zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-17 01:57:00 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fixes for access rights for the new history pages

Browse source
This commit is contained in:
Pinga 2025-04-07 22:52:50 +03:00
parent cae51f7cd0
commit 2fa50bd72d
4 changed files with 65 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

18
cp/app/Controllers/ContactsController.php
View file

@ -906,10 +906,26 @@ class ContactsController extends Controller
throw new \RuntimeException('Audit table is empty or not configured'); throw new \RuntimeException('Audit table is empty or not configured');
} }
$contact = $db->selectRow('SELECT id, identifier FROM contact WHERE identifier = ?', $contact = $db->selectRow('SELECT id, identifier, clid FROM contact WHERE identifier = ?',
[ $args ]); [ $args ]);
if ($contact) { if ($contact) {
$registrars = $db->selectRow('SELECT id, clid, name FROM registrar WHERE id = ?', [$contact['clid']]);
// Check if the user is not an admin (assuming role 0 is admin)
if ($_SESSION["auth_roles"] != 0) {
$userRegistrars = $db->select('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
// Assuming $userRegistrars returns an array of arrays, each containing 'registrar_id'
$userRegistrarIds = array_column($userRegistrars, 'registrar_id');
// Check if the registrar's ID is in the user's list of registrar IDs
if (!in_array($registrars['id'], $userRegistrarIds)) {
// Redirect to the contacts view if the user is not authorized for this contact
return $response->withHeader('Location', '/contacts')->withStatus(302);
}
}
$history = $db_audit->select( $history = $db_audit->select(
'SELECT * FROM contact WHERE identifier = ? ORDER BY audit_timestamp DESC, audit_rownum ASC', 'SELECT * FROM contact WHERE identifier = ? ORDER BY audit_timestamp DESC, audit_rownum ASC',
[$args] [$args]

18
cp/app/Controllers/DomainsController.php
View file

@ -1078,10 +1078,26 @@ class DomainsController extends Controller
throw new \RuntimeException('Audit table is empty or not configured'); throw new \RuntimeException('Audit table is empty or not configured');
} }
$domain = $db->selectRow('SELECT id,name FROM domain WHERE name = ?', $domain = $db->selectRow('SELECT id, name, clid FROM domain WHERE name = ?',
[ $args ]); [ $args ]);
if ($domain) { if ($domain) {
$registrars = $db->selectRow('SELECT id, clid, name FROM registrar WHERE id = ?', [$domain['clid']]);
// Check if the user is not an admin (assuming role 0 is admin)
if ($_SESSION["auth_roles"] != 0) {
$userRegistrars = $db->select('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
// Assuming $userRegistrars returns an array of arrays, each containing 'registrar_id'
$userRegistrarIds = array_column($userRegistrars, 'registrar_id');
// Check if the registrar's ID is in the user's list of registrar IDs
if (!in_array($registrars['id'], $userRegistrarIds)) {
// Redirect to the domains view if the user is not authorized for this contact
return $response->withHeader('Location', '/domains')->withStatus(302);
}
}
$history = $db_audit->select( $history = $db_audit->select(
'SELECT * FROM domain WHERE name = ? ORDER BY audit_timestamp DESC, audit_rownum ASC', 'SELECT * FROM domain WHERE name = ? ORDER BY audit_timestamp DESC, audit_rownum ASC',
[$args] [$args]

18
cp/app/Controllers/HostsController.php
View file

@ -316,10 +316,26 @@ class HostsController extends Controller
} }
} }
$host = $db->selectRow('SELECT id, name FROM host WHERE name = ?', $host = $db->selectRow('SELECT id, name, clid FROM host WHERE name = ?',
[ $args ]); [ $args ]);
if ($host) { if ($host) {
$registrars = $db->selectRow('SELECT id, clid, name FROM registrar WHERE id = ?', [$host['clid']]);
// Check if the user is not an admin (assuming role 0 is admin)
if ($_SESSION["auth_roles"] != 0) {
$userRegistrars = $db->select('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
// Assuming $userRegistrars returns an array of arrays, each containing 'registrar_id'
$userRegistrarIds = array_column($userRegistrars, 'registrar_id');
// Check if the registrar's ID is in the user's list of registrar IDs
if (!in_array($registrars['id'], $userRegistrarIds)) {
// Redirect to the hosts view if the user is not authorized for this host
return $response->withHeader('Location', '/hosts')->withStatus(302);
}
}
try { try {
$exists = $db_audit->selectValue('SELECT 1 FROM domain LIMIT 1'); $exists = $db_audit->selectValue('SELECT 1 FROM domain LIMIT 1');
} catch (\PDOException $e) { } catch (\PDOException $e) {

14
cp/app/Controllers/RegistrarsController.php
View file

@ -427,6 +427,20 @@ class RegistrarsController extends Controller
[ $args ]); [ $args ]);
if ($registrar) { if ($registrar) {
// Check if the user is not an admin
if ($_SESSION["auth_roles"] != 0) {
$userRegistrars = $db->select('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
// Assuming $userRegistrars returns an array of arrays, each containing 'registrar_id'
$userRegistrarIds = array_column($userRegistrars, 'registrar_id');
// Check if the registrar's ID is in the user's list of registrar IDs
if (!in_array($registrar['id'], $userRegistrarIds)) {
// Redirect to the registrars view if the user is not authorized for this contact
return $response->withHeader('Location', '/registrars')->withStatus(302);
}
}
try { try {
$exists = $db_audit->selectValue('SELECT 1 FROM domain LIMIT 1'); $exists = $db_audit->selectValue('SELECT 1 FROM domain LIMIT 1');
} catch (\PDOException $e) { } catch (\PDOException $e) {