From 407fbf450f84eb26d8ad9ad73628a4b1d227494a Mon Sep 17 00:00:00 2001 From: fbsanchez Date: Fri, 16 Feb 2018 15:09:37 +0100 Subject: [PATCH] Fixed permission checks in event_acl Added event response macro _group_custom_id_ --- pandora_console/include/functions_events.php | 5 +++++ pandora_console/include/functions_tags.php | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/pandora_console/include/functions_events.php b/pandora_console/include/functions_events.php index 31cfde5fa7..b8c0c6834b 100644 --- a/pandora_console/include/functions_events.php +++ b/pandora_console/include/functions_events.php @@ -1981,6 +1981,11 @@ function events_get_response_target($event_id, $response_id, $server_id, $histor $event_st = events_display_status($event['estado']); $target = str_replace('_event_status_', $event_st["title"], $target); } + if (strpos($target, '_group_custom_id_') !== false) { + $group_custom_id = db_get_value($dbh, "SELECT custom_id FROM tgrupo WHERE id_grupo=?", $event["id_grupo"]); + $event_st = events_display_status($event['estado']); + $target = str_replace('_group_custom_id_', $group_custom_id, $target); + } // Parse the event custom data if (!empty($event['custom_data'])){ $custom_data = json_decode (base64_decode ($event['custom_data'])); diff --git a/pandora_console/include/functions_tags.php b/pandora_console/include/functions_tags.php index 08cfecf26e..6163503d5e 100644 --- a/pandora_console/include/functions_tags.php +++ b/pandora_console/include/functions_tags.php @@ -1482,7 +1482,7 @@ function tags_checks_event_acl($id_user, $id_group, $access, $tags = array(), $c $group_ids = implode(',', $childrens_ids); } $sql = "SELECT id_usuario FROM tusuario_perfil - WHERE id_usuario = '".$config["id_user"]."' AND tags IN ('$tags_str') + WHERE id_usuario = '".$config["id_user"]."' AND (tags IN ('$tags_str') OR tags = '') AND id_perfil IN (SELECT id_perfil FROM tperfil WHERE ".get_acl_column($access)."=1) AND id_grupo IN ($group_ids)"; $has_perm = db_get_value_sql ($sql);