/discourse/commit/b04ab83f120b91d4c1e3066b5be1d2b56d07e134

Thanks!

5 Likes