Logikfehler: Subuser hatte immer alle Recht. Nicht gut. (4ba2a6d)

@@ -296,6 +296,7 @@ function setup_session($role, $useridentity)
     DEBUG("We are a sub-user");
     $info = get_subuser_info($useridentity);
     $_SESSION['userinfo'] = $info;
+    $_SESSION['restrict_modules'] = explode(',', $info['modules']);
     $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_SUBUSER;
     $_SESSION['subuser'] = $useridentity;
     $data = db_query("SELECT kundenaccount FROM system.useraccounts WHERE username='{$info['username']}'");
@@ -304,7 +305,6 @@ function setup_session($role, $useridentity)
         $customer = get_customer_info($_SESSION['userinfo']['username']);
         $_SESSION['customerinfo'] = $customer;
         $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_CUSTOMER | ROLE_SUBUSER;
-        $_SESSION['restrict_modules'] = explode(',', $info['modules']);
       }
     }
     logger(LOG_INFO, "session/start", "login", "logged in user »{$info['username']}«");


...	...	@@ -296,6 +296,7 @@ function setup_session($role, $useridentity)
296	296	DEBUG("We are a sub-user");
297	297	$info = get_subuser_info($useridentity);
298	298	$_SESSION['userinfo'] = $info;
	299	+ $_SESSION['restrict_modules'] = explode(',', $info['modules']);
299	300	$_SESSION['role'] = ROLE_SYSTEMUSER \| ROLE_SUBUSER;
300	301	$_SESSION['subuser'] = $useridentity;
301	302	$data = db_query("SELECT kundenaccount FROM system.useraccounts WHERE username='{$info['username']}'");
...	...	@@ -304,7 +305,6 @@ function setup_session($role, $useridentity)
304	305	$customer = get_customer_info($_SESSION['userinfo']['username']);
305	306	$_SESSION['customerinfo'] = $customer;
306	307	$_SESSION['role'] = ROLE_SYSTEMUSER \| ROLE_CUSTOMER \| ROLE_SUBUSER;
307		- $_SESSION['restrict_modules'] = explode(',', $info['modules']);
308	308	}
309	309	}
310	310	logger(LOG_INFO, "session/start", "login", "logged in user »{$info['username']}«");
311	311

webinterface.git