Require permission to rehash for rehash and disconnect

Reported by Erdem

diff --git a/servers/details.php b/servers/details.php
index 5077f69aeff735576f6d900be27fa2770ccd5e39..8215e91fd7547cf6069731d5c81cecc85d0255ac 100644 (file)
--- a/servers/details.php
+++ b/servers/details.php
@@ -6,14 +6,14 @@ require_once "../inc/header.php";
 $title = "Server Lookup";
 $servername = "";
 $srv = NULL;
-
+$can_rehash = current_user_can(PERMISSION_REHASH);
 $rehash_errors = [];
 $rehash_warnings = [];
 $rehash_success = [];
 
 if (isset($_POST))
 {
-       if (isset($_POST['rehash']))
+       if (isset($_POST['rehash']) && $can_rehash)
        {
                $servID = $_POST['rehash'];
                if ($response = $rpc->server()->rehash($servID)) 
@@ -40,7 +40,7 @@ if (isset($_POST))
                                }                
                        }
        }       
-       if (isset($_POST['disconnect']))
+       if (isset($_POST['disconnect']) && $can_rehash)
        {
                if ($rpc->server()->disconnect($_POST['disconnect'], $_POST['reason']))
                        Message::Success("Server \"".$_POST['disconnect']."\" has been successfully disconnected from the network.");
@@ -123,8 +123,8 @@ if (!empty($rehash_success)) {
 <br>
 <div class="row">
        <div class="col-sm-3">
-               <div class="btn btn-sm btn-warning" data-toggle="modal" data-target="#rehash_modal">Rehash</div>
-               <div class="btn btn-sm btn-danger" data-toggle="modal" data-target="#disconnect_modal">Disconnect</div>
+               <div class="btn btn-sm btn-warning <?php echo $can_rehash ? "" : "disabled" ?>" data-toggle="modal" data-target="#rehash_modal" <?php echo $can_rehash ? "" : "aria-disabled='true'" ?>>Rehash</div>
+               <div class="btn btn-sm btn-danger <?php echo $can_rehash ? "" : "disabled" ?>" data-toggle="modal" data-target="#disconnect_modal"<?php echo $can_rehash ? "" : "aria-disabled='true'" ?>>Disconnect</div>
        </div>
 </div>
 <br>

diff --git a/servers/index.php b/servers/index.php
index c3283378baecb56a549a338887bbba24c2aefbeb..d4a232f22e2b3fa2cb62d1e1b5b9d4bfd778ab46 100644 (file)
--- a/servers/index.php
+++ b/servers/index.php
@@ -3,6 +3,7 @@ require_once "../inc/common.php";
 require_once "../inc/header.php";
 require_once "../inc/connection.php";
 
+$can_rehash = current_user_can(PERMISSION_REHASH);
 $rehash_errors = [];
 $rehash_warnings = [];
 $rehash_success = [];
@@ -10,7 +11,7 @@ $rehash_success = [];
 if (!empty($_POST))
 {
        do_log($_POST);
-       if (isset($_POST['rehash']))
+       if (isset($_POST['rehash']) && $can_rehash)
                foreach ($_POST['serverch'] as $servID)
                        if ($response = $rpc->server()->rehash($servID)) 
                        {
@@ -104,7 +105,7 @@ Click on a server name to view more information.
                <th scope="col"> <input class="btn btn-primary btn-sm" type="submit" value="Search"></th></form>
        </thead></table>
        <form action="index.php" method="post">
-               <div class="btn btn-sm btn-warning" data-toggle="modal" data-target="#rehash_modal"><i class="fa-solid fa-arrows-rotate"></i> Rehash Selected</div>
+               <div class="btn btn-sm btn-warning <?php echo $can_rehash ? "" : "disabled" ?>" data-toggle="modal" data-target="#rehash_modal"><i class="fa-solid fa-arrows-rotate"></i> Rehash Selected</div>
                <button name="checkforupdates" type="submit" class="btn btn-sm btn-info"><i class="fa-solid fa-cloud-arrow-down"></i> Check for upgrades</div><br>
 
                <div class="modal fade" id="rehash_modal" tabindex="-1" role="dialog" aria-labelledby="confirmModalCenterTitle" aria-hidden="true">