Browse code

Logikfehler: Subuser hatte immer alle Recht. Nicht gut.

Bernd Wurst authored on12/11/2013 18:26:44
Showing1 changed files
... ...
@@ -296,6 +296,7 @@ function setup_session($role, $useridentity)
296 296
     DEBUG("We are a sub-user");
297 297
     $info = get_subuser_info($useridentity);
298 298
     $_SESSION['userinfo'] = $info;
299
+    $_SESSION['restrict_modules'] = explode(',', $info['modules']);
299 300
     $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_SUBUSER;
300 301
     $_SESSION['subuser'] = $useridentity;
301 302
     $data = db_query("SELECT kundenaccount FROM system.useraccounts WHERE username='{$info['username']}'");
... ...
@@ -304,7 +305,6 @@ function setup_session($role, $useridentity)
304 305
         $customer = get_customer_info($_SESSION['userinfo']['username']);
305 306
         $_SESSION['customerinfo'] = $customer;
306 307
         $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_CUSTOMER | ROLE_SUBUSER;
307
-        $_SESSION['restrict_modules'] = explode(',', $info['modules']);
308 308
       }
309 309
     }
310 310
     logger(LOG_INFO, "session/start", "login", "logged in user »{$info['username']}«");