zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-07-21 18:16:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fixed issue with support tickets for registrars in CP

Browse source
This commit is contained in:
Pinga 2025-01-16 17:39:36 +02:00
parent ee55286ac4
commit 62905f5607
1 changed files with 3 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

12
cp/app/Controllers/SupportController.php
View file

@ -111,11 +111,9 @@ class SupportController extends Controller
return $response->withHeader('Location', '/support')->withStatus(302);
}
$result = $db->selectRow('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
$clid = $_SESSION["auth_roles"] != 0 ? $result['registrar_id'] : $_SESSION['auth_user_id'];
$ticket_owner = $db->selectValue('SELECT user_id FROM support_tickets WHERE id = ?', [$ticketNumber]);
if ($ticket_owner != $clid && $_SESSION["auth_roles"] != 0) {
if ($ticket_owner != $_SESSION['auth_user_id'] && $_SESSION["auth_roles"] != 0) {
return $response->withHeader('Location', '/support')->withStatus(302);
}
@ -172,11 +170,9 @@ class SupportController extends Controller
return $response->withHeader('Location', '/ticket/'.$ticket_id)->withStatus(302);
}
$result = $db->selectRow('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
$clid = $_SESSION["auth_roles"] != 0 ? $result['registrar_id'] : $_SESSION['auth_user_id'];
$ticket_owner = $db->selectValue('SELECT user_id FROM support_tickets WHERE id = ?', [$ticket_id]);
if ($ticket_owner != $clid && $_SESSION["auth_roles"] != 0) {
if ($ticket_owner != $_SESSION['auth_user_id'] && $_SESSION["auth_roles"] != 0) {
$this->container->get('flash')->addMessage('error', 'You do not have permission to perform this action');
return $response->withHeader('Location', '/support')->withStatus(302);
}
@ -256,11 +252,9 @@ class SupportController extends Controller
}
$action = $data['action'] ?? null;
$result = $db->selectRow('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
$clid = $_SESSION["auth_roles"] != 0 ? $result['registrar_id'] : $_SESSION['auth_user_id'];
$ticket_owner = $db->selectValue('SELECT user_id FROM support_tickets WHERE id = ?', [$ticket_id]);
if ($ticket_owner != $clid && $_SESSION["auth_roles"] != 0) {
if ($ticket_owner != $_SESSION['auth_user_id'] && $_SESSION["auth_roles"] != 0) {
$this->container->get('flash')->addMessage('error', 'You do not have permission to perform this action');
return $response->withHeader('Location', '/support')->withStatus(302);
}