Fix: wrap entire Administration section in admin+ check to prevent Security leak for operators
This commit is contained in:
@@ -39,9 +39,9 @@
|
||||
<div class="nav-submenu-loading"><i class="fas fa-spinner fa-spin"></i></div>
|
||||
</div>
|
||||
</li>
|
||||
<?php if (in_array($_SESSION['user_role'] ?? '', ['super_admin', 'admin'])): ?>
|
||||
<li class="nav-divider"></li>
|
||||
<li class="nav-section">Administration</li>
|
||||
<?php if (in_array($_SESSION['user_role'] ?? '', ['super_admin', 'admin'])): ?>
|
||||
<li class="nav-item">
|
||||
<a href="/teams" class="nav-link <?= str_starts_with($_SERVER['REQUEST_URI'] ?? '', '/teams') ? 'active' : '' ?>">
|
||||
<i class="fas fa-users-cog"></i>
|
||||
@@ -60,7 +60,6 @@
|
||||
<span>Audit Logs</span>
|
||||
</a>
|
||||
</li>
|
||||
<?php endif; ?>
|
||||
<?php if ($_SESSION['user_role'] ?? '' === 'super_admin'): ?>
|
||||
<li class="nav-item">
|
||||
<a href="/admin/security" class="nav-link <?= str_starts_with($_SERVER['REQUEST_URI'] ?? '', '/admin/security') ? 'active' : '' ?>">
|
||||
@@ -69,6 +68,7 @@
|
||||
</a>
|
||||
</li>
|
||||
<?php endif; ?>
|
||||
<?php endif; ?>
|
||||
</ul>
|
||||
</nav>
|
||||
<div class="sidebar-footer">
|
||||
|
||||
Reference in New Issue
Block a user