fix: filtrar servidores por usuario/equipo según rol
- Server::getAccessibleServerIds(): super_admin ve todos los servidores; admin y operator solo ven propios, asignados directos o por equipo - DashboardController: unifica lógica usando getAccessibleServerIds() - ServerController::metrics(): agrega control de acceso requireServerAccess() - ApiController::status(): filtra estadísticas por servidores accesibles - Android: bump versionCode 9, versionName 1.7.0
This commit is contained in:
@@ -249,6 +249,22 @@ class Server
|
||||
|
||||
public function getAccessibleServerIds(int $userId): array
|
||||
{
|
||||
$user = $this->db->fetch(
|
||||
'SELECT role FROM users WHERE id = ? AND status = \'active\'',
|
||||
[$userId]
|
||||
);
|
||||
|
||||
if (!$user) {
|
||||
return [];
|
||||
}
|
||||
|
||||
if ($user['role'] === 'super_admin') {
|
||||
$all = $this->db->fetchAll(
|
||||
'SELECT id FROM servers WHERE status = \'active\''
|
||||
);
|
||||
return array_map(fn($r) => (int) $r['id'], $all);
|
||||
}
|
||||
|
||||
$owned = $this->db->fetchAll(
|
||||
'SELECT id FROM servers WHERE created_by = ? AND status = \'active\'',
|
||||
[$userId]
|
||||
|
||||
Reference in New Issue
Block a user