FOUR-29436: Unexpected logout when clicking SAVE in Group Permissions

[eiresendez]

Issue & Reproduction Steps

This fixes FOUR-29436.

When group permissions are updated, the permission cache invalidation path can clear Redis-backed sessions in production-like environments where both cache and session use Redis. I reproduced the logout locally with:

• SESSION_DRIVER=redis
• CACHE_DRIVER=redis
• session using the same Redis default connection as cache

The runtime path was:

• group permission update triggers PermissionUpdated
• InvalidatePermissionCacheOnUpdate / InvalidatePermissionCacheOnGroupHierarchyChange invalidated all permission cache
• PermissionCacheService::clearAll() called a broad cache clear
• active sessions were removed and the user was logged out

Solution

• Replaced broad permission cache invalidation in runtime listeners with targeted invalidation for users affected by the changed group subtree.
• Added repository support to resolve all affected users for a group, including nested descendant groups, with cycle protection.
• Cleared both permission cache key families during invalidation:
  • user_permissions:{id}
  • user_{id}_permissions
• Kept group cache invalidation explicit for the changed group.
• Made PermissionCacheService::clearAll() safe and scoped to tracked permission keys instead of clearing the whole cache backend.
• Added regression tests to ensure unrelated cache entries survive group permission and hierarchy invalidation.

How to Test

1. Configure a local environment with Redis-backed session and cache using the same Redis connection.
2. Log into the instance and reproduce the Group Permissions update flow.
3. Confirm saving group permissions no longer logs out the active user.
4. Run:

./vendor/bin/phpunit --filter 'PermissionCacheServiceTest|PermissionServiceManagerTest|InvalidatePermissionCacheOnUpdateTest|InvalidatePermissionCacheOnGroupHierarchyChangeTest|PermissionCacheInvalidationTest|PermissionsTest'

Related Tickets & Packages

• FOUR-29436
• FOUR-19876

ci:deploy

Code Review Checklist

• I have pulled this code locally and tested it on my instance, along with any associated packages.
• This code adheres to ProcessMaker Coding Guidelines.
• This code includes a unit test or an E2E test that tests its functionality, or is covered by an existing test.
• This solution fixes the bug reported in the original ticket.
• This solution does not alter the expected output of a component in a way that would break existing Processes.
• This solution does not implement any breaking changes that would invalidate documentation or cause existing Processes to fail.
• This solution has been tested with enterprise packages that rely on its functionality and does not introduce bugs in those packages.
• This code does not duplicate functionality that already exists in the framework or in ProcessMaker.
• This ticket conforms to the PRD associated with this part of ProcessMaker.

[Kookster310]

QA server K8S was successfully deployed https://ci-ad89f7662c.engk8s.processmaker.net

[processmaker-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

[Kookster310]

QA server K8S was successfully deployed https://ci-ad89f7662c.engk8s.processmaker.net

[eiresendez]

Hi @rodriquelca, could you please take a look at this PR? The changes touch areas you developed so your input would be very valuable to avoid any side effects. Thank you.