Fixes for access rights for the new history pages

This commit is contained in:
Pinga 2025-04-07 22:52:50 +03:00
parent cae51f7cd0
commit 2fa50bd72d
4 changed files with 65 additions and 3 deletions

View file

@ -427,6 +427,20 @@ class RegistrarsController extends Controller
[ $args ]);
if ($registrar) {
// Check if the user is not an admin
if ($_SESSION["auth_roles"] != 0) {
$userRegistrars = $db->select('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
// Assuming $userRegistrars returns an array of arrays, each containing 'registrar_id'
$userRegistrarIds = array_column($userRegistrars, 'registrar_id');
// Check if the registrar's ID is in the user's list of registrar IDs
if (!in_array($registrar['id'], $userRegistrarIds)) {
// Redirect to the registrars view if the user is not authorized for this contact
return $response->withHeader('Location', '/registrars')->withStatus(302);
}
}
try {
$exists = $db_audit->selectValue('SELECT 1 FROM domain LIMIT 1');
} catch (\PDOException $e) {