non-superuser admins cannot update the permission name and description anymore.
This commit is contained in:
@@ -47,8 +47,10 @@ if ($API_permissions->request_method === 'GET') {
|
|||||||
|
|
||||||
} elseif ($API_permissions->request_method === 'PUT') {
|
} elseif ($API_permissions->request_method === 'PUT') {
|
||||||
|
|
||||||
# Update the permission name and description
|
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
|
||||||
$API_permissions->checkPermissions('admin-access-control-permissions', 'RW');
|
if (!$API_permissions->isSuperuser()) {
|
||||||
|
$API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
|
||||||
|
}
|
||||||
|
|
||||||
$requiredFields = [
|
$requiredFields = [
|
||||||
'permission_uuid' => ['type' => 'uuid'],
|
'permission_uuid' => ['type' => 'uuid'],
|
||||||
|
|||||||
@@ -18,7 +18,8 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_permissions.php';
|
|||||||
|
|
||||||
# Check permissions
|
# Check permissions
|
||||||
$API = new API();
|
$API = new API();
|
||||||
if (!$API->checkPermissions('admin-access-control-permissions', 'RW', true)) {
|
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
|
||||||
|
if (!$API->isSuperuser()) {
|
||||||
echo 'error 401 unauthorized';
|
echo 'error 401 unauthorized';
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -201,7 +201,7 @@ while ($row = $stmt->fetch_assoc()) {
|
|||||||
<td class=""><?php echo $permission['permission_description'] ?></td>
|
<td class=""><?php echo $permission['permission_description'] ?></td>
|
||||||
<td class="text-nowrap">
|
<td class="text-nowrap">
|
||||||
|
|
||||||
<?php if ($API->checkPermissions('admin-access-control-permissions', 'RW', true)) { ?>
|
<?php if ($API->isSuperuser()) { ?>
|
||||||
<a href="?permission_edit=<?php echo $permission['permission_uuid'] ?>" class="btn btn-primary btn-sm btn-rounded"><i class="fas fa-edit"></i></a>
|
<a href="?permission_edit=<?php echo $permission['permission_uuid'] ?>" class="btn btn-primary btn-sm btn-rounded"><i class="fas fa-edit"></i></a>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user