@robert.down
I have a situation where I am trying to utilize the “see_auth” setting in the users’ table to exclude access to parts of the system.
In the AuthUtils, this exist.
public static function setUserSessionVariables($username, $hash, $userInfo, $authGroup)
{
// Set up session environment
$_SESSION['authUser'] = $username; // username
$_SESSION['authPass'] = $hash; // user hash used to confirm session in authCheckSession()
$_SESSION['authUserID'] = $userInfo['id']; // user id
$_SESSION['authProvider'] = $authGroup; // user group
$_SESSION['userauthorized'] = $userInfo['authorized']; // user authorized setting
// Some users may be able to authorize without being providers:
if ($userInfo['see_auth'] > '2') {
$_SESSION['userauthorized'] = '1';
}
}
As you know, the ‘see_auth’ when set to "See Mine Only is set to 2. However, the $_SESSION[‘userauthrized’] is always 1, even when I set the user account to “See Only Mine.” This means I can never use the setting see_auth to restrict access to anything.
What worked for me was to add:
$_SESSION['see_auth'] = $userInfo['see_auth']; // user see_auth setting
Then, I could restrict access to the system features based on the see_auth setting in the session.
Am I viewing this incorrectly?
Why see_auth doesn’t have its own session setting?