2008-10-14 Esteban Sanchez <estebans@artica.es>

* operation/reporting/reporting_viewer.php, operation/reporting/custom_reporting.php: Fixed checking of private reports. * operation/reporting/custom_reporting.php: Do not show reports that user can not see. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1148 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2008-10-14 06:40:05 +00:00 · 2008-10-14 06:40:05 +00:00 · 4b1b4dc1cc
parent a508f64b7e
commit 4b1b4dc1cc
4 changed files with 47 additions and 35 deletions
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@ -1,3 +1,12 @@
+2008-10-14  Esteban Sanchez  <estebans@artica.es>
+
+	* operation/reporting/reporting_viewer.php,
+	operation/reporting/custom_reporting.php: Fixed checking of private
+	reports.
+
+	* operation/reporting/custom_reporting.php: Do not show reports that
+	user can not see.
+
 2008-10-13  Sancho Lerena  <slerena@artica.es>
 	
 	* agent_disk_conf_editor.php: Now load enterprise code
--- a/pandora_console/operation/reporting/custom_reporting.php
+++ b/pandora_console/operation/reporting/custom_reporting.php
@ -53,6 +53,10 @@ $table->align[3] = 'center';
 $table->data = array ();

 foreach ($reports as $report) {
+	if ($report['private'] && ($report['id_user'] != $config['id_user'] && ! dame_admin ($config['id_user']))) {
+		continue;
+	}
+	
 	$data = array ();
 	
 	$data[0] = $report['name'];
--- a/pandora_console/operation/reporting/reporting_viewer.php
+++ b/pandora_console/operation/reporting/reporting_viewer.php
@ -42,7 +42,8 @@ if (! give_acl ($config['id_user'], $report['id_group'], "AR")) {
 require ("include/functions_reporting.php");

 /* Check if the user can see the graph */
-if ($report['id_user'] != $config['id_user'] && ! dame_admin ($config['id_user']) && ! $report['private']) {
+if ($report['private'] && ($report['id_user'] != $config['id_user'] && ! dame_admin ($config['id_user']))) {
+	include ("general/noaccess.php");
 	return;
 }

--- a/pandora_console/operation/reporting/reporting_xml.php
+++ b/pandora_console/operation/reporting/reporting_xml.php
@ -60,7 +60,6 @@ if (isset ($_GET["direct"]))  {
 	$nick = get_parameter ("nick");
 	$pass = get_parameter ("pass");
 	
-	// Connect to Database
 	$sql = sprintf("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `id_usuario` = '%s'",$nick);
 	$row = get_db_row_sql ($sql);
 	
@ -88,8 +87,7 @@ if (isset ($_GET["direct"]))  {
 	} else {
 		// User not known
 		echo "Logon failed";
-                audit_db ($nick, $_SERVER['REMOTE_ADDR'], "Logon Failed",
-                          "Invalid username: " . $nick);
+		audit_db ($nick, $_SERVER['REMOTE_ADDR'], "Logon Failed", "Invalid username: " . $nick);
 		exit;
 	}

@ -118,7 +116,7 @@ if (! give_acl ($config['id_user'], $report['id_group'], "AR")) {
 }

 /* Check if the user can see the graph */
-if ($report['id_user'] != $config['id_user'] && ! dame_admin ($config['id_user']) && ! $report['private']) {
+if ($report['private'] && ($report['id_user'] != $config['id_user'] && ! dame_admin ($config['id_user']))) {
 	return;
 }