refactor: restrict database query action to admins

girishpanchal30 · girishpanchal30 · commit f681d3c3135e · 2026-05-07T18:44:39.000+05:30
diff --git a/classes/Visualizer/Module/AIBuilder.php b/classes/Visualizer/Module/AIBuilder.php
@@ -365,11 +365,8 @@ public function uploadData(): void {
 
 			// ── Database query ────────────────────────────────────────────────
 			case 'db_query':
-				if ( ! current_user_can( 'administrator' ) ) {
-					wp_send_json_error( array( 'message' => __( 'Action not allowed for this user.', 'visualizer' ) ) );
-				}
-				if ( ! is_super_admin() ) {
-					wp_send_json_error( array( 'message' => __( 'Action not allowed for this user.', 'visualizer' ) ) );
+				if ( ! current_user_can( 'manage_options' ) && ! is_super_admin() ) {
+					wp_send_json_error( array( 'message' => __( 'Action not allowed for this user.', 'visualizer' ) ), 403 );
 				}
 				if ( empty( $_POST['db_query'] ) ) {
 					wp_send_json_error( array( 'message' => __( 'No query provided.', 'visualizer' ) ) );
