Make sure to clone the original personal role before overriding.

Re-apply specific "Shared" roles after clearing parent user's ACLs in case of a shared user.
pydio · Apr 15, 2014 · f9ff1b7 · f9ff1b7
1 parent 0f1ec52
commit f9ff1b7
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/core/src/plugins/core.conf/class.AbstractAjxpUser.php b/core/src/plugins/core.conf/class.AbstractAjxpUser.php
@@ -386,7 +386,7 @@ public function recomputeMergedRole()
             throw new Exception("Empty role, this is not normal");
         }
         uksort($this->roles, array($this, "orderRoles"));
-        $this->mergedRole =  $this->roles[array_shift(array_keys($this->roles))];
+        $this->mergedRole =  clone $this->roles[array_shift(array_keys($this->roles))];
         if (count($this->roles) > 1) {
             $this->parentRole = $this->mergedRole;
         }
@@ -405,8 +405,12 @@ public function recomputeMergedRole()
             $stretchedParentUserRole = AuthService::limitedRoleFromParent($this->parentUser);
             if ($stretchedParentUserRole !== null) {
                 $this->parentRole = $this->parentRole->override($stretchedParentUserRole);
+                // REAPPLY SPECIFIC "SHARED" ROLES
+                foreach ($this->roles as $role) {
+                    if(! $role->autoAppliesTo("shared")) continue;
+                    $this->parentRole = $role->override($this->parentRole);
+                }
             }
-
             $this->mergedRole = $this->parentRole->override($this->personalRole);
         }
     }