Enhance API access control: Update user privilege check to verify administrator status through ACL instead of hardcoded username, improving security and flexibility.

https://github.com/usmannasir/cyberpanel/issues/1426#issuecomment-3315476878
2025-10-28 16:56:39 +01:00 · 2025-09-21 18:46:44 +02:00
parent fafc757052
commit 61b0507703
1 changed files with 2 additions and 1 deletions
--- a/cloudAPI/views.py
+++ b/cloudAPI/views.py
@@ -18,7 +18,8 @@ def router(request):

        cm = CloudManager(data, admin)

-        if serverUserName != 'admin':
+        # Check if user has administrator privileges through ACL
+        if admin.acl.adminStatus != 1:
            return cm.ajaxPre(0, 'Only administrator can access API.')

        if admin.api == 0: