From 47dd071fae5161d1e8e6a0073e4c9104ea1fe5c3 Mon Sep 17 00:00:00 2001
From: Mifkiyan <m.favian199@gmail.com>
Date: Mon, 13 Nov 2023 04:35:51 +0700
Subject: [PATCH] fix: access create & update event admin only

---
 app/Views/event/create.php | 21 +++++++++++++++++++++
 app/Views/event/update.php | 21 +++++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/app/Views/event/create.php b/app/Views/event/create.php
index 476cc49..b486caa 100644
--- a/app/Views/event/create.php
+++ b/app/Views/event/create.php
@@ -1,3 +1,24 @@
+<?php
+    session_start();
+    ob_start();
+    if (!isset($_SESSION["user_id"])) {
+        echo "here";
+        // User is not authenticated; redirect to login page
+        header("Location: /app/Views/login/login.php");
+        ob_end_flush();
+    }
+
+    require_once '../../Controllers/UserController.php';
+    $userController = new UserController();
+    $isAdmin = $userController->getUser($_SESSION['user_id'])['isAdmin'];
+    
+    // Allow only admin to access this page
+    if (!$isAdmin){
+        header("Location: /app/Views/home/home.php");
+        ob_end_flush();
+    }
+?>
+
 <!DOCTYPE html>
 <html lang="en">
 
diff --git a/app/Views/event/update.php b/app/Views/event/update.php
index 60eaff8..3d63800 100644
--- a/app/Views/event/update.php
+++ b/app/Views/event/update.php
@@ -1,3 +1,24 @@
+<?php
+    session_start();
+    ob_start();
+    if (!isset($_SESSION["user_id"])) {
+        echo "here";
+        // User is not authenticated; redirect to login page
+        header("Location: /app/Views/login/login.php");
+        ob_end_flush();
+    }
+
+    require_once '../../Controllers/UserController.php';
+    $userController = new UserController();
+    $isAdmin = $userController->getUser($_SESSION['user_id'])['isAdmin'];
+    
+    // Allow only admin to access this page
+    if (!$isAdmin){
+        header("Location: /app/Views/home/home.php");
+        ob_end_flush();
+    }
+?>
+
 <!DOCTYPE html>
 <html lang="en">
 
-- 
GitLab