From 8c556d7d197cfbdc4eaebf82fa0b2b99eda45d6a Mon Sep 17 00:00:00 2001 From: Tatiana Llorente Date: Fri, 11 Oct 2019 11:47:38 +0200 Subject: [PATCH] Changed permissions for management users - #4794 --- .../godmode/users/configure_profile.php | 28 ++++++++++++++++--- .../godmode/users/profile_list.php | 5 +++- pandora_console/godmode/users/user_list.php | 4 ++- 3 files changed, 31 insertions(+), 6 deletions(-) diff --git a/pandora_console/godmode/users/configure_profile.php b/pandora_console/godmode/users/configure_profile.php index 418add8aa8..8c69c0e0a9 100644 --- a/pandora_console/godmode/users/configure_profile.php +++ b/pandora_console/godmode/users/configure_profile.php @@ -18,7 +18,7 @@ check_login(); enterprise_hook('open_meta_frame'); -if (! check_acl($config['id_user'], 0, 'PM')) { +if (! check_acl($config['id_user'], 0, 'UM')) { db_pandora_audit( 'ACL Violation', 'Trying to access Profile Management' @@ -320,24 +320,29 @@ if ($id_profile || $new_profile) { $table->data['IM'] = $row; $table->data[] = '
'; + $disable_option = 'javascript: return false;'; + if (check_acl($config['id_user'], 0, 'PM') || users_is_admin()) { + $disable_option = ''; + } + // Users $row = []; $row['name'] = __('Manage users'); - $row['input'] = html_print_checkbox('user_management', 1, $user_management, true); + $row['input'] = html_print_checkbox('user_management', 1, $user_management, true, false, $disable_option); $table->data['UM'] = $row; $table->data[] = '
'; // DB $row = []; $row['name'] = __('Manage database'); - $row['input'] = html_print_checkbox('db_management', 1, $db_management, true); + $row['input'] = html_print_checkbox('db_management', 1, $db_management, true, false, $disable_option); $table->data['DM'] = $row; $table->data[] = '
'; // Pandora $row = []; $row['name'] = __('%s management', get_product_name()); - $row['input'] = html_print_checkbox('pandora_management', 1, $pandora_management, true); + $row['input'] = html_print_checkbox('pandora_management', 1, $pandora_management, true, false, $disable_option); $table->data['PM'] = $row; $table->data[] = '
'; @@ -359,3 +364,18 @@ if ($id_profile || $new_profile) { } enterprise_hook('close_meta_frame'); + +?> + + diff --git a/pandora_console/godmode/users/profile_list.php b/pandora_console/godmode/users/profile_list.php index da77dffd9f..a87323f0f8 100644 --- a/pandora_console/godmode/users/profile_list.php +++ b/pandora_console/godmode/users/profile_list.php @@ -362,7 +362,10 @@ foreach ($profiles as $profile) { $data['PM'] = ($profile['pandora_management'] ? $img : ''); $table->cellclass[]['operations'] = 'action_buttons'; $data['operations'] = ''.html_print_image('images/config.png', true, ['title' => __('Edit')]).''; - $data['operations'] .= ''.html_print_image('images/cross.png', true).''; + if (check_acl($config['id_user'], 0, 'PM') || users_is_admin()) { + $data['operations'] .= ''.html_print_image('images/cross.png', true).''; + } + array_push($table->data, $data); } diff --git a/pandora_console/godmode/users/user_list.php b/pandora_console/godmode/users/user_list.php index 4e8cfbb2c1..6a02f4bb57 100644 --- a/pandora_console/godmode/users/user_list.php +++ b/pandora_console/godmode/users/user_list.php @@ -420,7 +420,9 @@ else { $u = get_user_info($key); $g = users_get_groups($key, 'AR', $u['is_admin']); $result = array_intersect($g, $own_groups); - if (!$usr['is_admin'] && !empty($result)) { + + // Show users without profile too. + if (!$usr['is_admin'] && !empty($result) || (!$usr['is_admin'] && db_get_all_rows_field_filter('tusuario_perfil', 'id_usuario', $usr['id_user']) === false)) { $info[$key] = $usr; }