From c478cc18e494a0b88829011abf60461bdb195826 Mon Sep 17 00:00:00 2001 From: mdtrooper Date: Mon, 6 Feb 2012 17:21:11 +0000 Subject: [PATCH] 2012-02-06 Miguel de Dios * include/functions_api.php: fixed into function "get_events__with_user" when try get list events when empty list of groups for user. * include/api.php: fixed the auth. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@5499 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 7 +++++++ pandora_console/include/api.php | 7 ++++++- pandora_console/include/functions_api.php | 8 +++++++- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index eb0f0136e4..04ce1337e0 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,10 @@ +2012-02-06 Miguel de Dios + + * include/functions_api.php: fixed into function "get_events__with_user" + when try get list events when empty list of groups for user. + + * include/api.php: fixed the auth. + 2012-02-06 Ramon Novoa * operation/netflow/nf_live_view.php: Added ACL checks for filter diff --git a/pandora_console/include/api.php b/pandora_console/include/api.php index 3c2bd26c25..04112e824e 100644 --- a/pandora_console/include/api.php +++ b/pandora_console/include/api.php @@ -52,7 +52,12 @@ if (!empty($apiPassword)) { } } else { - if (isInACL($ipOrigin)) { + $user_in_db = process_user_login($user, $password); + if ($user_in_db !== false) { + $config['id_user'] = $user_in_db; + $correctLogin = true; + } + else if (isInACL($ipOrigin)) { $correctLogin = true; } } diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index db387725ad..0d5851c2c2 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -4348,8 +4348,14 @@ function get_events__with_user($trash1, $trash2, $other, $returnType, $user_in_d //to a function. $groups = users_get_groups ($user_in_db, "IR"); + $is_admin = (bool)db_get_value('is_admin', 'tusuario', 'id_user', $user_in_db); - $sql_post = " AND id_grupo IN (".implode (",", array_keys ($groups)).")"; + if (!empty($groups)) { + $sql_post = " AND id_grupo IN (".implode (",", array_keys ($groups)).")"; + } + else if ($is_admin) { + $sql_post = " AND 1 = 0"; + } // Skip system messages if user is not PM if (!check_acl ($user_in_db, 0, "PM")) {