AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 10:54:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add role based access for API functions

Browse Source
This commit is contained in:
Marcus Hill
2022-03-27 16:03:41 +01:00
parent 747baf5548
commit c3fadfab3b
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
post.php
View File

@@ -408,6 +408,13 @@ if(isset($_GET['delete_user'])){
// API Key
if(isset($_POST['add_api_key'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire'])));
// Gen a Key
@@ -428,6 +435,13 @@ if(isset($_POST['add_api_key'])){
if(isset($_POST['edit_api_key'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$api_key_id = intval($_POST['api_key_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire'])));
@@ -444,6 +458,14 @@ if(isset($_POST['edit_api_key'])){
}
if(isset($_GET['delete_api_key'])){
if($session_user_role != 3){
$_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "You are not permitted to do that!";
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
$api_key_id = intval($_GET['delete_api_key']);
// Get API Key Name