Admin are unable to add access keys hestiacp#4799 (hestiacp#4810)

jaapmarcus · web-flow · commit 5bbefff55803 · 2025-02-09T11:54:37.000+01:00
diff --git a/web/add/access-key/index.php b/web/add/access-key/index.php
@@ -11,10 +11,7 @@
 	!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"])
 		? $_SESSION["API_SYSTEM"]
 		: 0;
-if (
-	($user_plain == $_SESSION["ROOT_USER"] && $api_status < 1) ||
-	($_SESSION["ROOT_USER"] != "admin" && $api_status < 2)
-) {
+if ($api_status < 1 || ($user_plain != $_SESSION["ROOT_USER"] && $api_status < 2)) {
 	header("Location: /edit/user/");
 	exit();
 }
@@ -23,7 +20,7 @@
 exec(HESTIA_CMD . "v-list-apis json", $output, $return_var);
 $apis = json_decode(implode("", $output), true);
 $apis = array_filter($apis, function ($api) use ($user_plain) {
-	return $user_plain == "admin" || $api["ROLE"] == "user";
+	return $user_plain == $_SESSION["ROOT_USER"] || $api["ROLE"] == "user";
 });
 ksort($apis);
 unset($output);
diff --git a/web/list/access-key/index.php b/web/list/access-key/index.php
@@ -16,7 +16,7 @@
 	!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"])
 		? $_SESSION["API_SYSTEM"]
 		: 0;
-if (($user_plain == "admin" && $api_status < 1) || ($user_plain != "admin" && $api_status < 2)) {
+if ($api_status < 1 || ($user_plain != $_SESSION["ROOT_USER"] && $api_status < 2)) {
 	header("Location: /edit/user/");
 	exit();
 }
diff --git a/web/templates/pages/edit_user.php b/web/templates/pages/edit_user.php
@@ -26,7 +26,7 @@
 			<?php } ?>
 			<?php
 				$api_status = (!empty($_SESSION['API_SYSTEM']) && is_numeric($_SESSION['API_SYSTEM'])) ? $_SESSION['API_SYSTEM'] : 0;
-				if (($user_plain == 'admin' && $api_status > 0) || ($user_plain != 'admin' && $api_status > 1)) { ?>
+				if (($user_plain == $_SESSION['ROOT_USER'] && $api_status > 0) || ($user_plain != $_SESSION['ROOT_USER'] && $api_status > 1)) { ?>
 				<a href="<?= $keys_url; ?>" class="button button-secondary js-button-create" title="<?= _("Access Keys") ?>">
 					<i class="fas fa-key icon-purple"></i><?= _("Access Keys") ?>
 				</a>
diff --git a/web/templates/pages/list_key.php b/web/templates/pages/list_key.php
@@ -2,7 +2,7 @@
 <div class="toolbar">
 	<div class="toolbar-inner">
 		<div class="toolbar-buttons">
-			<?php if ($_SESSION["userContext"] === "admin" && $_SESSION['look'] !== '' && $_GET["user"] !== "admin") { ?>
+			<?php if ($_SESSION["userContext"] === "admin" && $_SESSION['look'] !== '' && $_GET["user"] !== $_SESSION['ROOT_USER']) { ?>
 				<a href="/edit/user/?user=<?= htmlentities($_SESSION["look"]) ?>&token=<?= $_SESSION["token"] ?>" class="button button-secondary button-back js-button-back">
 					<i class="fas fa-arrow-left icon-blue"></i><?= _("Back") ?>
 				</a>

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@`
`16`	`16`	`!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"])`
`17`	`17`	`? $_SESSION["API_SYSTEM"]`
`18`	`18`	`: 0;`
`19`		`-if (($user_plain == "admin" && $api_status < 1) \|\| ($user_plain != "admin" && $api_status < 2)) {`
	`19`	`+if ($api_status < 1 \|\| ($user_plain != $_SESSION["ROOT_USER"] && $api_status < 2)) {`
`20`	`20`	`header("Location: /edit/user/");`
`21`	`21`	`exit();`
`22`	`22`	`}`