Fixed ACL in reports created by another user in bit RM

2018-05-30 15:09:47 +02:00 · 2018-05-30 15:09:47 +02:00 · 3155fecbfe
parent 061df6495c
commit 3155fecbfe
1 changed files with 10 additions and 17 deletions
--- a/pandora_console/godmode/reporting/reporting_builder.php
+++ b/pandora_console/godmode/reporting/reporting_builder.php
@ -690,25 +690,18 @@ switch ($action) {
 				
 				switch ($type_access_selected) {
 					case 'group_view':
-						$edit = check_acl($config['id_user'],
-							$report['id_group'], "RW");
-						
-						if ($config['id_user'] == $report['id_user'] || is_user_admin ($config["id_user"])) {
-							$delete = true; //owner can delete
-						} else {
-							$delete = false;
-						}
+						$edit = check_acl($config['id_user'], $report['id_group'], "RW");
+						$delete =
+							$edit ||
+							is_user_admin ($config["id_user"]) ||
+							$config['id_user'] == $report['id_user'];
 						break;
 					case 'group_edit':
-						$edit = check_acl($config['id_user'],
-							$report['id_group_edit'], "RW");
-						
-						if ($config['id_user'] == $report['id_user'] || is_user_admin ($config["id_user"])) {
-							$delete = true; //owner can delete
-						} else {
-							$delete = check_acl($config['id_user'],
-								$report['id_group'], "RM");
-						}
+						$edit = check_acl($config['id_user'], $report['id_group_edit'], "RW");
+						$delete =
+							$edit ||
+							is_user_admin ($config["id_user"]) ||
+							$config['id_user'] == $report['id_user'];
 						break;
 					case 'user_edit':
 						if ($config['id_user'] == $report['id_user'] ||