Subuser sollen nicht automatisch Kundenrechte erhalten!
Bernd Wurst commited on 2013-11-12 17:57:18
Zeige 2 geänderte Dateien mit 7 Einfügungen und 0 Löschungen.
- modules/index/index.php 0eb6cb3..a3332aa
- session/checkuser.php 4d413ab..b92e031
| ... | ... |
@@ -41,6 +41,7 @@ case ROLE_MAILACCOUNT: |
| 41 | 41 |
case ROLE_SYSTEMUSER: |
| 42 | 42 |
$role = "{$_SESSION['userinfo']['name']}, angemeldet als Benutzer";
|
| 43 | 43 |
break; |
| 44 |
+case ROLE_SYSTEMUSER | ROLE_SUBUSER: |
|
| 44 | 45 |
case ROLE_SYSTEMUSER | ROLE_CUSTOMER | ROLE_SUBUSER: |
| 45 | 46 |
$role = "{$_SESSION['subuser']}, Unternutzer von {$_SESSION['userinfo']['username']}";
|
| 46 | 47 |
break; |
| ... | ... |
@@ -296,11 +296,17 @@ function setup_session($role, $useridentity) |
| 296 | 296 |
DEBUG("We are a sub-user");
|
| 297 | 297 |
$info = get_subuser_info($useridentity); |
| 298 | 298 |
$_SESSION['userinfo'] = $info; |
| 299 |
+ $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_SUBUSER; |
|
| 299 | 300 |
$_SESSION['subuser'] = $useridentity; |
| 301 |
+ $data = db_query("SELECT kundenaccount FROM system.useraccounts WHERE username='{$info['username']}'");
|
|
| 302 |
+ if ($entry = mysql_fetch_assoc($data)) {
|
|
| 303 |
+ if ($entry['kundenaccount'] == 1) {
|
|
| 300 | 304 |
$customer = get_customer_info($_SESSION['userinfo']['username']); |
| 301 | 305 |
$_SESSION['customerinfo'] = $customer; |
| 302 | 306 |
$_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_CUSTOMER | ROLE_SUBUSER; |
| 303 | 307 |
$_SESSION['restrict_modules'] = explode(',', $info['modules']);
|
| 308 |
+ } |
|
| 309 |
+ } |
|
| 304 | 310 |
logger(LOG_INFO, "session/start", "login", "logged in user »{$info['username']}«");
|
| 305 | 311 |
} |
| 306 | 312 |
if ($role & ROLE_SYSTEMUSER) |
| 307 | 313 |