From f225787e39542ff783d83e0f29566a17e30ddd61 Mon Sep 17 00:00:00 2001 From: james Date: Thu, 14 Oct 2010 20:38:48 +0000 Subject: [PATCH] Properly update the session roles from the API side Allow (u) to be empty if we dont have it, we can get it from the session users_id --- api.php | 11 ++--------- user.inc.php | 5 ++++- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/api.php b/api.php index 9501dea..3e4b279 100644 --- a/api.php +++ b/api.php @@ -584,10 +584,7 @@ switch($request[0]) { switch($addstatus) { case "ok": $ret['status']="ok"; - $roleName = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $role_id"), 0); - if(!in_array($roleName, $_SESSION['roles'])){ // because account_add_role will return "ok" if they already have this role - $_SESSION['roles'][] = $roleName; - } + updateSessionRoles(); break; case "invalidrole": $ret['status']="error"; $ret['error']="Invalid role"; break; case "invalidaccount": $ret['status']="error"; $ret['error']="Invalid account"; break; @@ -616,11 +613,7 @@ switch($request[0]) { switch($removestatus) { case "ok": $ret['status']="ok"; - $roleName = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $role_id"), 0); - $key = array_search($roleName, $_SESSION['roles']); - if($key !== false){ - unset($_SESSION['roles'][$key]); - } + updateSessionRoles(); break; case "invalidrole": $ret['status']="error"; $ret['error']="Invalid role"; break; case "invalidaccount": $ret['status']="error"; $ret['error']="Invalid account"; break; diff --git a/user.inc.php b/user.inc.php index ab0cd75..2c78843 100644 --- a/user.inc.php +++ b/user.inc.php @@ -906,7 +906,10 @@ function try_login($user, $pass) /* Login successful */ return $r['id']; } -function updateSessionRoles($u) { +function updateSessionRoles($u=null) { + if(!$u) + $u=users_load($_SESSION['user_id']); + $_SESSION['roles']=array(); foreach($u['roles'] AS $r=>$rd) { if($rd['active']=="yes")