2011-02-18 Javier Lanz <javier.lanz@artica.es>

* operation/servers/view_server.php: Fixed ACL permissions * operation/servers/view_server_detail.php: Fixed ACL permissions * operation/menu.php: Let an "AR" user view 'Pandora servers' menu Fix: #3183477 git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3923 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2011-02-18 13:28:13 +00:00 · 2011-02-18 13:28:13 +00:00 · 79fbcd9b75
parent 4414864c68
commit 79fbcd9b75
4 changed files with 17 additions and 9 deletions
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@ -1,3 +1,11 @@
+2011-02-18 Javier Lanz <javier.lanz@artica.es>
+
+	* operation/servers/view_server.php: Fixed ACL permissions
+	* operation/servers/view_server_detail.php: Fixed ACL permissions
+	* operation/menu.php: Let an "AR" user view 'Pandora servers' menu
+	
+	Fix: #3183477
+
 2011-02-18 Miguel de Dios  <miguel.dedios@artica.es>

 	* include/ajax/visual_console_builder.ajax.php,
--- a/pandora_console/operation/menu.php
+++ b/pandora_console/operation/menu.php
@ -132,7 +132,7 @@ if (give_acl ($config['id_user'], 0, "AR")) {
 }

 // Agent read, Server read
-if (give_acl ($config['id_user'], 0, "PM")) {
+if (give_acl ($config['id_user'], 0, "AR")) {

 	// Server view
 	$menu["estado_server"]["text"] = __('Pandora servers');
@ -146,12 +146,12 @@ if (give_acl ($config['id_user'], 0, "PM")) {
 	if ($servers === false) {
 		$servers = array ();
 	}
-
-	foreach ($servers as $serverItem) {
-		$sub["operation/servers/view_server_detail&amp;server_id=".$serverItem["id_server"]]["text"] = $serverItem["name"];
+	if (give_acl ($config['id_user'], 0, "PM")) {
+		foreach ($servers as $serverItem) {
+			$sub["operation/servers/view_server_detail&amp;server_id=".$serverItem["id_server"]]["text"] = $serverItem["name"];
+		}
+		$menu["estado_server"]["sub"] = $sub;
 	}
-
-	$menu["estado_server"]["sub"] = $sub;
 	//End of server view

 	//End of server view
--- a/pandora_console/operation/servers/view_server.php
+++ b/pandora_console/operation/servers/view_server.php
@ -21,7 +21,7 @@ require_once ("include/functions_servers.php");

 check_login ();

-if (! give_acl ($config['id_user'], 0, "AR") && ! give_acl ($config['id_user'], 0, "AW")) {
+if (! give_acl ($config['id_user'], 0, "AR")) {
 	pandora_audit("ACL Violation",
 		"Trying to access Server view");
 	require ("general/noaccess.php");
--- a/pandora_console/operation/servers/view_server_detail.php
+++ b/pandora_console/operation/servers/view_server_detail.php
@ -26,10 +26,10 @@ $options = "<li><a href='index.php?sec=estado_server&sec2=operation/servers/view
 print_page_header (__('Pandora servers'), "images/server.png", false, "", false, $options);


-if (! give_acl ($config['id_user'], 0, "AR")) {
+if (! give_acl ($config['id_user'], 0, "PM")) {
 	pandora_audit("ACL Violation",
 		"Trying to access recon task viewer");
-	require ("/general/noaccess.php");
+	require ("general/noaccess.php");
 	return;
 }