From e4d2d0c699fb9d6b7ca8b82b1bf11872739ccc4b Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Thu, 24 Mar 2022 20:52:26 +0000
Subject: [PATCH] Prevent deletion of client unless user role is 3 (admin)

---
 post.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/post.php b/post.php
index 1f710565..eff05994 100644
--- a/post.php
+++ b/post.php
@@ -1226,6 +1226,13 @@ if(isset($_POST['edit_client'])){
 }
 
 if(isset($_GET['delete_client'])){
+    if($session_user_role !== "3"){
+        $_SESSION['alert_type'] = "danger";
+        $_SESSION['alert_message'] = "You are not permitted to do that!";
+        header("Location: " . $_SERVER["HTTP_REFERER"]);
+        exit();
+    }
+
     $client_id = intval($_GET['delete_client']);
 
     //Get Client Name