From 8ec38d1e6bacbceb7d3465e2ce2aed70f1dbd3ac Mon Sep 17 00:00:00 2001
From: cdujeu <charles@ajaxplorer.info>
Date: Thu, 14 Nov 2013 11:07:54 +0100
Subject: [PATCH] Make sure we don't have false positive for old user
 migrations, otherwise it can end up overriding the role

---
 .../conf.serial/class.AJXP_SerialUser.php     |  8 +++++---
 .../plugins/conf.sql/class.AJXP_SqlUser.php   | 20 ++++++++++++-------
 .../core.conf/class.AbstractAjxpUser.php      |  5 ++++-
 3 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/core/src/plugins/conf.serial/class.AJXP_SerialUser.php b/core/src/plugins/conf.serial/class.AJXP_SerialUser.php
index 575eaae92b..57ee028ed5 100644
--- a/core/src/plugins/conf.serial/class.AJXP_SerialUser.php
+++ b/core/src/plugins/conf.serial/class.AJXP_SerialUser.php
@@ -158,9 +158,11 @@ public function load()
             $this->roles["AJXP_USR_"."/".$this->id] = $personalRole;
         } else {
             // MIGRATE NOW !
-            $this->migrateRightsToPersonalRole();
-            AJXP_Utils::saveSerialFile($this->getStoragePath()."/role.ser", $this->personalRole, true);
-            AJXP_Utils::saveSerialFile($this->getStoragePath()."/rights.ser", $this->rights, true);
+            $changes = $this->migrateRightsToPersonalRole();
+            if ($changes) {
+                AJXP_Utils::saveSerialFile($this->getStoragePath()."/role.ser", $this->personalRole, true);
+                AJXP_Utils::saveSerialFile($this->getStoragePath()."/rights.ser", $this->rights, true);
+            }
         }
 
         $this->recomputeMergedRole();
diff --git a/core/src/plugins/conf.sql/class.AJXP_SqlUser.php b/core/src/plugins/conf.sql/class.AJXP_SqlUser.php
index bb80586f4c..39dc098527 100755
--- a/core/src/plugins/conf.sql/class.AJXP_SqlUser.php
+++ b/core/src/plugins/conf.sql/class.AJXP_SqlUser.php
@@ -427,15 +427,21 @@ public function load()
         } else {
             // MIGRATE NOW !
             $originalRights = $this->rights;
-            $this->migrateRightsToPersonalRole();
-            $removedRights = array_keys(array_diff($originalRights, $this->rights));
-            $this->roles["AJXP_USR_"."/".$this->id] = $this->personalRole;
+            $changes = $this->migrateRightsToPersonalRole();
             // SAVE RIGHT AND ROLE
-            if (count($removedRights)) {
-                // We use (%s) instead of %in to pass everyting as string ('1' instead of 1)
-                dibi::query("DELETE FROM [ajxp_user_rights] WHERE [login] = %s AND [repo_uuid] IN (%s)", $this->getId(), $removedRights);
+            if ($changes > 0) {
+                // There was an actual migration, let's save the changes now.
+                $removedRights = array_keys(array_diff($originalRights, $this->rights));
+                if (count($removedRights)) {
+                    // We use (%s) instead of %in to pass everything as string ('1' instead of 1)
+                    dibi::query("DELETE FROM [ajxp_user_rights] WHERE [login] = %s AND [repo_uuid] IN (%s)", $this->getId(), $removedRights);
+                }
+                AuthService::updateRole($this->personalRole);
+            } else {
+                $this->personalRole = new AJXP_Role("AJXP_USR_"."/".$this->id);
             }
-            AuthService::updateRole($this->personalRole);
+            $this->roles["AJXP_USR_"."/".$this->id] = $this->personalRole;
+
         }
         $this->recomputeMergedRole();
     }
diff --git a/core/src/plugins/core.conf/class.AbstractAjxpUser.php b/core/src/plugins/core.conf/class.AbstractAjxpUser.php
index e82f4a53eb..0779c8d881 100644
--- a/core/src/plugins/core.conf/class.AbstractAjxpUser.php
+++ b/core/src/plugins/core.conf/class.AbstractAjxpUser.php
@@ -413,6 +413,7 @@ public function recomputeMergedRole()
 
     protected function migrateRightsToPersonalRole()
     {
+        $changes = 0;
         $this->personalRole = new AJXP_Role("AJXP_USR_"."/".$this->id);
         $this->roles["AJXP_USR_"."/".$this->id] = $this->personalRole;
         foreach ($this->rights as $rightKey => $rightValue) {
@@ -420,12 +421,14 @@ protected function migrateRightsToPersonalRole()
                 foreach ($rightValue as $repoId => $repoData) {
                     foreach ($repoData as $actionName => $actionState) {
                         $this->personalRole->setActionState("plugin.all", $actionName, $repoId, $actionState);
+                        $changes++;
                     }
                 }
                 unset($this->rights[$rightKey]);
             }
             if(strpos($rightKey, "ajxp.") === 0) continue;
             $this->personalRole->setAcl($rightKey, $rightValue);
+            $changes++;
             unset($this->rights[$rightKey]);
         }
         // Move old CUSTOM_DATA values to personal role parameter
@@ -451,7 +454,7 @@ protected function migrateRightsToPersonalRole()
                 }
             }
         }
-
+        return $changes;
     }
 
     protected function orderRoles($r1, $r2)