AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-06-20 00:31:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Credentials: Enforce Credential Perm and client perm on credient edit / view modals

Browse Source
This commit is contained in:
johnnyq
2026-05-04 15:37:02 -04:00
parent a7c4136d60
commit 8094e6e761
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
agent/modals/credential/credential_edit.php
View File

@@ -2,6 +2,8 @@
require_once '../../../includes/modal_header.php'; require_once '../../../includes/modal_header.php';
enforceUserPermission('module_credential', 2);
$credential_id = intval($_GET['id']); $credential_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $credential_id LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $credential_id LIMIT 1");
@@ -32,6 +34,8 @@ while ($row = mysqli_fetch_assoc($sql_credential_tags)) {
$credential_tag_id_array[] = $credential_tag_id; $credential_tag_id_array[] = $credential_tag_id;
} }
enforceClientAccess();
// Generate the HTML form content using output buffering. // Generate the HTML form content using output buffering.
ob_start(); ob_start();
?> ?>

5
agent/modals/credential/credential_view.php
View File

@@ -2,11 +2,14 @@
require_once '../../../includes/modal_header.php'; require_once '../../../includes/modal_header.php';
enforceUserPermission('module_credential');
$credential_id = intval($_GET['id']); $credential_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $credential_id LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $credential_id LIMIT 1");
$row = mysqli_fetch_assoc($sql); $row = mysqli_fetch_assoc($sql);
$client_id = intval($row['credential_client_id']);
$credential_name = nullable_htmlentities($row['credential_name']); $credential_name = nullable_htmlentities($row['credential_name']);
$credential_description = nullable_htmlentities($row['credential_description']); $credential_description = nullable_htmlentities($row['credential_description']);
$credential_uri = nullable_htmlentities($row['credential_uri']); $credential_uri = nullable_htmlentities($row['credential_uri']);
@@ -23,6 +26,8 @@ if (empty($credential_otp_secret)) {
$credential_note = nullable_htmlentities($row['credential_note']); $credential_note = nullable_htmlentities($row['credential_note']);
$credential_created_at = nullable_htmlentities($row['credential_created_at']); $credential_created_at = nullable_htmlentities($row['credential_created_at']);
enforceClientAccess();
// Generate the HTML form content using output buffering. // Generate the HTML form content using output buffering.
ob_start(); ob_start();
?> ?>