From 69da8f97f798d150ec12621a264d75320a03dcd9 Mon Sep 17 00:00:00 2001
From: zarzuelo <zarzuelo@gmail.com>
Date: Mon, 18 Jul 2011 13:14:33 +0000
Subject: [PATCH] 2011-07-18  Sergio Martin <sergio.martin@artica.es>

	* godmode/massive/massive_operations.php
	godmode/massive/massive_delete_profiles.php
	godmode/massive/massive_add_profiles.php: Restringed profiles massive
	operations only to admins for bug: 3294464
	Merged from 3.2.1



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4581 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog                     |  8 ++++++++
 .../godmode/massive/massive_add_profiles.php  |  4 ++--
 .../massive/massive_delete_profiles.php       |  4 ++--
 .../godmode/massive/massive_operations.php    | 19 ++++++++++++++-----
 4 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index b0c829ef1c..f07a5a2094 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,11 @@
+2011-07-18  Sergio Martin <sergio.martin@artica.es>
+
+	* godmode/massive/massive_operations.php
+	godmode/massive/massive_delete_profiles.php
+	godmode/massive/massive_add_profiles.php: Restringed profiles massive
+	operations only to admins for bug: 3294464
+	Merged from 3.2.1
+
 2011-07-18  Sergio Martin <sergio.martin@artica.es>
 
 	* operation/agentes/gis_view.php: Fixed sql typo error
diff --git a/pandora_console/godmode/massive/massive_add_profiles.php b/pandora_console/godmode/massive/massive_add_profiles.php
index 8400815c64..9098f636b5 100644
--- a/pandora_console/godmode/massive/massive_add_profiles.php
+++ b/pandora_console/godmode/massive/massive_add_profiles.php
@@ -17,9 +17,9 @@
 // Load global vars
 check_login ();
 
-if (! check_acl ($config['id_user'], 0, "AW")) {
+if (! check_acl ($config['id_user'], 0, "PM")) {
 	db_pandora_audit("ACL Violation",
-		"Trying to access massive alert deletion");
+		"Trying to access massive profile addition");
 	require ("general/noaccess.php");
 	return;
 }
diff --git a/pandora_console/godmode/massive/massive_delete_profiles.php b/pandora_console/godmode/massive/massive_delete_profiles.php
index d9cf2f2212..96ee68ded8 100644
--- a/pandora_console/godmode/massive/massive_delete_profiles.php
+++ b/pandora_console/godmode/massive/massive_delete_profiles.php
@@ -17,9 +17,9 @@
 // Load global vars
 check_login ();
 
-if (! check_acl ($config['id_user'], 0, "AW")) {
+if (! check_acl ($config['id_user'], 0, "PM")) {
 	db_pandora_audit("ACL Violation",
-		"Trying to access massive alert deletion");
+		"Trying to access massive profile deletion");
 	require ("general/noaccess.php");
 	return;
 }
diff --git a/pandora_console/godmode/massive/massive_operations.php b/pandora_console/godmode/massive/massive_operations.php
index 98473e047a..529aaedb9e 100644
--- a/pandora_console/godmode/massive/massive_operations.php
+++ b/pandora_console/godmode/massive/massive_operations.php
@@ -38,7 +38,12 @@ $options_alerts = array('add_alerts' => __('Massive alerts addition'), 'delete_a
 			
 $options_agents = array('edit_agents' => __('Massive agents edition'), 'delete_agents' => __('Massive agents deletion'));
 
-$options_users = array('add_profiles' => __('Massive profiles addition'), 'delete_profiles' => __('Massive profiles deletion'));
+if (check_acl ($config['id_user'], 0, "PM")) {
+	$options_users = array('add_profiles' => __('Massive profiles addition'), 'delete_profiles' => __('Massive profiles deletion'));
+}
+else {
+	$option_users = array();
+}
 
 $options_modules = array('delete_modules' => __('Massive modules deletion'), 'edit_modules' => __('Massive modules edition'), 
 				'copy_modules' => __('Massive modules copy'));
@@ -104,10 +109,14 @@ $alertstab = array('text' => '<a href="index.php?sec=gmassive&sec2=godmode/massi
 		. html_print_image ('images/bell.png', true, array ('title' => __('Alerts operations')))
 		. '</a>', 'active' => $tab == 'massive_alerts');
 		
-
-$userstab = array('text' => '<a href="index.php?sec=gmassive&sec2=godmode/massive/massive_operations&tab=massive_users">'
-		. html_print_image ('images/group.png', true, array ('title' => __('Users operations')))
-		. '</a>', 'active' => $tab == 'massive_users');
+if (check_acl ($config['id_user'], 0, "PM")) {
+	$userstab = array('text' => '<a href="index.php?sec=gmassive&sec2=godmode/massive/massive_operations&tab=massive_users">'
+			. html_print_image ('images/group.png', true, array ('title' => __('Users operations')))
+			. '</a>', 'active' => $tab == 'massive_users');
+}
+else {
+	$userstab = array();
+}
 		
 $agentstab = array('text' => '<a href="index.php?sec=gmassive&sec2=godmode/massive/massive_operations&tab=massive_agents">'
 		. html_print_image ('images/bricks.png', true, array ('title' => __('Agents operations')))