Unset userContext and apply permissions if changed while logged in

Kristan Kenney · Kristan Kenney · commit 1654c1b263ce · 2021-04-05T11:06:03.000-03:00
diff --git a/web/inc/main.php b/web/inc/main.php
@@ -161,6 +161,12 @@ function top_panel($user, $TAB) {
         header("Location: /login/");
     }
 
+    // Reset user permissions if changed while logged in
+    if (($panel[$user]['ROLE']) !== ($_SESSION['userContext']) && (!isset($_SESSION['look']))) {
+        unset($_SESSION['userContext']);
+        $_SESSION['userContext'] = $panel[$user]['ROLE'];
+    }
+
     // Load user's selected theme and do not change it when impersonting user
     if ( (isset($panel[$user]['THEME'])) && (!isset($_SESSION['look']) )) {
         $_SESSION['userTheme'] = $panel[$user]['THEME'];
