From 29913883ae1412a53680bd5f46778e3dbcbad193 Mon Sep 17 00:00:00 2001
From: Luis <luis.calvo@artica.es>
Date: Tue, 26 Jan 2021 13:35:46 +0100
Subject: [PATCH] Fixed connected users seeing all users

---
 .../extensions/users_connected.php            | 49 ++++++++++++++-----
 1 file changed, 36 insertions(+), 13 deletions(-)

diff --git a/pandora_console/extensions/users_connected.php b/pandora_console/extensions/users_connected.php
index 820b9b3d96..50e7f7127b 100644
--- a/pandora_console/extensions/users_connected.php
+++ b/pandora_console/extensions/users_connected.php
@@ -36,27 +36,50 @@ function users_extension_main_god($god=true)
     // Header
     ui_print_page_header(__('Users connected'), $image, false, '', $god);
 
-    // Get user conected last 5 minutes
+    // Get groups user has permission
+    $group_um = users_get_groups_UM($config['id_user']);
+    // Is admin or has group permissions all.
+    $groups = implode(',', array_keys($group_um, 1));
+
+    // Get user conected last 5 minutes.Show only those on which the user has permission.
     switch ($config['dbtype']) {
         case 'mysql':
-            $sql = 'SELECT id_user, last_connect
-				FROM tusuario
-				WHERE last_connect > (UNIX_TIMESTAMP(NOW()) - '.SECONDS_5MINUTES.')
-				ORDER BY last_connect DESC';
+            $sql = sprintf(
+                'SELECT tusuario.id_user, tusuario.last_connect
+                FROM tusuario
+                INNER JOIN tusuario_perfil ON tusuario_perfil.id_usuario = tusuario.id_user
+                AND tusuario_perfil.id_grupo IN (%s)                 
+                WHERE last_connect > (UNIX_TIMESTAMP(NOW()) - '.SECONDS_5MINUTES.')
+                GROUP BY tusuario.id_user
+				ORDER BY last_connect DESC',
+                $groups
+            );
         break;
 
         case 'postgresql':
-            $sql = "SELECT id_user, last_connect
-				FROM tusuario
-				WHERE last_connect > (ceil(date_part('epoch', CURRENT_TIMESTAMP)) - ".SECONDS_5MINUTES.')
-				ORDER BY last_connect DESC';
+            $sql = sprintf(
+                "SELECT tusuario.id_user, tusuario.last_connect
+            FROM tusuario
+            INNER JOIN tusuario_perfil ON tusuario_perfil.id_usuario = tusuario.id_user
+            AND tusuario_perfil.id_grupo IN (%s)
+            WHERE last_connect > (ceil(date_part('epoch', CURRENT_TIMESTAMP)) - ".SECONDS_5MINUTES.')
+            GROUP BY tusuario.id_user
+            ORDER BY last_connect DESC',
+                $groups
+            );
         break;
 
         case 'oracle':
-            $sql = "SELECT id_user, last_connect
-				FROM tusuario
-				WHERE last_connect > (ceil((sysdate - to_date('19700101000000','YYYYMMDDHH24MISS')) * (".SECONDS_1DAY.')) - '.SECONDS_5MINUTES.')
-				ORDER BY last_connect DESC';
+            $sql = sprintf(
+                "SELECT tusuario.id_user, tusuario.last_connect
+                FROM tusuario
+                INNER JOIN tusuario_perfil ON tusuario_perfil.id_usuario = tusuario.id_user
+                AND tusuario_perfil.id_grupo IN (%s)
+                WHERE last_connect > (ceil((sysdate - to_date('19700101000000','YYYYMMDDHH24MISS')) * (".SECONDS_1DAY.')) - '.SECONDS_5MINUTES.')
+                GROUP BY tusuario.id_user
+				ORDER BY last_connect DESC',
+                $groups
+            );
         break;
     }