fixed session acl load if logged in by api

SE/se-lib/ApiUser.php

@@ -8,6 +8,7 @@ class ApiUser {
 	public $_user;
 
 	public function auth() {
+		// session is closed by session_write_close - readonly
 		if (User::logged()) {
 			$this->_user = User::getCurrentUserObject();
 		}
@@ -39,28 +40,34 @@ class ApiUser {
 	}
 
 	private function _saveToSession() {
-			$_SESSION['ADM_ID'] = $this->_user->ID;
-			$_SESSION['AUTHORIZE_USER'] = $this->_user->ADM_ACCOUNT;
-			$_SESSION['ADM_ACCOUNT'] = $this->_user->ADM_ACCOUNT;
-			//$_SESSION['ADM_AREA'] = $this->_user->ADM_AREA;
-			$_SESSION['ADM_NAME'] = $this->_user->ADM_NAME;
-			$_SESSION['ADM_TECH_WORKER'] = $this->_user->ADM_TECH_WORKER;
-			$_SESSION['ADM_COMPANY'] = $this->_user->ADM_COMPANY;
-			$_SESSION['ADM_ADMIN_LEVEL'] = $this->_user->ADM_ADMIN_LEVEL;
-			$_SESSION['ADM_PHONE'] = $this->_user->ADM_PHONE;
-			$_SESSION['ADM_ADMIN_EXPIRE'] = $this->_user->ADM_ADMIN_EXPIRE;
-			$_SESSION['ADM_ADMIN_DESC'] = $this->_user->ADM_ADMIN_DESC;
-			$_SESSION['EMPLOYEE_TYPE'] = $this->_user->EMPLOYEE_TYPE;
+		session_start();
+		$_SESSION['ADM_ID'] = $this->_user->ID;
+		$_SESSION['AUTHORIZE_USER'] = $this->_user->ADM_ACCOUNT;
+		$_SESSION['ADM_ACCOUNT'] = $this->_user->ADM_ACCOUNT;
+		//$_SESSION['ADM_AREA'] = $this->_user->ADM_AREA;
+		$_SESSION['ADM_NAME'] = $this->_user->ADM_NAME;
+		$_SESSION['ADM_TECH_WORKER'] = $this->_user->ADM_TECH_WORKER;
+		$_SESSION['ADM_COMPANY'] = $this->_user->ADM_COMPANY;
+		$_SESSION['ADM_ADMIN_LEVEL'] = $this->_user->ADM_ADMIN_LEVEL;
+		$_SESSION['ADM_PHONE'] = $this->_user->ADM_PHONE;
+		$_SESSION['ADM_ADMIN_EXPIRE'] = $this->_user->ADM_ADMIN_EXPIRE;
+		$_SESSION['ADM_ADMIN_DESC'] = $this->_user->ADM_ADMIN_DESC;
+		$_SESSION['EMPLOYEE_TYPE'] = $this->_user->EMPLOYEE_TYPE;
 
-			// save user pass in encrypted form
-			//Lib::loadClass('Crypt');
-			//$_SESSION['ADM_PASS_HASH'] = Crypt::encrypt($pass);
-			//$_SESSION['EMAIL_IMAP_IMPORT_PASSWD_HASH'] = Crypt::encrypt($this->_user->EMAIL_IMAP_IMPORT_PASSWD);
-			//$_SESSION['EMAIL_IMAP_IMPORT_HOST'] = $this->_user->EMAIL_IMAP_IMPORT_HOST;
-			//$_SESSION['EMAIL_IMAP_IMPORT_USERNAME'] = $this->_user->EMAIL_IMAP_IMPORT_USERNAME;
+		// save user pass in encrypted form
+		//Lib::loadClass('Crypt');
+		//$_SESSION['ADM_PASS_HASH'] = Crypt::encrypt($pass);
+		//$_SESSION['EMAIL_IMAP_IMPORT_PASSWD_HASH'] = Crypt::encrypt($this->_user->EMAIL_IMAP_IMPORT_PASSWD);
+		//$_SESSION['EMAIL_IMAP_IMPORT_HOST'] = $this->_user->EMAIL_IMAP_IMPORT_HOST;
+		//$_SESSION['EMAIL_IMAP_IMPORT_USERNAME'] = $this->_user->EMAIL_IMAP_IMPORT_USERNAME;
+		session_write_close();
 	}
 
 	public function logout() {
+		session_start();
+		$_SESSION = array();
+		session_destroy();
+		session_write_close();
 		header('WWW-Authenticate: Basic realm="API"');
 		header('HTTP/1.0 401 Unauthorized');
 		$apiUrl = "https://{$_SERVER['HTTP_HOST']}{$_SERVER['SCRIPT_NAME']}";

SE/se-lib/User.php

@@ -196,6 +196,12 @@ class User {
 		} else {
 			self::authByRequest();
 		}
+
+		if (User::logged() && !V::get('ADM_ACL_LOADED', false, $_SESSION)) {
+			$userAcl = User::getAcl();
+			$userAcl->fetchAllPerms();
+			$_SESSION['ADM_ACL_LOADED'] = true;
+		}
 	}
 
 	public static function authByRequest() {
@@ -236,6 +242,7 @@ class User {
 			case 'LOGOUT':
 				if (User::logged()) {
 
+					$_SESSION = array();
 					session_destroy();
 					unset($_SESSION['AUTHORIZE_USER']);
 					unset($_SESSION['ADM_ACCOUNT']);
@@ -411,6 +418,7 @@ class User {
 
 			$userAcl = User::getAcl();
 			$userAcl->fetchAllPerms();
+			$_SESSION['ADM_ACL_LOADED'] = true;
 
 			return true;
 		}