From 4238ff0206b87b2ea4399f346127c3357d72d177 Mon Sep 17 00:00:00 2001
From: AndrewPoppe <AndrewBPoppe@gmail.com>
Date: Wed, 29 Nov 2023 09:08:56 -0500
Subject: [PATCH] Add role check for participant search

---
 src/classes/AjaxHandler.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/classes/AjaxHandler.php b/src/classes/AjaxHandler.php
index e082887..282a6ba 100644
--- a/src/classes/AjaxHandler.php
+++ b/src/classes/AjaxHandler.php
@@ -327,6 +327,13 @@ private function importCsvEnroll()
     private function searchParticipantByEmail()
     {
         try {
+
+            // Check that user has permission to search participants
+            $role = $this->module->getUserRole($this->module->safeGetUsername()); // 3=admin/manager, 2=user, 1=monitor, 0=not found
+            if ( !$role || $role < 2 ) {
+                return;
+            }
+
             $email = filter_var($this->params['searchTerm'], FILTER_VALIDATE_EMAIL);
             if ( empty($email) ) {
                 return "<font style='color: red;'>Search term is not a valid email address</font>";