tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 16:55:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed ACL in reports created by another user in bit RM

Browse Source
This commit is contained in:
fermin831 2018-05-30 15:09:47 +02:00
parent 061df6495c
commit 3155fecbfe
1 changed files with 10 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
pandora_console/godmode/reporting/reporting_builder.php
View File

@ -690,25 +690,18 @@ switch ($action) {
switch ($type_access_selected) { switch ($type_access_selected) {
case 'group_view': case 'group_view':
$edit = check_acl($config['id_user'], $edit = check_acl($config['id_user'], $report['id_group'], "RW");
$report['id_group'], "RW"); $delete =
$edit ||
if ($config['id_user'] == $report['id_user'] || is_user_admin ($config["id_user"])) { is_user_admin ($config["id_user"]) ||
$delete = true; //owner can delete $config['id_user'] == $report['id_user'];
} else {
$delete = false;
}
break; break;
case 'group_edit': case 'group_edit':
$edit = check_acl($config['id_user'], $edit = check_acl($config['id_user'], $report['id_group_edit'], "RW");
$report['id_group_edit'], "RW"); $delete =
$edit ||
if ($config['id_user'] == $report['id_user'] || is_user_admin ($config["id_user"])) { is_user_admin ($config["id_user"]) ||
$delete = true; //owner can delete $config['id_user'] == $report['id_user'];
} else {
$delete = check_acl($config['id_user'],
$report['id_group'], "RM");
}
break; break;
case 'user_edit': case 'user_edit':
if ($config['id_user'] == $report['id_user'] || if ($config['id_user'] == $report['id_user'] ||