adasd

public/index.php

@@ -25,7 +25,8 @@ $publicPaths = [
     'module/pi_control/terminal_info',
 ];
 $requiresGlobalAuth = in_array($uriPath, ['settings', 'users', 'modules', 'modules/install', 'modules/sql-import', 'debug', 'exports/database.sql'], true)
-    || str_starts_with($uriPath, 'modules/setup/');
+    || str_starts_with($uriPath, 'modules/setup/')
+    || str_starts_with($uriPath, 'modules/access/');
 if (defined('APP_AUTH_ENABLED') && APP_AUTH_ENABLED && $requiresGlobalAuth && !in_array($uriPath, $publicPaths, true)) {
     $user = auth_user();
     if (!$user) {
@@ -94,7 +95,7 @@ if (preg_match('~^api/module-auth/([a-zA-Z0-9_-]+)$~', $uriPath, $moduleAuthMatc
         echo json_encode(['error' => 'auth_required'], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
         exit;
     }
-    if (!$auth->canAccessModule($moduleMeta)) {
+    if (!auth_is_admin()) {
         http_response_code(403);
         header('Content-Type: application/json; charset=utf-8');
         echo json_encode(['error' => 'forbidden'], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
@@ -200,6 +201,9 @@ if (str_starts_with($uriPath, 'modules/install')) {
 } elseif (str_starts_with($uriPath, 'modules/setup/')) {
     $_GET['module'] = trim(substr($uriPath, strlen('modules/setup/')), '/');
     $target = $pagesBase . '/modules/setup.php';
+} elseif (str_starts_with($uriPath, 'modules/access/')) {
+    $_GET['module'] = trim(substr($uriPath, strlen('modules/access/')), '/');
+    $target = $pagesBase . '/modules/access.php';
 } elseif ($uriPath === 'modules/sql-import') {
     $target = $pagesBase . '/modules/sql_import.php';
 } elseif ($uriPath === 'auth/login') {