non-superuser admins cannot update the permission name and description anymore.

This commit is contained in:
2026-05-16 23:45:28 +02:00
parent 5a27c678b1
commit 38f8584ecf
3 changed files with 7 additions and 4 deletions

View File

@@ -18,7 +18,8 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_permissions.php';
# Check permissions
$API = new API();
if (!$API->checkPermissions('admin-access-control-permissions', 'RW', true)) {
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
if (!$API->isSuperuser()) {
echo 'error 401 unauthorized';
exit;
}

View File

@@ -201,7 +201,7 @@ while ($row = $stmt->fetch_assoc()) {
<td class=""><?php echo $permission['permission_description'] ?></td>
<td class="text-nowrap">
<?php if ($API->checkPermissions('admin-access-control-permissions', 'RW', true)) { ?>
<?php if ($API->isSuperuser()) { ?>
<a href="?permission_edit=<?php echo $permission['permission_uuid'] ?>" class="btn btn-primary btn-sm btn-rounded"><i class="fas fa-edit"></i></a>
<?php } ?>