zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-18 18:39:19 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fixes for access rights for the new history pages

Browse source
This commit is contained in:
Pinga 2025-04-07 22:52:50 +03:00
parent cae51f7cd0
commit 2fa50bd72d
4 changed files with 65 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

18
cp/app/Controllers/DomainsController.php
View file

@ -1078,10 +1078,26 @@ class DomainsController extends Controller
throw new \RuntimeException('Audit table is empty or not configured');
}
$domain = $db->selectRow('SELECT id,name FROM domain WHERE name = ?',
$domain = $db->selectRow('SELECT id, name, clid FROM domain WHERE name = ?',
[ $args ]);
if ($domain) {
$registrars = $db->selectRow('SELECT id, clid, name FROM registrar WHERE id = ?', [$domain['clid']]);
// Check if the user is not an admin (assuming role 0 is admin)
if ($_SESSION["auth_roles"] != 0) {
$userRegistrars = $db->select('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
// Assuming $userRegistrars returns an array of arrays, each containing 'registrar_id'
$userRegistrarIds = array_column($userRegistrars, 'registrar_id');
// Check if the registrar's ID is in the user's list of registrar IDs
if (!in_array($registrars['id'], $userRegistrarIds)) {
// Redirect to the domains view if the user is not authorized for this contact
return $response->withHeader('Location', '/domains')->withStatus(302);
}
}
$history = $db_audit->select(
'SELECT * FROM domain WHERE name = ? ORDER BY audit_timestamp DESC, audit_rownum ASC',
[$args]