mirror of
https://github.com/myronblair/novacpx
synced 2026-06-30 17:50:41 -05:00
Role isolation, impersonation, account ownership, loading spinners, Docker fixes
- Enforce portal role isolation: admin/reseller/user can only auth on their own port - Admin/reseller impersonation: Login As with cookie handoff + Return banner in user panel - Account ownership: admin can reassign accounts to resellers, DNS NS follows - accounts/update: ownership change cascades package + NS to new owner - users.php endpoint: admin list/filter by role (reseller dropdown) - Docker launch fix: uDockerUpdateParams defined before call - Nova.loading() spinners: login, SSL, PHP switch/save, backup create, docker launch/actions - Logo consistency: gradient CPX text on all login pages, novacpx_logo_html() in all sidebars - BackupManager: fix DB class name, table name, column name - DNSManager: fix settings keys (ns1_hostname/ns2_hostname) - docker.php: resolve account_id from user uid for all actions - Auth: impersonate sets cookie + stores return_token for seamless round-trip Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,24 @@
|
||||
<?php
|
||||
Auth::getInstance()->require('admin');
|
||||
|
||||
$db = DB::getInstance();
|
||||
|
||||
match ($action) {
|
||||
|
||||
// List users — admin only; supports ?role=reseller filter
|
||||
'list' => (function() use ($db) {
|
||||
$role = $_GET['role'] ?? '';
|
||||
$search = $_GET['search'] ?? '';
|
||||
$where = 'WHERE 1=1';
|
||||
$params = [];
|
||||
if ($role) { $where .= " AND role = ?"; $params[] = $role; }
|
||||
if ($search) { $where .= " AND (username LIKE ? OR email LIKE ?)"; $params[] = "%$search%"; $params[] = "%$search%"; }
|
||||
$rows = $db->fetchAll(
|
||||
"SELECT id, username, email, role, status, reseller_id, created_at FROM users $where ORDER BY username",
|
||||
$params
|
||||
);
|
||||
Response::success($rows);
|
||||
})(),
|
||||
|
||||
default => Response::error("Unknown users action: $action", 404),
|
||||
};
|
||||
Reference in New Issue
Block a user