From 61b05077030abb9417c26a03465d2aba52ab03ab Mon Sep 17 00:00:00 2001
From: Master3395 <master3395@users.noreply.github.com>
Date: Sun, 21 Sep 2025 18:46:44 +0200
Subject: [PATCH] Enhance API access control: Update user privilege check to
 verify administrator status through ACL instead of hardcoded username,
 improving security and flexibility.
 https://github.com/usmannasir/cyberpanel/issues/1426#issuecomment-3315476878

---
 cloudAPI/views.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cloudAPI/views.py b/cloudAPI/views.py
index 3b66c9209..13dd7c5f7 100644
--- a/cloudAPI/views.py
+++ b/cloudAPI/views.py
@@ -18,7 +18,8 @@ def router(request):
 
         cm = CloudManager(data, admin)
 
-        if serverUserName != 'admin':
+        # Check if user has administrator privileges through ACL
+        if admin.acl.adminStatus != 1:
             return cm.ajaxPre(0, 'Only administrator can access API.')
 
         if admin.api == 0: