feat: roles

3 files changed, 16 insertions, 0 deletions

diff --git a/public/report/index.php b/public/report/index.php
index e040123..179c2bd 100644
--- a/public/report/index.php
+++ b/public/report/index.php
@@ -9,6 +9,11 @@ if (!authorize_user(true)) {
     exit;
 }
 
+if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_report"]) {
+    generate_alert("/404.php", "Not enough permissions", 403);
+    exit;
+}
+
 $db = new PDO(DB_URL, DB_USER, DB_PASS);
 $report = null;
 $report_id = $_GET["id"] ?? "";
diff --git a/public/report/list.php b/public/report/list.php
index 128f994..087eb55 100644
--- a/public/report/list.php
+++ b/public/report/list.php
@@ -3,11 +3,17 @@ include_once "../../src/accounts.php";
 include_once "../../src/config.php";
 include_once "../../src/partials.php";
 include_once "../../src/utils.php";
+include_once "../../src/alert.php";
 
 if (!authorize_user(true)) {
     exit;
 }
 
+if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_report"]) {
+    generate_alert("/404.php", "Not enough permissions", 403);
+    exit;
+}
+
 $db = new PDO(DB_URL, DB_USER, DB_PASS);
 
 $stmt = $db->prepare("SELECT * FROM reports WHERE sender_id = ? ORDER BY sent_at DESC");
diff --git a/public/report/send.php b/public/report/send.php
index 0b7abaf..e5a77be 100644
--- a/public/report/send.php
+++ b/public/report/send.php
@@ -8,6 +8,11 @@ if (!authorize_user(true)) {
     exit;
 }
 
+if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_report"]) {
+    generate_alert("/404.php", "Not enough permissions", 403);
+    exit;
+}
+
 $db = new PDO(DB_URL, DB_USER, DB_PASS);
 
 if (!isset($_POST["contents"])) {