fix: filtrar servidores por usuario/equipo según rol

- Server::getAccessibleServerIds(): super_admin ve todos los servidores;
  admin y operator solo ven propios, asignados directos o por equipo
- DashboardController: unifica lógica usando getAccessibleServerIds()
- ServerController::metrics(): agrega control de acceso requireServerAccess()
- ApiController::status(): filtra estadísticas por servidores accesibles
- Android: bump versionCode 9, versionName 1.7.0
This commit is contained in:
2026-06-11 13:09:53 -04:00
parent dec6aa3527
commit 1bc8236d4d
5 changed files with 33 additions and 24 deletions

View File

@@ -25,20 +25,14 @@ class DashboardController
public function index(): void
{
$role = Session::get('user_role');
$serverModel = new Server();
$userId = (int) Session::get('user_id');
if ($role === 'super_admin') {
$stats = $this->monitoringService->getDashboardStats();
$servers = $serverModel->findAll(true);
} else {
$accessibleIds = $serverModel->getAccessibleServerIds($userId);
$stats = $this->monitoringService->getDashboardStats($accessibleIds);
$servers = !empty($accessibleIds) ? array_values(array_filter($serverModel->findAll(true), function ($s) use ($accessibleIds) {
return in_array((int) $s['id'], $accessibleIds, true);
})) : [];
}
$accessibleIds = $serverModel->getAccessibleServerIds($userId);
$stats = $this->monitoringService->getDashboardStats($accessibleIds);
$servers = !empty($accessibleIds) ? array_values(array_filter($serverModel->findAll(true), function ($s) use ($accessibleIds) {
return in_array((int) $s['id'], $accessibleIds, true);
})) : [];
$recentActivity = $this->auditService->getRecentActivity(10, $userId);
@@ -52,15 +46,9 @@ class DashboardController
public function stats(): void
{
$role = Session::get('user_role');
if ($role === 'super_admin') {
$stats = $this->monitoringService->getDashboardStats();
} else {
$serverModel = new Server();
$accessibleIds = $serverModel->getAccessibleServerIds((int) Session::get('user_id'));
$stats = $this->monitoringService->getDashboardStats($accessibleIds);
}
$serverModel = new Server();
$accessibleIds = $serverModel->getAccessibleServerIds((int) Session::get('user_id'));
$stats = $this->monitoringService->getDashboardStats($accessibleIds);
$this->view->json([
'success' => true,