Files
novacpx/panel/api/endpoints/users.php
T
myron 537d52dafa Role isolation, impersonation, account ownership, loading spinners, Docker fixes
- Enforce portal role isolation: admin/reseller/user can only auth on their own port
- Admin/reseller impersonation: Login As with cookie handoff + Return banner in user panel
- Account ownership: admin can reassign accounts to resellers, DNS NS follows
- accounts/update: ownership change cascades package + NS to new owner
- users.php endpoint: admin list/filter by role (reseller dropdown)
- Docker launch fix: uDockerUpdateParams defined before call
- Nova.loading() spinners: login, SSL, PHP switch/save, backup create, docker launch/actions
- Logo consistency: gradient CPX text on all login pages, novacpx_logo_html() in all sidebars
- BackupManager: fix DB class name, table name, column name
- DNSManager: fix settings keys (ns1_hostname/ns2_hostname)
- docker.php: resolve account_id from user uid for all actions
- Auth: impersonate sets cookie + stores return_token for seamless round-trip

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-09 02:56:45 +00:00

25 lines
843 B
PHP

<?php
Auth::getInstance()->require('admin');
$db = DB::getInstance();
match ($action) {
// List users — admin only; supports ?role=reseller filter
'list' => (function() use ($db) {
$role = $_GET['role'] ?? '';
$search = $_GET['search'] ?? '';
$where = 'WHERE 1=1';
$params = [];
if ($role) { $where .= " AND role = ?"; $params[] = $role; }
if ($search) { $where .= " AND (username LIKE ? OR email LIKE ?)"; $params[] = "%$search%"; $params[] = "%$search%"; }
$rows = $db->fetchAll(
"SELECT id, username, email, role, status, reseller_id, created_at FROM users $where ORDER BY username",
$params
);
Response::success($rows);
})(),
default => Response::error("Unknown users action: $action", 404),
};