2011-01-27 Miguel de Dios <miguel.dedios@artica.es>

* include/functions_db.php: fixed the check ACL in function "get_agent_modules", the global search alert fixed with this, and I think that fixed in other places. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3783 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2011-01-27 12:32:32 +00:00 · 2011-01-27 12:32:32 +00:00 · 4cafdbb25f
parent bb90e101bc
commit 4cafdbb25f
2 changed files with 41 additions and 10 deletions
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@ -1,3 +1,9 @@
+2011-01-27  Miguel de Dios  <miguel.dedios@artica.es>
+
+	* include/functions_db.php: fixed the check ACL in function
+	"get_agent_modules", the global search alert fixed with this, and I think
+	that fixed in other places.
+
 2011-01-27  Miguel de Dios  <miguel.dedios@artica.es>

 	* operation/search_agents.php: refixed the order of parentheses.
--- a/pandora_console/include/functions_db.php
+++ b/pandora_console/include/functions_db.php
@ -655,21 +655,46 @@ $modules = get_agent_modules ($id_agent, '*', 'disabled = 0 AND history_data = 0
 * If multiple rows are selected, they will be in an array
 */
 function get_agent_modules ($id_agent, $details = false, $filter = false, $indexed = true, $get_not_init_modules = true) {
+	global $config;
+	
 	$id_agent = safe_int ($id_agent, 1);

-	$where = '';
+	$where = " WHERE (
+			1 = (
+				SELECT is_admin
+				FROM tusuario
+				WHERE id_user = '" . $config['id_user'] . "'
+			)
+			OR 
+			tagente_modulo.id_agente IN (
+				SELECT id_agente
+				FROM tagente
+				WHERE id_grupo IN (
+					SELECT id_grupo 
+					FROM tusuario_perfil 
+					WHERE id_usuario = '" . $config['id_user'] . "' 
+						AND id_perfil IN (
+							SELECT id_perfil 
+							FROM tperfil WHERE agent_view = 1
+						)
+					)
+			)
+			OR 0 IN (
+				SELECT id_grupo
+				FROM tusuario_perfil
+				WHERE id_usuario = '" . $config['id_user'] . "'
+					AND id_perfil IN (
+						SELECT id_perfil
+						FROM tperfil WHERE agent_view = 1
+					)
+				)
+		)";
+	
 	if (! empty ($id_agent)) {
-		$where = sprintf (' WHERE id_agente IN (%s)', implode (",", (array) $id_agent));
+		$where .= sprintf (' AND id_agente IN (%s)', implode (",", (array) $id_agent));
 	}
 	
-	if ($where != '') {
-		$where .= ' AND ';
-	}
-	else {
-		$where .= ' WHERE ';
-	}
-	
-	$where .= 'delete_pending = 0 ';
+	$where .= ' AND delete_pending = 0 ';
 	
 	if (! empty ($filter)) {
 		$where .= ' AND ';