Properly update the session roles from the API side

Allow (u) to be empty if we dont have it, we can get it from the session users_id
This commit is contained in:
james 2010-10-14 20:38:48 +00:00
parent 241618c74f
commit f225787e39
2 changed files with 6 additions and 10 deletions

11
api.php
View File

@ -584,10 +584,7 @@ switch($request[0]) {
switch($addstatus) { switch($addstatus) {
case "ok": case "ok":
$ret['status']="ok"; $ret['status']="ok";
$roleName = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $role_id"), 0); updateSessionRoles();
if(!in_array($roleName, $_SESSION['roles'])){ // because account_add_role will return "ok" if they already have this role
$_SESSION['roles'][] = $roleName;
}
break; break;
case "invalidrole": $ret['status']="error"; $ret['error']="Invalid role"; break; case "invalidrole": $ret['status']="error"; $ret['error']="Invalid role"; break;
case "invalidaccount": $ret['status']="error"; $ret['error']="Invalid account"; break; case "invalidaccount": $ret['status']="error"; $ret['error']="Invalid account"; break;
@ -616,11 +613,7 @@ switch($request[0]) {
switch($removestatus) { switch($removestatus) {
case "ok": case "ok":
$ret['status']="ok"; $ret['status']="ok";
$roleName = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $role_id"), 0); updateSessionRoles();
$key = array_search($roleName, $_SESSION['roles']);
if($key !== false){
unset($_SESSION['roles'][$key]);
}
break; break;
case "invalidrole": $ret['status']="error"; $ret['error']="Invalid role"; break; case "invalidrole": $ret['status']="error"; $ret['error']="Invalid role"; break;
case "invalidaccount": $ret['status']="error"; $ret['error']="Invalid account"; break; case "invalidaccount": $ret['status']="error"; $ret['error']="Invalid account"; break;

View File

@ -906,7 +906,10 @@ function try_login($user, $pass)
/* Login successful */ /* Login successful */
return $r['id']; return $r['id'];
} }
function updateSessionRoles($u) { function updateSessionRoles($u=null) {
if(!$u)
$u=users_load($_SESSION['user_id']);
$_SESSION['roles']=array(); $_SESSION['roles']=array();
foreach($u['roles'] AS $r=>$rd) { foreach($u['roles'] AS $r=>$rd) {
if($rd['active']=="yes") if($rd['active']=="yes")