pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor user permission handling to utilize hierarchy levels across user credential retrieval and role management. Update permission checks in user_roles.php and enhance session management in index.php for improved security and consistency.

Browse Source
This commit is contained in:
“VeLiTi”
2026-01-30 09:17:54 +01:00
parent 8df518d0a2
commit b3327f21ed
7 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/v2/post/user_roles.php
View File

@@ -55,7 +55,7 @@ $clause_insert = substr($clause_insert, 2);
$input_insert = substr($input_insert, 1);
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('user_role_manage',$profile,$permission,'U') === 1){
if ($command == 'update' && isAllowed('user_roles',$profile,$permission,'U') === 1){
$sql = 'UPDATE user_roles SET '.$clause.' WHERE rowID = ?';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
@@ -82,7 +82,7 @@ if ($command == 'update' && isAllowed('user_role_manage',$profile,$permission,'U
}
}
}
elseif ($command == 'insert' && isAllowed('user_role_manage',$profile,$permission,'C') === 1){
elseif ($command == 'insert' && isAllowed('user_roles',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO user_roles ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
@@ -106,7 +106,7 @@ elseif ($command == 'insert' && isAllowed('user_role_manage',$profile,$permissio
}
}
}
elseif ($command == 'delete' && isAllowed('user_role_manage',$profile,$permission,'D') === 1){
elseif ($command == 'delete' && isAllowed('user_roles',$profile,$permission,'D') === 1){
//Delete role permissions first (foreign key constraint)
$stmt = $pdo->prepare('DELETE FROM role_access_permissions WHERE role_id = ?');
$stmt->execute([$id]);