From 4cafdbb25f0db644e2cfa72a5661a1e7f4575ce0 Mon Sep 17 00:00:00 2001
From: mdtrooper <tres.14159@gmail.com>
Date: Thu, 27 Jan 2011 12:32:32 +0000
Subject: [PATCH] 2011-01-27  Miguel de Dios  <miguel.dedios@artica.es>

	* include/functions_db.php: fixed the check ACL in function
	"get_agent_modules", the global search alert fixed with this, and I think
	that fixed in other places.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3783 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog                |  6 ++++
 pandora_console/include/functions_db.php | 45 ++++++++++++++++++------
 2 files changed, 41 insertions(+), 10 deletions(-)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index 9109f25cb8..130af91be4 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,9 @@
+2011-01-27  Miguel de Dios  <miguel.dedios@artica.es>
+
+	* include/functions_db.php: fixed the check ACL in function
+	"get_agent_modules", the global search alert fixed with this, and I think
+	that fixed in other places.
+
 2011-01-27  Miguel de Dios  <miguel.dedios@artica.es>
 
 	* operation/search_agents.php: refixed the order of parentheses.
diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php
index c3f15c6caf..d64970eb05 100644
--- a/pandora_console/include/functions_db.php
+++ b/pandora_console/include/functions_db.php
@@ -655,21 +655,46 @@ $modules = get_agent_modules ($id_agent, '*', 'disabled = 0 AND history_data = 0
  * If multiple rows are selected, they will be in an array
  */
 function get_agent_modules ($id_agent, $details = false, $filter = false, $indexed = true, $get_not_init_modules = true) {
+	global $config;
+	
 	$id_agent = safe_int ($id_agent, 1);
 
-	$where = '';
+	$where = " WHERE (
+			1 = (
+				SELECT is_admin
+				FROM tusuario
+				WHERE id_user = '" . $config['id_user'] . "'
+			)
+			OR 
+			tagente_modulo.id_agente IN (
+				SELECT id_agente
+				FROM tagente
+				WHERE id_grupo IN (
+					SELECT id_grupo 
+					FROM tusuario_perfil 
+					WHERE id_usuario = '" . $config['id_user'] . "' 
+						AND id_perfil IN (
+							SELECT id_perfil 
+							FROM tperfil WHERE agent_view = 1
+						)
+					)
+			)
+			OR 0 IN (
+				SELECT id_grupo
+				FROM tusuario_perfil
+				WHERE id_usuario = '" . $config['id_user'] . "'
+					AND id_perfil IN (
+						SELECT id_perfil
+						FROM tperfil WHERE agent_view = 1
+					)
+				)
+		)";
+	
 	if (! empty ($id_agent)) {
-		$where = sprintf (' WHERE id_agente IN (%s)', implode (",", (array) $id_agent));
+		$where .= sprintf (' AND id_agente IN (%s)', implode (",", (array) $id_agent));
 	}
 	
-	if ($where != '') {
-		$where .= ' AND ';
-	}
-	else {
-		$where .= ' WHERE ';
-	}
-	
-	$where .= 'delete_pending = 0 ';
+	$where .= ' AND delete_pending = 0 ';
 	
 	if (! empty ($filter)) {
 		$where .= ' AND ';