Improved the ACL of the ehorus integration

pandora_console/operation/agentes/ehorus.php

@@ -16,21 +16,12 @@
 // Load global vars
 global $config;
 
-check_login ();
-
-if (! check_acl ($config['id_user'], 0, 'AM') && ! is_user_admin ($config['id_user'])) {
-	db_pandora_audit('ACL Violation', 'Trying to access eHorus');
-	require ('general/noaccess.php');
-	return;
-}
-
-require_once($config['homedir'] . '/include/functions_ui.php');
-require_once($config['homedir'] . '/include/functions_agents.php');
-
 if (!$config['ehorus_enabled']) {
 	return;
 }
 
+check_login ();
+
 /* Get the parameters */
 $agent_id = (int) get_parameter('id_agente');
 $client_tab = (string) get_parameter('client_tab');
@@ -40,6 +31,17 @@ if (empty($agent_id)) {
 	return;
 }
 
+$group_id = db_get_value('id_grupo', 'tagente', 'id_agente', $agent_id);
+
+if ($group_id === false || (!check_acl($config['id_user'], $group_id, 'AM') && !is_user_admin($config['id_user']))) {
+	db_pandora_audit('ACL Violation', 'Trying to access eHorus');
+	require ('general/noaccess.php');
+	return;
+}
+
+require_once($config['homedir'] . '/include/functions_ui.php');
+require_once($config['homedir'] . '/include/functions_agents.php');
+
 $ehorus_agent_id = agents_get_agent_custom_field($agent_id, $config['ehorus_custom_field']);
 
 if (empty($ehorus_agent_id)) {

pandora_console/operation/agentes/ver_agente.php

@@ -925,7 +925,8 @@ if (enterprise_installed() && $config['log_collector']) {
 }
 
 /* eHorus tab */
-if ($config['ehorus_enabled'] && !empty($config['ehorus_custom_field'])) {
+if ($config['ehorus_enabled'] && !empty($config['ehorus_custom_field'])
+		&& (check_acl($config['id_user'], $id_grupo, 'AM') || is_user_admin($config['id_user']))) {
 	$ehorus_agent_id = agents_get_agent_custom_field($id_agente, $config['ehorus_custom_field']);
 	if (!empty($ehorus_agent_id)) {
 		$tab_url = 'index.php?sec=estado&sec2=operation/agentes/ver_agente&tab=ehorus&id_agente='.$id_agente;