fixing permission issue for regular users allowing them to access
history of other serverspull/47/head
Pepijn Over
parent
fd4630ec01
commit
c2ef455d8d
|
|
@ -39,10 +39,12 @@ abstract class AbstractServerController extends AbstractController {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get all servers for the current user
|
* Get all servers for the current user
|
||||||
|
* @param int $server_id if true only that server will be retrieved.
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
public function getServers() {
|
public function getServers($server_id = null) {
|
||||||
$sql_join = '';
|
$sql_join = '';
|
||||||
|
$sql_where = '';
|
||||||
|
|
||||||
if($this->user != null && $this->user->getUserLevel() > PSM_USER_ADMIN) {
|
if($this->user != null && $this->user->getUserLevel() > PSM_USER_ADMIN) {
|
||||||
// restrict by user_id
|
// restrict by user_id
|
||||||
|
|
@ -51,6 +53,10 @@ abstract class AbstractServerController extends AbstractController {
|
||||||
AND `us`.`server_id`=`s`.`server_id`
|
AND `us`.`server_id`=`s`.`server_id`
|
||||||
)";
|
)";
|
||||||
}
|
}
|
||||||
|
if($server_id !== null) {
|
||||||
|
$server_id = intval($server_id);
|
||||||
|
$sql_where ="WHERE `s`.`server_id`={$server_id} ";
|
||||||
|
}
|
||||||
|
|
||||||
$sql = "SELECT
|
$sql = "SELECT
|
||||||
`s`.`server_id`,
|
`s`.`server_id`,
|
||||||
|
|
@ -71,9 +77,14 @@ abstract class AbstractServerController extends AbstractController {
|
||||||
`s`.`warning_threshold_counter`
|
`s`.`warning_threshold_counter`
|
||||||
FROM `".PSM_DB_PREFIX."servers` AS `s`
|
FROM `".PSM_DB_PREFIX."servers` AS `s`
|
||||||
{$sql_join}
|
{$sql_join}
|
||||||
|
{$sql_where}
|
||||||
ORDER BY `active` ASC, `status` DESC, `label` ASC";
|
ORDER BY `active` ASC, `status` DESC, `label` ASC";
|
||||||
$servers = $this->db->query($sql);
|
$servers = $this->db->query($sql);
|
||||||
|
|
||||||
|
if($server_id !== null && count($servers) == 1) {
|
||||||
|
$servers = $servers[0];
|
||||||
|
}
|
||||||
|
|
||||||
return $servers;
|
return $servers;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -230,11 +230,8 @@ class ServerController extends AbstractServerController {
|
||||||
$server_id = isset($_GET['id']) ? intval($_GET['id']) : 0;
|
$server_id = isset($_GET['id']) ? intval($_GET['id']) : 0;
|
||||||
|
|
||||||
// get server entry
|
// get server entry
|
||||||
$server = $this->db->selectRow(
|
$server = $this->getServers($server_id);
|
||||||
PSM_DB_PREFIX.'servers',
|
if(empty($server)) {
|
||||||
array('server_id' => $server_id)
|
|
||||||
);
|
|
||||||
if (empty($server)) {
|
|
||||||
$this->addMessage('Invalid server', 'error');
|
$this->addMessage('Invalid server', 'error');
|
||||||
return $this->initializeAction('index');
|
return $this->initializeAction('index');
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue