public function GetSession($UserID, $Refresh = FALSE) { // Ask for the user. This will check cache first. $User = $this->GetID($UserID, DATASET_TYPE_OBJECT); if (!$User) { return FALSE; } // If we require confirmation and user is not confirmed $ConfirmEmail = C('Garden.Registration.ConfirmEmail', false); $Confirmed = GetValue('Confirmed', $User); if ($ConfirmEmail && !$Confirmed) { // Replace permissions with those of the ConfirmEmailRole $ConfirmEmailRoleID = C('Garden.Registration.ConfirmEmailRole'); $RoleModel = new RoleModel(); $RolePermissions = $RoleModel->GetPermissions($ConfirmEmailRoleID); $Permissions = UserModel::CompilePermissions($RolePermissions); // Ensure Confirm Email role can always sign in if (!in_array('Garden.SignIn.Allow', $Permissions)) { $Permissions[] = 'Garden.SignIn.Allow'; } $User->Permissions = $Permissions; // Otherwise normal loadings! } else { if ($User && ($User->Permissions == '' || Gdn::Cache()->ActiveEnabled())) { $User->Permissions = $this->DefinePermissions($UserID); } } // Remove secret info from session unset($User->Password, $User->HashMethod); return $User; }