mirror of
https://github.com/myronblair/novacpx
synced 2026-06-30 17:50:41 -05:00
537d52dafa
- Enforce portal role isolation: admin/reseller/user can only auth on their own port - Admin/reseller impersonation: Login As with cookie handoff + Return banner in user panel - Account ownership: admin can reassign accounts to resellers, DNS NS follows - accounts/update: ownership change cascades package + NS to new owner - users.php endpoint: admin list/filter by role (reseller dropdown) - Docker launch fix: uDockerUpdateParams defined before call - Nova.loading() spinners: login, SSL, PHP switch/save, backup create, docker launch/actions - Logo consistency: gradient CPX text on all login pages, novacpx_logo_html() in all sidebars - BackupManager: fix DB class name, table name, column name - DNSManager: fix settings keys (ns1_hostname/ns2_hostname) - docker.php: resolve account_id from user uid for all actions - Auth: impersonate sets cookie + stores return_token for seamless round-trip Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
25 lines
843 B
PHP
25 lines
843 B
PHP
<?php
|
|
Auth::getInstance()->require('admin');
|
|
|
|
$db = DB::getInstance();
|
|
|
|
match ($action) {
|
|
|
|
// List users — admin only; supports ?role=reseller filter
|
|
'list' => (function() use ($db) {
|
|
$role = $_GET['role'] ?? '';
|
|
$search = $_GET['search'] ?? '';
|
|
$where = 'WHERE 1=1';
|
|
$params = [];
|
|
if ($role) { $where .= " AND role = ?"; $params[] = $role; }
|
|
if ($search) { $where .= " AND (username LIKE ? OR email LIKE ?)"; $params[] = "%$search%"; $params[] = "%$search%"; }
|
|
$rows = $db->fetchAll(
|
|
"SELECT id, username, email, role, status, reseller_id, created_at FROM users $where ORDER BY username",
|
|
$params
|
|
);
|
|
Response::success($rows);
|
|
})(),
|
|
|
|
default => Response::error("Unknown users action: $action", 404),
|
|
};
|