Merge branch 'ent-10861-permisos-excesivos-api-para-gestion-usuarios-y-perfiles' into 'develop'

Ent 10861 permisos excesivos api para gestion usuarios y perfiles

See merge request artica/pandorafms!5869

pandora_console/include/functions_api.php

@@ -11645,7 +11645,7 @@ function api_set_add_user_profile($id, $thrash1, $other, $thrash2)
         return;
     }
 
-    if (!check_acl($config['id_user'], 0, 'PM')) {
+    if (!check_acl($config['id_user'], 0, 'UM')) {
         returnError('forbidden', 'string');
         return;
     }
@@ -11669,7 +11669,7 @@ function api_set_add_user_profile($id, $thrash1, $other, $thrash2)
         return;
     }
 
-    if (!check_acl($config['id_user'], $group, 'PM')) {
+    if (!check_acl($config['id_user'], $group, 'UM')) {
         returnError('forbidden', 'string');
         return;
     }
@@ -11704,7 +11704,7 @@ function api_set_delete_user_profile($id, $thrash1, $other, $thrash2)
         return;
     }
 
-    if (!check_acl($config['id_user'], 0, 'PM')) {
+    if (!check_acl($config['id_user'], 0, 'UM')) {
         returnError('forbidden', 'string');
         return;
     }
@@ -11728,7 +11728,7 @@ function api_set_delete_user_profile($id, $thrash1, $other, $thrash2)
         return;
     }
 
-    if (!check_acl($config['id_user'], $group, 'PM')) {
+    if (!check_acl($config['id_user'], $group, 'UM')) {
         returnError('forbidden', 'string');
         return;
     }
@@ -11761,7 +11761,7 @@ function api_get_user_profiles_info($thrash1, $thrash2, $thrash3, $returnType)
 {
     global $config;
 
-    if (!check_acl($config['id_user'], 0, 'PM')) {
+    if (!check_acl($config['id_user'], 0, 'UM')) {
         returnError('forbidden', 'string');
         return;
     }
@@ -16974,7 +16974,7 @@ function api_set_delete_user_permission($thrash1, $thrash2, $other, $returnType)
 {
     global $config;
 
-    if (!check_acl($config['id_user'], 0, 'AW')) {
+    if (!check_acl($config['id_user'], 0, 'UM')) {
         returnError('forbidden', 'string');
         return;
     }