Merge branch 'ent-9280-vista-mobile-permite-a-usuarios-acceder-a-nodos-para-los-que-no-tiene-permiso' into 'develop'

fix mobile index access user to node pandora_enterprise#9280 See merge request artica/pandorafms!5023
2022-07-19 10:55:51 +00:00 · 2022-07-19 10:55:51 +00:00 · 1f06b20745
parent 93e9992b19 44a2bb2bdb
commit 1f06b20745
1 changed files with 36 additions and 13 deletions
--- a/pandora_console/mobile/include/user.class.php
+++ b/pandora_console/mobile/include/user.class.php
@ -182,24 +182,47 @@ class User
            $password = $system->getRequest('password', null);
        }

-        if (!empty($user) && !empty($password)) {
-            $user_in_db = process_user_login($user, $password);
-            if ($user_in_db !== false) {
-                $this->logged = true;
-                $this->user = $user_in_db;
-                $this->loginTime = time();
-                $this->errorLogin = false;
+        if (empty($user) === false
+            && empty($password) === false
+        ) {
+            $user_in_db = db_get_row_filter(
+                'tusuario',
+                ['id_user' => $user],
+                '*'
+            );

-                // The user login was successful, but the second step is not completed
-                if ($this->isDobleAuthRequired()) {
-                    $this->needDoubleAuth = true;
-                }
-            } else {
-                $this->logged = false;
+            $this->logged = false;
                $this->loginTime = false;
                $this->errorLogin = true;
                $this->needDoubleAuth = false;
                $this->errorDoubleAuth = false;
+
+            if ($user_in_db !== false) {
+                if (((bool) $user_in_db['is_admin'] === false)
+                    && ((bool) $user_in_db['not_login'] === true
+                    || (is_metaconsole() === false
+                    && has_metaconsole() === true
+                    && is_management_allowed() === false
+                    && (bool) $user_in_db['metaconsole_access_node'] === false))
+                ) {
+                    $this->logged = false;
+                    $this->loginTime = false;
+                    $this->errorLogin = true;
+                    $this->needDoubleAuth = false;
+                    $this->errorDoubleAuth = false;
+                } else {
+                    $user_proccess_login = process_user_login($user, $password);
+                    if ($user_proccess_login !== false) {
+                        $this->logged = true;
+                        $this->user = $user_proccess_login;
+                        $this->loginTime = time();
+                        $this->errorLogin = false;
+                        // The user login was successful, but the second step is not completed.
+                        if ($this->isDobleAuthRequired()) {
+                            $this->needDoubleAuth = true;
+                        }
+                    }
+                }
            }
        }