tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed permission checks in event_acl 

Added event response macro _group_custom_id_
This commit is contained in:
fbsanchez 2018-02-16 15:09:37 +01:00
parent 12ef611493
commit 407fbf450f
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pandora_console/include/functions_events.php
View File

@ -1981,6 +1981,11 @@ function events_get_response_target($event_id, $response_id, $server_id, $histor
$event_st = events_display_status($event['estado']);
$target = str_replace('_event_status_', $event_st["title"], $target);
}
if (strpos($target, '_group_custom_id_') !== false) {
$group_custom_id = db_get_value($dbh, "SELECT custom_id FROM tgrupo WHERE id_grupo=?", $event["id_grupo"]);
$event_st = events_display_status($event['estado']);
$target = str_replace('_group_custom_id_', $group_custom_id, $target);
}
// Parse the event custom data
if (!empty($event['custom_data'])){
$custom_data = json_decode (base64_decode ($event['custom_data']));

2
pandora_console/include/functions_tags.php
View File

@ -1482,7 +1482,7 @@ function tags_checks_event_acl($id_user, $id_group, $access, $tags = array(), $c
$group_ids = implode(',', $childrens_ids);
}
$sql = "SELECT id_usuario FROM tusuario_perfil
WHERE id_usuario = '".$config["id_user"]."' AND tags IN ('$tags_str')
WHERE id_usuario = '".$config["id_user"]."' AND (tags IN ('$tags_str') OR tags = '')
AND id_perfil IN (SELECT id_perfil FROM tperfil WHERE ".get_acl_column($access)."=1)
AND id_grupo IN ($group_ids)";
$has_perm = db_get_value_sql ($sql);