Fix: wrap entire Administration section in admin+ check to prevent Security leak for operators
This commit is contained in:
@@ -39,9 +39,9 @@
|
|||||||
<div class="nav-submenu-loading"><i class="fas fa-spinner fa-spin"></i></div>
|
<div class="nav-submenu-loading"><i class="fas fa-spinner fa-spin"></i></div>
|
||||||
</div>
|
</div>
|
||||||
</li>
|
</li>
|
||||||
|
<?php if (in_array($_SESSION['user_role'] ?? '', ['super_admin', 'admin'])): ?>
|
||||||
<li class="nav-divider"></li>
|
<li class="nav-divider"></li>
|
||||||
<li class="nav-section">Administration</li>
|
<li class="nav-section">Administration</li>
|
||||||
<?php if (in_array($_SESSION['user_role'] ?? '', ['super_admin', 'admin'])): ?>
|
|
||||||
<li class="nav-item">
|
<li class="nav-item">
|
||||||
<a href="/teams" class="nav-link <?= str_starts_with($_SERVER['REQUEST_URI'] ?? '', '/teams') ? 'active' : '' ?>">
|
<a href="/teams" class="nav-link <?= str_starts_with($_SERVER['REQUEST_URI'] ?? '', '/teams') ? 'active' : '' ?>">
|
||||||
<i class="fas fa-users-cog"></i>
|
<i class="fas fa-users-cog"></i>
|
||||||
@@ -60,7 +60,6 @@
|
|||||||
<span>Audit Logs</span>
|
<span>Audit Logs</span>
|
||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
<?php endif; ?>
|
|
||||||
<?php if ($_SESSION['user_role'] ?? '' === 'super_admin'): ?>
|
<?php if ($_SESSION['user_role'] ?? '' === 'super_admin'): ?>
|
||||||
<li class="nav-item">
|
<li class="nav-item">
|
||||||
<a href="/admin/security" class="nav-link <?= str_starts_with($_SERVER['REQUEST_URI'] ?? '', '/admin/security') ? 'active' : '' ?>">
|
<a href="/admin/security" class="nav-link <?= str_starts_with($_SERVER['REQUEST_URI'] ?? '', '/admin/security') ? 'active' : '' ?>">
|
||||||
@@ -69,6 +68,7 @@
|
|||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
<?php endif; ?>
|
||||||
</ul>
|
</ul>
|
||||||
</nav>
|
</nav>
|
||||||
<div class="sidebar-footer">
|
<div class="sidebar-footer">
|
||||||
|
|||||||
Reference in New Issue
Block a user