User session object not updated of role added or removed #1121

adm_program/modules/groups-roles/members_assignment.php

@@ -90,13 +90,11 @@
             $leadership = true;
         }
 
-        // Member
+        $gDb->startTransaction();
         $member = new TableMembers($gDb);
-
-        // Datensatzupdate
         $memCount = $role->countMembers($getUserId);
 
-        // Wenn Rolle weniger mitglieder hätte als zugelassen oder Leiter hinzugefügt werden soll
+        // If role would have less members than allowed or leader is to be added
         if($leadership || (!$leadership && $membership && ($role->getValue('rol_max_members') > $memCount || (int) $role->getValue('rol_max_members') === 0)))
         {
             $member->startMembership((int) $role->getValue('rol_id'), $getUserId, $leadership, $memberApproved);
@@ -121,6 +119,10 @@
             $gMessage->show($gL10n->get('SYS_ROLE_MAX_MEMBERS', array($role->getValue('rol_name'))));
             // => EXIT
         }
+
+        // refresh session user object to update the user rights because of the new or removed role
+        $gCurrentSession->renewUserObject($getUserId);
+        $gDb->endTransaction();
     }
     catch(AdmException $e)
     {

adm_program/modules/profile/profile_function.php

@@ -69,7 +69,13 @@
     {
         try
         {
+            $gDb->startTransaction();
+
             $member->stopMembership();
+            // refresh session user object to update the user rights because of the removed role
+            $gCurrentSession->renewUserObject($member->getValue('mem_usr_id'));
+
+            $gDb->endTransaction();
         }
         catch(AdmException $e)
         {
@@ -191,8 +197,14 @@
         $formatedEndDate = DATE_MAX;
     }
 
+    $gDb->startTransaction();
+
     // save role membership
     $user->editRoleMembership($getMemberId, $formatedStartDate, $formatedEndDate);
+    // refresh session user object to update the user rights because of the possible changed role assignment
+    $gCurrentSession->renewUserObject($user->getValue('usr_id'));
+
+    $gDb->endTransaction();
 
     echo 'success';
 }

adm_program/modules/profile/roles_save.php

@@ -72,7 +72,7 @@
 
 if($gCurrentUser->manageRoles())
 {
-    // Benutzer mit Rollenrechten darf ALLE Rollen zuordnen
+    // User with role rights may assign ALL roles
     $sql = 'SELECT rol_id, rol_name, rol_max_members, rol_administrator, mem_id, mem_begin, mem_end
               FROM '.TBL_ROLES.'
         INNER JOIN '.TBL_CATEGORIES.'
@@ -91,7 +91,7 @@
 }
 else
 {
-    // Ein Leiter darf nur Rollen zuordnen, bei denen er auch Leiter ist
+    // A roll leader may only assign roles where he is also a leader
     $sql = 'SELECT rol_id, rol_name, rol_max_members, rol_administrator, mgl.mem_id, mgl.mem_begin, mgl.mem_end
               FROM '.TBL_MEMBERS.' AS bm
         INNER JOIN '.TBL_ROLES.'
@@ -121,12 +121,12 @@
 $assignedCount = 0;
 $parentRoles = array();
 
-// Ergebnisse durchlaufen und kontrollieren ob maximale Teilnehmerzahl ueberschritten wuerde
+// Run results and check if maximum number of participants would be exceeded
 foreach($rolesList as $row)
 {
     if($row['rol_max_members'] > 0)
     {
-        // erst einmal schauen, ob der Benutzer dieser Rolle bereits zugeordnet ist
+        // first check if the user is already assigned to this role
         $sql = 'SELECT COUNT(*) AS count
                   FROM '.TBL_MEMBERS.'
                  WHERE mem_rol_id = ? -- $row[\'rol_id\']
@@ -138,7 +138,7 @@
 
         if((int) $pdoStatement->fetchColumn() === 0)
         {
-            // Benutzer ist der Rolle noch nicht zugeordnet, dann schauen, ob die Anzahl ueberschritten wird
+            // User is not yet assigned to the role, then see if the number is exceeded
             $sql = 'SELECT COUNT(*) AS count
                       FROM '.TBL_MEMBERS.'
                      WHERE mem_rol_id = ? -- $row[\'rol_id\']
@@ -147,7 +147,7 @@
                        AND mem_end    > ? -- DATE_NOW';
             $pdoStatement = $gDb->queryPrepared($sql, array($row['rol_id'], DATE_NOW, DATE_NOW));
 
-            // Bedingungen fuer Abbruch und Abbruch
+            // maximum number of participiants exceeded and it's not a role leader assignement
             if($pdoStatement->fetchColumn() >= $row['rol_max_members']
             && isset($_POST['leader-'.$row['rol_id']]) && $_POST['leader-'.$row['rol_id']] == false
             && isset($_POST['role-'.$row['rol_id']])   && $_POST['role-'.$row['rol_id']]   == true)
@@ -168,7 +168,7 @@
 
 $user = new User($gDb, $gProfileFields, $getUserId);
 
-// Ergebnisse durchlaufen und Datenbankupdate durchfuehren
+// Run through results and perform database update
 foreach($rolesList as $row)
 {
     // if role is administrator than only administrator can add new user,
@@ -243,9 +243,8 @@
     $gNavigation->deleteLastUrl();
 }
 
-// all active users must renew their user data because maybe their
-// rights have been changed if they where new members of this role
-$gCurrentSession->renewUserObject();
+// refresh session user object to update the user rights because of the new or removed role
+$gCurrentSession->renewUserObject($user->getValue('usr_id'));
 
 // Check if a new user get's at least one role
 if($getNewUser > 0 && $assignedCount === 0)
@@ -262,10 +261,11 @@
     }
 }
 
-// zur Ausgangsseite zurueck
+// back to the starting page
+
 if(str_contains($gNavigation->getUrl(), 'new_user_assign.php'))
 {
-    // von hier aus direkt zur Registrierungsuebersicht zurueck
+    // go directly back to the registration overview
     $gNavigation->deleteLastUrl();
 }