mirror of
https://github.com/getnamingo/registry.git
synced 2025-05-17 01:57:00 +02:00
Fixes for access rights for the new history pages
This commit is contained in:
Pinga
parent
cae51f7cd0
commit
2fa50bd72d
4 changed files with 65 additions and 3 deletions
|
|
@ -906,10 +906,26 @@ class ContactsController extends Controller
|
|||
throw new \RuntimeException('Audit table is empty or not configured');
|
||||
}
|
||||
|
||||
$contact = $db->selectRow('SELECT id, identifier FROM contact WHERE identifier = ?',
|
||||
$contact = $db->selectRow('SELECT id, identifier, clid FROM contact WHERE identifier = ?',
|
||||
[ $args ]);
|
||||
|
||||
if ($contact) {
|
||||
$registrars = $db->selectRow('SELECT id, clid, name FROM registrar WHERE id = ?', [$contact['clid']]);
|
||||
|
||||
// Check if the user is not an admin (assuming role 0 is admin)
|
||||
if ($_SESSION["auth_roles"] != 0) {
|
||||
$userRegistrars = $db->select('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
|
||||
|
||||
// Assuming $userRegistrars returns an array of arrays, each containing 'registrar_id'
|
||||
$userRegistrarIds = array_column($userRegistrars, 'registrar_id');
|
||||
|
||||
// Check if the registrar's ID is in the user's list of registrar IDs
|
||||
if (!in_array($registrars['id'], $userRegistrarIds)) {
|
||||
// Redirect to the contacts view if the user is not authorized for this contact
|
||||
return $response->withHeader('Location', '/contacts')->withStatus(302);
|
||||
}
|
||||
}
|
||||
|
||||
$history = $db_audit->select(
|
||||
'SELECT * FROM contact WHERE identifier = ? ORDER BY audit_timestamp DESC, audit_rownum ASC',
|
||||
[$args]
|
||||
|
|
|
|||
|
|
@ -1078,10 +1078,26 @@ class DomainsController extends Controller
|
|||
throw new \RuntimeException('Audit table is empty or not configured');
|
||||
}
|
||||
|
||||
$domain = $db->selectRow('SELECT id,name FROM domain WHERE name = ?',
|
||||
$domain = $db->selectRow('SELECT id, name, clid FROM domain WHERE name = ?',
|
||||
[ $args ]);
|
||||
|
||||
if ($domain) {
|
||||
$registrars = $db->selectRow('SELECT id, clid, name FROM registrar WHERE id = ?', [$domain['clid']]);
|
||||
|
||||
// Check if the user is not an admin (assuming role 0 is admin)
|
||||
if ($_SESSION["auth_roles"] != 0) {
|
||||
$userRegistrars = $db->select('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
|
||||
|
||||
// Assuming $userRegistrars returns an array of arrays, each containing 'registrar_id'
|
||||
$userRegistrarIds = array_column($userRegistrars, 'registrar_id');
|
||||
|
||||
// Check if the registrar's ID is in the user's list of registrar IDs
|
||||
if (!in_array($registrars['id'], $userRegistrarIds)) {
|
||||
// Redirect to the domains view if the user is not authorized for this contact
|
||||
return $response->withHeader('Location', '/domains')->withStatus(302);
|
||||
}
|
||||
}
|
||||
|
||||
$history = $db_audit->select(
|
||||
'SELECT * FROM domain WHERE name = ? ORDER BY audit_timestamp DESC, audit_rownum ASC',
|
||||
[$args]
|
||||
|
|
|
|||
|
|
@ -316,10 +316,26 @@ class HostsController extends Controller
|
|||
}
|
||||
}
|
||||
|
||||
$host = $db->selectRow('SELECT id, name FROM host WHERE name = ?',
|
||||
$host = $db->selectRow('SELECT id, name, clid FROM host WHERE name = ?',
|
||||
[ $args ]);
|
||||
|
||||
if ($host) {
|
||||
$registrars = $db->selectRow('SELECT id, clid, name FROM registrar WHERE id = ?', [$host['clid']]);
|
||||
|
||||
// Check if the user is not an admin (assuming role 0 is admin)
|
||||
if ($_SESSION["auth_roles"] != 0) {
|
||||
$userRegistrars = $db->select('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
|
||||
|
||||
// Assuming $userRegistrars returns an array of arrays, each containing 'registrar_id'
|
||||
$userRegistrarIds = array_column($userRegistrars, 'registrar_id');
|
||||
|
||||
// Check if the registrar's ID is in the user's list of registrar IDs
|
||||
if (!in_array($registrars['id'], $userRegistrarIds)) {
|
||||
// Redirect to the hosts view if the user is not authorized for this host
|
||||
return $response->withHeader('Location', '/hosts')->withStatus(302);
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
$exists = $db_audit->selectValue('SELECT 1 FROM domain LIMIT 1');
|
||||
} catch (\PDOException $e) {
|
||||
|
|
|
|||
|
|
@ -427,6 +427,20 @@ class RegistrarsController extends Controller
|
|||
[ $args ]);
|
||||
|
||||
if ($registrar) {
|
||||
// Check if the user is not an admin
|
||||
if ($_SESSION["auth_roles"] != 0) {
|
||||
$userRegistrars = $db->select('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
|
||||
|
||||
// Assuming $userRegistrars returns an array of arrays, each containing 'registrar_id'
|
||||
$userRegistrarIds = array_column($userRegistrars, 'registrar_id');
|
||||
|
||||
// Check if the registrar's ID is in the user's list of registrar IDs
|
||||
if (!in_array($registrar['id'], $userRegistrarIds)) {
|
||||
// Redirect to the registrars view if the user is not authorized for this contact
|
||||
return $response->withHeader('Location', '/registrars')->withStatus(302);
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
$exists = $db_audit->selectValue('SELECT 1 FROM domain LIMIT 1');
|
||||
} catch (\PDOException $e) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue