Add role check for participant search

AndrewPoppe · Nov 29, 2023 · 4238ff0 · 4238ff0
1 parent 8f74e8d
commit 4238ff0
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/src/classes/AjaxHandler.php b/src/classes/AjaxHandler.php
@@ -327,6 +327,13 @@ private function importCsvEnroll()
     private function searchParticipantByEmail()
     {
         try {
+
+            // Check that user has permission to search participants
+            $role = $this->module->getUserRole($this->module->safeGetUsername()); // 3=admin/manager, 2=user, 1=monitor, 0=not found
+            if ( !$role || $role < 2 ) {
+                return;
+            }
+
             $email = filter_var($this->params['searchTerm'], FILTER_VALIDATE_EMAIL);
             if ( empty($email) ) {
                 return "<font style='color: red;'>Search term is not a valid email address</font>";