Restrict Users, Audit Logs, Security routes to super_admin only

- Sidebar: Users, Audit Logs and Security now only visible to super_admin
- AdminController: requireSuperAdmin() check on users() and auditLogs()
- AdminController: super_admin check on createUser, updateUser, deleteUser JSON endpoints
- securitySettings() already had the check in place
This commit is contained in:
2026-06-07 07:34:16 -04:00
parent 58be111745
commit 016584e907
2 changed files with 28 additions and 1 deletions

View File

@@ -48,6 +48,7 @@
<span>Teams</span>
</a>
</li>
<?php if ($_SESSION['user_role'] ?? '' === 'super_admin'): ?>
<li class="nav-item">
<a href="/admin/users" class="nav-link <?= str_starts_with($_SERVER['REQUEST_URI'] ?? '', '/admin/users') ? 'active' : '' ?>">
<i class="fas fa-users"></i>
@@ -60,7 +61,6 @@
<span>Audit Logs</span>
</a>
</li>
<?php if ($_SESSION['user_role'] ?? '' === 'super_admin'): ?>
<li class="nav-item">
<a href="/admin/security" class="nav-link <?= str_starts_with($_SERVER['REQUEST_URI'] ?? '', '/admin/security') ? 'active' : '' ?>">
<i class="fas fa-shield-alt"></i>