Check the role slug in Api.php

This commit is contained in:
Alex Tselegidis 2022-05-09 23:26:28 +02:00
parent f0e976c9ac
commit 63dbb51dec

View file

@ -77,7 +77,9 @@ class Api {
$password = $_SERVER['PHP_AUTH_PW'];
if ( ! $this->CI->accounts->check_login($username, $password))
$userdata = $this->CI->accounts->check_login($username, $password);
if (empty($userdata['role_slug']) || $userdata['role_slug'] !== DB_SLUG_ADMIN)
{
throw new RuntimeException('The provided credentials do not match any admin user!', 401, 'Unauthorized');
}