Enhance API access control: Update user privilege check to verify administrator status through ACL instead of hardcoded username, improving security and flexibility.

https://github.com/usmannasir/cyberpanel/issues/1426#issuecomment-3315476878
2026-05-09 17:16:57 +02:00 · 2025-09-21 18:46:44 +02:00
parent 8f2e36ac08
commit 01c45ed09f
1 changed files with 2 additions and 1 deletions
--- a/cloudAPI/views.py
+++ b/cloudAPI/views.py
@@ -18,7 +18,8 @@ def router(request):

        cm = CloudManager(data, admin)

-        if serverUserName != 'admin':
+        # Check if user has administrator privileges through ACL
+        if admin.acl.adminStatus != 1:
            return cm.ajaxPre(0, 'Only administrator can access API.')

        if admin.api == 0: