Merge branch 'ent-6176-10390-Problema-de-permisos-en-los-dashboard' into 'develop'

added acl checks on dashboard update See merge request artica/pandorafms!3461
2020-09-17 16:33:15 +02:00 · 2020-09-17 16:33:15 +02:00 · 02d364b66c
parent 48fff2ff4f 05a0a3a366
commit 02d364b66c
2 changed files with 44 additions and 19 deletions
--- a/pandora_console/include/lib/Dashboard/Manager.php
+++ b/pandora_console/include/lib/Dashboard/Manager.php
@ -219,7 +219,7 @@ class Manager
        $this->stringGroups = \io_safe_output(
            implode(
                ', ',
-                array_keys($this->groups)
+                array_values($this->groups)
            )
        );

@ -907,6 +907,11 @@ class Manager
    {
        global $config;

+        if (check_acl($config['id_user'], 0, 'RW') === 0) {
+            include 'general/noaccess.php';
+            return;
+        }
+
        $name = \get_parameter('name', '');
        $private = \get_parameter_switch('private');
        $id_group = \get_parameter('id_group');
--- a/pandora_console/views/dashboard/header.php
+++ b/pandora_console/views/dashboard/header.php
@ -194,25 +194,45 @@ if ($config['public_dashboard'] === true) {
        // 'slides'                      => $slides,
    ];
 } else if ($config['pure']) {
-    $buttons = [
-        'back_to_dashboard_list'      => $back_to_dashboard_list,
-        'save_layout'                 => $save_layout_dashboard,
-        'normalscreen'                => $normalscreen,
-        'combo_refresh_one_dashboard' => $comboRefresh,
-        'slides'                      => $slides,
-        'options'                     => $options,
-    ];
+    if (check_acl($config['id_user'], 0, 'RW') === 0) {
+        $buttons = [
+            'back_to_dashboard_list'      => $back_to_dashboard_list,
+            'normalscreen'                => $normalscreen,
+            'combo_refresh_one_dashboard' => $comboRefresh,
+            'slides'                      => $slides,
+        ];
+    } else {
+        $buttons = [
+            'back_to_dashboard_list'      => $back_to_dashboard_list,
+            'save_layout'                 => $save_layout_dashboard,
+            'normalscreen'                => $normalscreen,
+            'combo_refresh_one_dashboard' => $comboRefresh,
+            'slides'                      => $slides,
+            'options'                     => $options,
+        ];
+    }
 } else {
-    $buttons = [
-        'enable_disable'         => $enable_disable,
-        'back_to_dashboard_list' => $back_to_dashboard_list,
-        'fullscreen'             => $fullscreen,
-        'slides'                 => $slides,
-        'public_link'            => $publiclink,
-        'combo_dashboard'        => $combo_dashboard,
-        'options'                => $options,
-        'newWidget'              => $newWidget,
-    ];
+    if (check_acl($config['id_user'], 0, 'RW') === 0) {
+        $buttons = [
+            'back_to_dashboard_list' => $back_to_dashboard_list,
+            'fullscreen'             => $fullscreen,
+            'slides'                 => $slides,
+            'public_link'            => $publiclink,
+            'combo_dashboard'        => $combo_dashboard,
+            'newWidget'              => $newWidget,
+        ];
+    } else {
+        $buttons = [
+            'enable_disable'         => $enable_disable,
+            'back_to_dashboard_list' => $back_to_dashboard_list,
+            'fullscreen'             => $fullscreen,
+            'slides'                 => $slides,
+            'public_link'            => $publiclink,
+            'combo_dashboard'        => $combo_dashboard,
+            'options'                => $options,
+            'newWidget'              => $newWidget,
+        ];
+    }
 }

 ui_print_page_header(