tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix credential store ACL, only accces to PM or UM

This commit is contained in:
Calvo 2022-02-24 17:33:13 +01:00
parent 3f7067fe48
commit 4f3c509bde
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pandora_console/include/class/CredentialStore.class.php
View File

@ -158,7 +158,9 @@ class CredentialStore extends Wizard
// Check access.
check_login();
if (! check_acl($config['id_user'], 0, 'AR')) {
if ((bool) check_acl($config['id_user'], 0, 'PM') === false
|| (bool) check_acl($config['id_user'], 0, 'UM') === false
) {
db_pandora_audit(
AUDIT_LOG_ACL_VIOLATION,
'Trying to access credential store'