Browse code

Subuser sollen nicht automatisch Kundenrechte erhalten!

Bernd Wurst authored on12/11/2013 17:57:18
Showing2 changed files
... ...
@@ -41,6 +41,7 @@ case ROLE_MAILACCOUNT:
41 41
 case ROLE_SYSTEMUSER:
42 42
   $role = "{$_SESSION['userinfo']['name']}, angemeldet als Benutzer";
43 43
   break;
44
+case ROLE_SYSTEMUSER | ROLE_SUBUSER:
44 45
 case ROLE_SYSTEMUSER | ROLE_CUSTOMER | ROLE_SUBUSER:
45 46
   $role = "{$_SESSION['subuser']}, Unternutzer von {$_SESSION['userinfo']['username']}";
46 47
   break;
... ...
@@ -296,11 +296,17 @@ function setup_session($role, $useridentity)
296 296
     DEBUG("We are a sub-user");
297 297
     $info = get_subuser_info($useridentity);
298 298
     $_SESSION['userinfo'] = $info;
299
+    $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_SUBUSER;
299 300
     $_SESSION['subuser'] = $useridentity;
300
-    $customer = get_customer_info($_SESSION['userinfo']['username']);
301
-    $_SESSION['customerinfo'] = $customer;
302
-    $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_CUSTOMER | ROLE_SUBUSER;
303
-    $_SESSION['restrict_modules'] = explode(',', $info['modules']);
301
+    $data = db_query("SELECT kundenaccount FROM system.useraccounts WHERE username='{$info['username']}'");
302
+    if ($entry = mysql_fetch_assoc($data)) {
303
+      if ($entry['kundenaccount'] == 1) {
304
+        $customer = get_customer_info($_SESSION['userinfo']['username']);
305
+        $_SESSION['customerinfo'] = $customer;
306
+        $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_CUSTOMER | ROLE_SUBUSER;
307
+        $_SESSION['restrict_modules'] = explode(',', $info['modules']);
308
+      }
309
+    }
304 310
     logger(LOG_INFO, "session/start", "login", "logged in user »{$info['username']}«");
305 311
   }
306 312
   if ($role & ROLE_SYSTEMUSER)