Commit 725ba929 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Preserve admin/system user fields when committing LiveUser instance



The $USER object is saved to the usr table in the db whenever it
changes, and also periodically when the lastaccess property is updated.
However, for some fields, it's not appropriate to overwrite the db
value with the $USER property, because these fields are generally only
modifiable by an admin (e.g. quota, suspended) or the system (e.g.
active).  Previously we have tried to deal with this by removing the
sessions of users whose properties are modified by an admin.  This is
okay when suspending or deleting a user, because the user should be
forced to log out anyway.  But for other properties like the user file
quota, it shouldn't be necessary to force the user to log out because
the value was modified by an admin.  It makes more sense to specify a
list of fields (including quota) that should be reloaded into $USER on
every commit.

Change-Id: Id0268a29be976a506b09d81aeb6a5b80a26e72fa
Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent 4fe8104e
......@@ -1172,6 +1172,25 @@ class LiveUser extends User {
$this->changed = false;
}
public function commit() {
if ($this->changed == false) {
return;
}
// Fields which can't be changed in the session, but which may have
// changed in the db. They should be reloaded.
$reload = array(
'active', 'deleted', 'expiry', 'expirymailsent', 'inactivemailsent',
'suspendedctime', 'suspendedreason', 'suspendedcusr', 'quota',
);
$r = get_record('usr', 'id', $this->id);
foreach ($reload as $k) {
if ($r->$k != $this->$k) {
$this->$k = $r->$k;
}
}
parent::commit();
}
/**
* Updates information in a users' session once we know their session is
* continuing
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment