When one of our “Registered” users places an order, we have a plugin that successfully adds them to another User Group called “Customer”. This works very nicely in the flow of things using JUserHelper::addUserToGroup().

The problem is that even though the user record IS correctly updated, they’re already logged in, so they are forced to log out and back in to have the necessary ACL that they need.

I’ve hunted through all the jUser code and docs, and cannot find a way to alter the currently logged in user that is yielded by $user =& JFactory::getUser();.

I expect the answer may be obvious to someone who understands the Joomla MVC better than I, but my head is reeling with all the code I’ve read trying to find a way to accomplish this.

UPDATE:

Lodder’s answer below technically works, but while the “User Groups” ARE actually being updated, the AuthGroups and AuthLevels are not. After my code is run, the $user object DOES show the groups there in, but further down in the object,

        [_authGroups:protected] => Array
            (
                [0] => 1
                [1] => 2
            )

        [_authLevels:protected] => Array
            (
                [0] => 1
                [1] => 1
                [2] => 2
            )

There appears to be no way to change this in the current session because it’s all protected, and the only place it’s updated is in user.php at $identities = $this->getAuthorisedGroups();, which only executes on the first time it’s encountered.