Subuser sollen nicht automatisch Kundenrechte erhalten!
Bernd Wurst

Bernd Wurst commited on 2013-11-12 17:57:18
Zeige 2 geänderte Dateien mit 7 Einfügungen und 0 Löschungen.

... ...
@@ -41,6 +41,7 @@ case ROLE_MAILACCOUNT:
41 41
 case ROLE_SYSTEMUSER:
42 42
   $role = "{$_SESSION['userinfo']['name']}, angemeldet als Benutzer";
43 43
   break;
44
+case ROLE_SYSTEMUSER | ROLE_SUBUSER:
44 45
 case ROLE_SYSTEMUSER | ROLE_CUSTOMER | ROLE_SUBUSER:
45 46
   $role = "{$_SESSION['subuser']}, Unternutzer von {$_SESSION['userinfo']['username']}";
46 47
   break;
... ...
@@ -296,11 +296,17 @@ function setup_session($role, $useridentity)
296 296
     DEBUG("We are a sub-user");
297 297
     $info = get_subuser_info($useridentity);
298 298
     $_SESSION['userinfo'] = $info;
299
+    $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_SUBUSER;
299 300
     $_SESSION['subuser'] = $useridentity;
301
+    $data = db_query("SELECT kundenaccount FROM system.useraccounts WHERE username='{$info['username']}'");
302
+    if ($entry = mysql_fetch_assoc($data)) {
303
+      if ($entry['kundenaccount'] == 1) {
300 304
         $customer = get_customer_info($_SESSION['userinfo']['username']);
301 305
         $_SESSION['customerinfo'] = $customer;
302 306
         $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_CUSTOMER | ROLE_SUBUSER;
303 307
         $_SESSION['restrict_modules'] = explode(',', $info['modules']);
308
+      }
309
+    }
304 310
     logger(LOG_INFO, "session/start", "login", "logged in user »{$info['username']}«");
305 311
   }
306 312
   if ($role & ROLE_SYSTEMUSER)
307 313