Controller reads user data from DB rather than solely the session

mothership-ec · Jan 26, 2016 · dd552b1 · dd552b1
1 parent c919ccd
commit dd552b1
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/src/Controller/Account/Edit.php b/src/Controller/Account/Edit.php
@@ -18,7 +18,11 @@ class Edit extends Controller
 {
 	public function index()
 	{
-		$user            = $this->get('user.current');
+		// @TODO: see line 172. we should be fine retrieving the user data that the session has,
+		// but i've made this method call back to the database for the user object in case. this
+		// might be useful if someone extends the account page template.
+		$current         = $this->get('user.current');
+		$user            = $this->get('user.loader')->getByID($current->id);
 		$billingAddress  = $this->get('commerce.user.address.loader')->getByUserAndType($user, 'billing');
 		$deliveryAddress = $this->get('commerce.user.address.loader')->getByUserAndType($user, 'delivery');
 
@@ -169,7 +173,11 @@ public function processPassword()
 
 	protected function _getDetailForm()
 	{
-		$user = $this->get('user.current');
+		// get the user object from the DB before rendering the form, this stops the template
+		// retrieving invalid data from the cache after user data is modified in the dashboard
+		// or on the front-end
+		$current = $this->get('user.current');
+		$user = $this->get('user.loader')->getByID($current->id);
 
 		$form = $this->get('form')
 			->setName('detail-edit')