Nested Groups do not show nested group members due to corrupt cache

XMLWordPrintable

    • 3
    • Severity 2 - Major
    • 44

      Issue Summary

      Nested groups do not show nested group members when the Parent Group is loaded into the Cache for the first time from a REST API end point such as <confluence-base-url>/rest/api/latest/group/<GROUPNAME>/member.

      This results in the affected nested group members with the incorrect Permissions and denied access to Confluence that are dependent on Nested Group permissions.

      Flushing the Cache temporarily corrects the issue.

      Steps to Reproduce

      1. Install Confluence
      2. Connect Confluence to an external directory with Nested Groups enabled
        • The nested group structure should be like such:
          • Group Name: Engineering (must be capital letters)
            • With User3
            • Group Name: Developers
              • With User1
              • With User2
      3. Create a new Space called SPACE1 allowing Engineering the only group that can access the Space
      4. The working situation is as follows:
        • Navigate to Confluence Administration » Cache Management » Flush All
        • Navigate to Confluence Administration » Groups » Engineering
          • This should show all three members for Engineering group
        • Check REST API <confluence-base-url>/rest/api/latest/group/Engineering/member
          • This should show all three members for Engineering group
        • Login as User1 and ensure User1 can access SPACE1
      5. Now, navigate to Confluence Administration » Cache Management » Flush All
        • Immediately check REST API <confluence-base-url>/rest/api/latest/group/Engineering/member
        • Navigate to Confluence Administration » Groups » Engineering
        • Check that User1 can access SPACE1

      Expected Results

      In Step 5 above:

      5. Now, navigate to Confluence Administration » Cache Management » Flush All

      • Immediately check REST API <confluence-base-url>/rest/api/latest/group/Engineering/member
        • This should show all three members for Engineering group
      • Navigate to Confluence Administration » Groups » Engineering
        • This should show all three members for Engineering group
      • Check that User1 can access SPACE1
        • User1 should be able to access SPACE1

      Actual Results

      5. Now, navigate to Confluence Administration » Cache Management » Flush All

      • Immediately check REST API <confluence-base-url>/rest/api/latest/group/Engineering/member
        • This only shows the direct members of Engineering, i.e. just 1 user
      • Navigate to Confluence Administration » Groups » Engineering
        • This only shows the direct members of Engineering, i.e. just 1 user
      • Check that User1 can access SPACE1
        • User1 is denied access to SPACE1

      Workaround

      1. Navigate to Confluence Administration » Cache Management
        • Flush all; or
        • Specifically, only these two individual caches need to be flushed:
          • Embedded Crowd Group Object Child Memberships
          • Embedded Crowd Group Object Parent Memberships

            Assignee:
            Sunny Wu
            Reporter:
            Eric L
            Votes:
            3 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated: