1 年間前 · 5bbefff558
--- a/web/add/access-key/index.php
+++ b/web/add/access-key/index.php
@@ -11,10 +11,7 @@ $api_status =
 
				 	!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"])
			
 
				 		? $_SESSION["API_SYSTEM"]
			
 
				 		: 0;
			
 
				-if (
			
 
				-	($user_plain == $_SESSION["ROOT_USER"] && $api_status < 1) ||
			
 
				-	($_SESSION["ROOT_USER"] != "admin" && $api_status < 2)
			
 
				-) {
			
 
				+if ($api_status < 1 || ($user_plain != $_SESSION["ROOT_USER"] && $api_status < 2)) {
			
 
				 	header("Location: /edit/user/");
			
 
				 	exit();
			
 
				 }
			
@@ -23,7 +20,7 @@ if (
 
				 exec(HESTIA_CMD . "v-list-apis json", $output, $return_var);
			
 
				 $apis = json_decode(implode("", $output), true);
			
 
				 $apis = array_filter($apis, function ($api) use ($user_plain) {
			
 
				-	return $user_plain == "admin" || $api["ROLE"] == "user";
			
 
				+	return $user_plain == $_SESSION["ROOT_USER"] || $api["ROLE"] == "user";
			
 
				 });
			
 
				 ksort($apis);
			
 
				 unset($output);
			
--- a/web/list/access-key/index.php
+++ b/web/list/access-key/index.php
@@ -16,7 +16,7 @@ $api_status =
 
				 	!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"])
			
 
				 		? $_SESSION["API_SYSTEM"]
			
 
				 		: 0;
			
 
				-if (($user_plain == "admin" && $api_status < 1) || ($user_plain != "admin" && $api_status < 2)) {
			
 
				+if ($api_status < 1 || ($user_plain != $_SESSION["ROOT_USER"] && $api_status < 2)) {
			
 
				 	header("Location: /edit/user/");
			
 
				 	exit();
			
 
				 }
			
--- a/web/templates/pages/edit_user.php
+++ b/web/templates/pages/edit_user.php
@@ -26,7 +26,7 @@
 
				 			<?php } ?>
			
 
				 			<?php
			
 
				 				$api_status = (!empty($_SESSION['API_SYSTEM']) && is_numeric($_SESSION['API_SYSTEM'])) ? $_SESSION['API_SYSTEM'] : 0;
			
 
				-				if (($user_plain == 'admin' && $api_status > 0) || ($user_plain != 'admin' && $api_status > 1)) { ?>
			
 
				+				if (($user_plain == $_SESSION['ROOT_USER'] && $api_status > 0) || ($user_plain != $_SESSION['ROOT_USER'] && $api_status > 1)) { ?>
			
 
				 				<a href="<?= $keys_url; ?>" class="button button-secondary js-button-create" title="<?= _("Access Keys") ?>">
			
 
				 					<i class="fas fa-key icon-purple"></i><?= _("Access Keys") ?>
			
 
				 				</a>
			
--- a/web/templates/pages/list_key.php
+++ b/web/templates/pages/list_key.php
@@ -2,7 +2,7 @@
 
				 <div class="toolbar">
			
 
				 	<div class="toolbar-inner">
			
 
				 		<div class="toolbar-buttons">
			
 
				-			<?php if ($_SESSION["userContext"] === "admin" && $_SESSION['look'] !== '' && $_GET["user"] !== "admin") { ?>
			
 
				+			<?php if ($_SESSION["userContext"] === "admin" && $_SESSION['look'] !== '' && $_GET["user"] !== $_SESSION['ROOT_USER']) { ?>
			
 
				 				<a href="/edit/user/?user=<?= htmlentities($_SESSION["look"]) ?>&token=<?= $_SESSION["token"] ?>" class="button button-secondary button-back js-button-back">
			
 
				 					<i class="fas fa-arrow-left icon-blue"></i><?= _("Back") ?>
			
 
				 				</a>