tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

prevent nonadmin users from viewing admin users in pandora search

This commit is contained in:
alejandro.campos@artica.es 2021-06-02 12:47:55 +02:00
parent 22f151bc6d
commit 9513386ff7
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pandora_console/operation/search_users.getdata.php
View File

@ -232,7 +232,12 @@ if ($searchUsers) {
// Get group IDs.
$user_groups = array_keys($user_groups);
if (!check_acl_one_of_groups($config['id_user'], $user_groups, 'UM') && $config['id_user'] != $user['id_user']) {
if (check_acl_one_of_groups($config['id_user'], $user_groups, 'UM') === false
&& $config['id_user'] != $user['id_user']
|| (users_is_admin($config['id_user']) === false
&& users_is_admin($user['id_user']) === true)
|| $config['id_user'] === $user['id_user']
) {
unset($users[$key]);
} else {
$users_id[] = $user['id_user'];