From 63dbb51decfcc1631c398ecd6d30e3a337845526 Mon Sep 17 00:00:00 2001
From: Alex Tselegidis <alextselegidis@gmail.com>
Date: Mon, 9 May 2022 23:26:28 +0200
Subject: [PATCH] Check the role slug in Api.php

---
 application/libraries/Api.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/application/libraries/Api.php b/application/libraries/Api.php
index bc60d542e7..863e881d92 100644
--- a/application/libraries/Api.php
+++ b/application/libraries/Api.php
@@ -77,7 +77,9 @@ public function auth()
 
             $password = $_SERVER['PHP_AUTH_PW'];
 
-            if ( ! $this->CI->accounts->check_login($username, $password))
+            $userdata = $this->CI->accounts->check_login($username, $password);
+
+            if (empty($userdata['role_slug']) || $userdata['role_slug'] !== DB_SLUG_ADMIN)
             {
                 throw new RuntimeException('The provided credentials do not match any admin user!', 401, 'Unauthorized');
             }