fix: restrict database query action to admins

girishpanchal30 · girishpanchal30 · commit 7ccd6fed204c · 2026-05-07T18:00:37.000+05:30
diff --git a/classes/Visualizer/Module/AIBuilder.php b/classes/Visualizer/Module/AIBuilder.php
@@ -365,6 +365,12 @@ public function uploadData(): void {
 
 			// ── Database query ────────────────────────────────────────────────
 			case 'db_query':
+				if ( ! current_user_can( 'administrator' ) ) {
+					wp_send_json_error( array( 'message' => __( 'Action not allowed for this user.', 'visualizer' ) ) );
+				}
+				if ( ! is_super_admin() ) {
+					wp_send_json_error( array( 'message' => __( 'Action not allowed for this user.', 'visualizer' ) ) );
+				}
 				if ( empty( $_POST['db_query'] ) ) {
 					wp_send_json_error( array( 'message' => __( 'No query provided.', 'visualizer' ) ) );
 				}
