Properly update the session roles from the API side

Allow (u) to be empty if we dont have it, we can get it from the session users_id
2010-10-14 20:38:48 +00:00 · 2010-10-14 20:38:48 +00:00 · f225787e39
commit f225787e39
parent 241618c74f
2 changed files with 6 additions and 10 deletions
--- a/api.php
+++ b/api.php
@ -584,10 +584,7 @@ switch($request[0]) {
 				switch($addstatus) {
 					case "ok":
 						$ret['status']="ok";
-						$roleName = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $role_id"), 0);
-						if(!in_array($roleName, $_SESSION['roles'])){ // because account_add_role will return "ok" if they already have this role
-							$_SESSION['roles'][] = $roleName;
-						}
+						updateSessionRoles();
 						break;
 					case "invalidrole": $ret['status']="error"; $ret['error']="Invalid role"; break;
 					case "invalidaccount": $ret['status']="error"; $ret['error']="Invalid account"; break;
@ -616,11 +613,7 @@ switch($request[0]) {
 				switch($removestatus) {
 					case "ok":
 						$ret['status']="ok";
-						$roleName = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $role_id"), 0);
-						$key = array_search($roleName, $_SESSION['roles']);
-						if($key !== false){
-							unset($_SESSION['roles'][$key]);
-						}
+						updateSessionRoles();
 						break;
 					case "invalidrole": $ret['status']="error"; $ret['error']="Invalid role"; break;
 					case "invalidaccount": $ret['status']="error"; $ret['error']="Invalid account"; break;
--- a/user.inc.php
+++ b/user.inc.php
@ -906,7 +906,10 @@ function try_login($user, $pass)
 	/* Login successful */
 	return $r['id'];
 }
-function updateSessionRoles($u) {
+function updateSessionRoles($u=null) {
+	if(!$u)
+		$u=users_load($_SESSION['user_id']);
+
 	$_SESSION['roles']=array();
 	foreach($u['roles'] AS $r=>$rd) {
 		if($rd['active']=="yes")