From ea756b13f0ae606997c0ccb4382e1a72902a9207 Mon Sep 17 00:00:00 2001
From: Jack Anderson <jack.anderson@salesagility.com>
Date: Fri, 19 Jul 2024 11:35:58 +0100
Subject: [PATCH] Add check for current user on session preferences

---
 modules/UserPreferences/UserPreference.php | 23 ++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/modules/UserPreferences/UserPreference.php b/modules/UserPreferences/UserPreference.php
index 3977dd62d24..6e5796382c7 100755
--- a/modules/UserPreferences/UserPreference.php
+++ b/modules/UserPreferences/UserPreference.php
@@ -104,7 +104,7 @@ public function getPreference(
 
         if ($user->user_name !== $current_user->user_name){
             $this->loadPreferences($category);
-            return $_SESSION[$user->user_name.'_PREFERENCES'][$category][$name];
+            return $user->user_preferences[$category][$name] ?? $this->getDefaultPreference($name, $category);
         }
 
         // if the unique key in session doesn't match the app or prefereces are empty
@@ -208,13 +208,18 @@ public function setPreference(
     public function loadPreferences(
         $category = 'global'
         ) {
-        global $sugar_config;
+        global $sugar_config, $current_user;
 
         $user = $this->_userFocus;
 
         if ($user->object_name != 'User') {
             return;
         }
+
+        if ($user->user_name !== $current_user->user_name){
+            return $this->reloadPreferences($category);
+        }
+
         if (!empty($user->id) && (!isset($_SESSION[$user->user_name . '_PREFERENCES'][$category]) || (!empty($_SESSION['unique_key']) && $_SESSION['unique_key'] != $sugar_config['unique_key']))) {
             // cn: moving this to only log when valid - throwing errors on install
             return $this->reloadPreferences($category);
@@ -235,8 +240,10 @@ public function reloadPreferences($category = 'global')
             return false;
         }
         $GLOBALS['log']->debug('Loading Preferences DB ' . $user->user_name);
-        if (!isset($_SESSION[$user->user_name . '_PREFERENCES'])) {
-            $_SESSION[$user->user_name . '_PREFERENCES'] = array();
+        if ($GLOBALS['current_user']->user_name === $user->user_name){
+            if (!isset($_SESSION[$user->user_name . '_PREFERENCES'])) {
+                $_SESSION[$user->user_name . '_PREFERENCES'] = array();
+            }
         }
         if (!isset($user->user_preferences) || !is_array($user->user_preferences)) {
             $user->user_preferences = array();
@@ -245,11 +252,15 @@ public function reloadPreferences($category = 'global')
         $result = $db->query("SELECT contents FROM user_preferences WHERE assigned_user_id='$user->id' AND category = '" . $category . "' AND deleted = 0", false, 'Failed to load user preferences');
         $row = $db->fetchByAssoc($result);
         if ($row) {
-            $_SESSION[$user->user_name . '_PREFERENCES'][$category] = unserialize(base64_decode($row['contents']));
+            if ($GLOBALS['current_user']->user_name === $user->user_name){
+                $_SESSION[$user->user_name . '_PREFERENCES'][$category] = unserialize(base64_decode($row['contents']));
+            }
             $user->user_preferences[$category] = unserialize(base64_decode($row['contents']));
             return true;
         } else {
-            $_SESSION[$user->user_name . '_PREFERENCES'][$category] = array();
+            if ($GLOBALS['current_user']->user_name === $user->user_name){
+                $_SESSION[$user->user_name . '_PREFERENCES'][$category] = array();
+            }
             $user->user_preferences[$category] = array();
         }
         return false;