From 313de4c6dc4f6b73fe90a370046bcd436a6e8b76 Mon Sep 17 00:00:00 2001
From: FusionPBX <mark@fusionpbx.com>
Date: Sat, 20 Apr 2024 22:00:29 -0600
Subject: [PATCH] Update authentication.php

Empty the permissions before assigning permission to the user during the login process.
---
 core/authentication/resources/classes/authentication.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/core/authentication/resources/classes/authentication.php b/core/authentication/resources/classes/authentication.php
index 7aef339947..0f13ab14a4 100644
--- a/core/authentication/resources/classes/authentication.php
+++ b/core/authentication/resources/classes/authentication.php
@@ -256,6 +256,11 @@ class authentication {
 					$_SESSION["user"]["username"] = $result["username"];
 					$_SESSION["user"]["contact_uuid"] = $result["contact_uuid"];
 
+				//empty the  permissions
+					if (isset($_SESSION['permissions'])) {
+						unset($_SESSION['permissions']);
+					}
+
 				//get the groups assigned to the user
 					$group = new groups($this->database, $result["domain_uuid"], $result["user_uuid"]);
 					$groups = $group->get_groups();