From 0527f22dc942483430f8449e25a096bb8d683a5d Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Sat, 31 Dec 2022 00:42:58 +0100 Subject: [PATCH] dont show page content for resellers withouth required permissions to actually do something Signed-off-by: Michael Kaufmann --- admin_cronjobs.php | 2 +- admin_ipsandports.php | 2 +- admin_mysqlserver.php | 2 +- lib/Froxlor/Api/Commands/IpsAndPorts.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/admin_cronjobs.php b/admin_cronjobs.php index e23ce0c0..3a77e694 100644 --- a/admin_cronjobs.php +++ b/admin_cronjobs.php @@ -36,7 +36,7 @@ use Froxlor\UI\Response; $id = (int)Request::any('id'); -if ($page == 'cronjobs' || $page == 'overview') { +if (($page == 'cronjobs' || $page == 'overview') && $userinfo['change_serversettings'] == '1') { if ($action == '') { $log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'viewed admin_cronjobs'); diff --git a/admin_ipsandports.php b/admin_ipsandports.php index 6a60288b..e8f796b3 100644 --- a/admin_ipsandports.php +++ b/admin_ipsandports.php @@ -38,7 +38,7 @@ use Froxlor\UI\Response; $id = (int)Request::any('id'); -if ($page == 'ipsandports' || $page == 'overview') { +if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_serversettings'] == '1') { if ($action == '') { $log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "viewed admin_ipsandports"); diff --git a/admin_mysqlserver.php b/admin_mysqlserver.php index c2332d0b..699a2441 100644 --- a/admin_mysqlserver.php +++ b/admin_mysqlserver.php @@ -38,7 +38,7 @@ use Froxlor\UI\Response; $id = (int)Request::any('id'); -if ($page == 'mysqlserver' || $page == 'overview') { +if (($page == 'mysqlserver' || $page == 'overview') && $userinfo['change_serversettings'] == '1') { if ($action == '') { $log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "viewed admin_mysqlserver"); diff --git a/lib/Froxlor/Api/Commands/IpsAndPorts.php b/lib/Froxlor/Api/Commands/IpsAndPorts.php index 579614cb..d3dfe6be 100644 --- a/lib/Froxlor/Api/Commands/IpsAndPorts.php +++ b/lib/Froxlor/Api/Commands/IpsAndPorts.php @@ -391,7 +391,7 @@ class IpsAndPorts extends ApiCommand implements ResourceEntity */ public function update() { - if ($this->isAdmin() && ($this->getUserDetail('change_serversettings') || !empty($this->getUserDetail('ip')))) { + if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) { $id = $this->getParam('id'); $result = $this->apiCall('IpsAndPorts.get', [