Respect user isolation in global stats queries
Updated LayoutHelper::getGlobalStats to accept a user ID and apply user isolation mode when querying domain statistics. DashboardController and base layout now pass the user ID to ensure stats are scoped per user when isolation is enabled.
This commit is contained in:
Hosteroid
@@ -60,7 +60,7 @@ class DashboardController extends Controller
|
|||||||
$formattedExpiringDomains = \App\Helpers\DomainHelper::formatMultiple($expiringThisMonth);
|
$formattedExpiringDomains = \App\Helpers\DomainHelper::formatMultiple($expiringThisMonth);
|
||||||
|
|
||||||
// Get global stats for dashboard cards
|
// Get global stats for dashboard cards
|
||||||
$globalStats = \App\Helpers\LayoutHelper::getGlobalStats();
|
$globalStats = \App\Helpers\LayoutHelper::getGlobalStats($userId);
|
||||||
|
|
||||||
$this->view('dashboard/index', [
|
$this->view('dashboard/index', [
|
||||||
'stats' => $stats,
|
'stats' => $stats,
|
||||||
|
|||||||
@@ -35,34 +35,55 @@ class LayoutHelper
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get global stats for sidebar
|
* Get stats for sidebar (respects user isolation)
|
||||||
*/
|
*/
|
||||||
public static function getGlobalStats(): array
|
public static function getGlobalStats(?int $userId = null): array
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
$pdo = \Core\Database::getConnection();
|
$pdo = \Core\Database::getConnection();
|
||||||
|
|
||||||
|
// Check isolation mode
|
||||||
|
$settingModel = new Setting();
|
||||||
|
$isolationMode = $settingModel->getValue('user_isolation_mode', 'shared');
|
||||||
|
|
||||||
|
// Build WHERE clause based on isolation mode
|
||||||
|
$whereClause = '';
|
||||||
|
$params = [];
|
||||||
|
|
||||||
|
if ($isolationMode === 'isolated' && $userId) {
|
||||||
|
$whereClause = ' WHERE user_id = ?';
|
||||||
|
$params[] = $userId;
|
||||||
|
}
|
||||||
|
|
||||||
// Get total domains
|
// Get total domains
|
||||||
$totalStmt = $pdo->query("SELECT COUNT(*) as count FROM domains");
|
$totalSql = "SELECT COUNT(*) as count FROM domains" . $whereClause;
|
||||||
|
$totalStmt = $pdo->prepare($totalSql);
|
||||||
|
$totalStmt->execute($params);
|
||||||
$total = $totalStmt->fetch(\PDO::FETCH_ASSOC)['count'] ?? 0;
|
$total = $totalStmt->fetch(\PDO::FETCH_ASSOC)['count'] ?? 0;
|
||||||
|
|
||||||
// Get active domains
|
// Get active domains
|
||||||
$activeStmt = $pdo->query("SELECT COUNT(*) as count FROM domains WHERE is_active = 1");
|
$activeSql = "SELECT COUNT(*) as count FROM domains WHERE is_active = 1" . $whereClause;
|
||||||
|
$activeStmt = $pdo->prepare($activeSql);
|
||||||
|
$activeStmt->execute($params);
|
||||||
$active = $activeStmt->fetch(\PDO::FETCH_ASSOC)['count'] ?? 0;
|
$active = $activeStmt->fetch(\PDO::FETCH_ASSOC)['count'] ?? 0;
|
||||||
|
|
||||||
// Get expiring soon
|
// Get expiring soon
|
||||||
$settingModel = new Setting();
|
|
||||||
$notificationDays = $settingModel->getNotificationDays();
|
$notificationDays = $settingModel->getNotificationDays();
|
||||||
$threshold = !empty($notificationDays) ? max($notificationDays) : 30;
|
$threshold = !empty($notificationDays) ? max($notificationDays) : 30;
|
||||||
|
|
||||||
$expiringSoonStmt = $pdo->prepare(
|
$expiringSql = "SELECT COUNT(*) as count FROM domains
|
||||||
"SELECT COUNT(*) as count FROM domains
|
WHERE is_active = 1
|
||||||
WHERE is_active = 1
|
AND expiration_date IS NOT NULL
|
||||||
AND expiration_date IS NOT NULL
|
AND expiration_date <= DATE_ADD(NOW(), INTERVAL ? DAY)
|
||||||
AND expiration_date <= DATE_ADD(NOW(), INTERVAL ? DAY)
|
AND expiration_date >= NOW()" . $whereClause;
|
||||||
AND expiration_date >= NOW()"
|
|
||||||
);
|
$expiringParams = [$threshold];
|
||||||
$expiringSoonStmt->execute([$threshold]);
|
if ($isolationMode === 'isolated' && $userId) {
|
||||||
|
$expiringParams[] = $userId;
|
||||||
|
}
|
||||||
|
|
||||||
|
$expiringSoonStmt = $pdo->prepare($expiringSql);
|
||||||
|
$expiringSoonStmt->execute($expiringParams);
|
||||||
$expiringSoon = $expiringSoonStmt->fetch(\PDO::FETCH_ASSOC)['count'] ?? 0;
|
$expiringSoon = $expiringSoonStmt->fetch(\PDO::FETCH_ASSOC)['count'] ?? 0;
|
||||||
|
|
||||||
return [
|
return [
|
||||||
|
|||||||
@@ -16,7 +16,8 @@ if (isset($_SESSION['user_id'])) {
|
|||||||
|
|
||||||
// Fetch global stats for sidebar (available on all pages)
|
// Fetch global stats for sidebar (available on all pages)
|
||||||
if (!isset($globalStats)) {
|
if (!isset($globalStats)) {
|
||||||
$globalStats = \App\Helpers\LayoutHelper::getGlobalStats();
|
$userId = \Core\Auth::id();
|
||||||
|
$globalStats = \App\Helpers\LayoutHelper::getGlobalStats($userId);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get application settings from database
|
// Get application settings from database
|
||||||
|
|||||||
Reference in New Issue
Block a user