fix(auth): invalidate session when permissions change EE-3320 (#8103)

api/http/handler/users/user_update.go

@@ -108,14 +108,15 @@ func (handler *Handler) userUpdate(w http.ResponseWriter, r *http.Request) *http
 		user.TokenIssueAt = time.Now().Unix()
 	}
 
-	if payload.Role != 0 {
-		user.Role = portainer.UserRole(payload.Role)
-	}
-
 	if payload.UserTheme != "" {
 		user.UserTheme = payload.UserTheme
 	}
 
+	if payload.Role != 0 {
+		user.Role = portainer.UserRole(payload.Role)
+		user.TokenIssueAt = time.Now().Unix()
+	}
+
 	err = handler.DataStore.User().UpdateUser(user.ID, user)
 	if err != nil {
 		return httperror.InternalServerError("Unable to persist user changes inside the database", err)