When GeoFence option "Use GeoServer roles to get authorizations" is activated users specific rules will also be selected

Description

When GeoFence option "Use GeoServer roles to get authorizations" is activated, if someone defines a rule allowing a certain user to do something then everyone will inherit those permissions.

For example if we define a rule allowing a certain user to do everything everyone will be allowed to do everything.

This is a consequence of how the filter to select the matching rules is build, when the option above is activated users column is ignored:
https://github.com/geoserver/geoserver/blob/master/src/community/geofence/src/main/java/org/geoserver/geofence/GeofenceAccessManager.java#L394-L423

To reproduce this issue just activate the option "Use GeoServer roles to get authorizations" on GeoFence configuration page and define a single rule allowing only a specific user to do everything. Logout and try to do something, no restrictions will be applied.

The original use case that motivated this option was very specific and not needed anymore.

Environment

None

Assignee

Nuno Oliveira

Reporter

Nuno Oliveira

Triage

None

Fix versions

None

Affects versions

None

Components

Priority

Medium
Configure