Merge branch 'ent-10861-permisos-excesivos-api-para-gestion-usuarios-y-perfiles' into 'develop'

Ent 10861 permisos excesivos api para gestion usuarios y perfiles

See merge request artica/pandorafms!5869
This commit is contained in:
Gorka Sanchez 2023-07-10 07:20:35 +00:00
commit 3ff9b9b3d6
1 changed files with 6 additions and 6 deletions

View File

@ -11645,7 +11645,7 @@ function api_set_add_user_profile($id, $thrash1, $other, $thrash2)
return; return;
} }
if (!check_acl($config['id_user'], 0, 'PM')) { if (!check_acl($config['id_user'], 0, 'UM')) {
returnError('forbidden', 'string'); returnError('forbidden', 'string');
return; return;
} }
@ -11669,7 +11669,7 @@ function api_set_add_user_profile($id, $thrash1, $other, $thrash2)
return; return;
} }
if (!check_acl($config['id_user'], $group, 'PM')) { if (!check_acl($config['id_user'], $group, 'UM')) {
returnError('forbidden', 'string'); returnError('forbidden', 'string');
return; return;
} }
@ -11704,7 +11704,7 @@ function api_set_delete_user_profile($id, $thrash1, $other, $thrash2)
return; return;
} }
if (!check_acl($config['id_user'], 0, 'PM')) { if (!check_acl($config['id_user'], 0, 'UM')) {
returnError('forbidden', 'string'); returnError('forbidden', 'string');
return; return;
} }
@ -11728,7 +11728,7 @@ function api_set_delete_user_profile($id, $thrash1, $other, $thrash2)
return; return;
} }
if (!check_acl($config['id_user'], $group, 'PM')) { if (!check_acl($config['id_user'], $group, 'UM')) {
returnError('forbidden', 'string'); returnError('forbidden', 'string');
return; return;
} }
@ -11761,7 +11761,7 @@ function api_get_user_profiles_info($thrash1, $thrash2, $thrash3, $returnType)
{ {
global $config; global $config;
if (!check_acl($config['id_user'], 0, 'PM')) { if (!check_acl($config['id_user'], 0, 'UM')) {
returnError('forbidden', 'string'); returnError('forbidden', 'string');
return; return;
} }
@ -16974,7 +16974,7 @@ function api_set_delete_user_permission($thrash1, $thrash2, $other, $returnType)
{ {
global $config; global $config;
if (!check_acl($config['id_user'], 0, 'AW')) { if (!check_acl($config['id_user'], 0, 'UM')) {
returnError('forbidden', 'string'); returnError('forbidden', 'string');
return; return;
} }