2012-02-06 Miguel de Dios <miguel.dedios@artica.es>

* include/functions_api.php: fixed into function "get_events__with_user"
	when try get list events when empty list of groups for user.
	
	* include/api.php: fixed the auth.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@5499 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_console/ChangeLog

@@ -1,3 +1,10 @@
+2012-02-06  Miguel de Dios  <miguel.dedios@artica.es>
+	
+	* include/functions_api.php: fixed into function "get_events__with_user"
+	when try get list events when empty list of groups for user.
+	
+	* include/api.php: fixed the auth.
+
 2012-02-06  Ramon Novoa  <rnovoa@artica.es>
 
 	* operation/netflow/nf_live_view.php: Added ACL checks for filter

pandora_console/include/api.php

@@ -52,7 +52,12 @@ if (!empty($apiPassword)) {
 	}
 }
 else {
-	if (isInACL($ipOrigin)) {
+	$user_in_db = process_user_login($user, $password);
+	if ($user_in_db !== false) {
+		$config['id_user'] = $user_in_db;
+		$correctLogin = true;
+	}
+	else if (isInACL($ipOrigin)) {
 		$correctLogin = true;
 	}
 }

pandora_console/include/functions_api.php

@@ -4348,8 +4348,14 @@ function get_events__with_user($trash1, $trash2, $other, $returnType, $user_in_d
 	//to a function.
 	
 	$groups = users_get_groups ($user_in_db, "IR");
+	$is_admin = (bool)db_get_value('is_admin', 'tusuario', 'id_user', $user_in_db);
 	
+	if (!empty($groups)) {
 		$sql_post = " AND id_grupo IN (".implode (",", array_keys ($groups)).")";
+	}
+	else if ($is_admin) {
+		$sql_post = " AND 1 = 0";
+	}
 	
 	// Skip system messages if user is not PM
 	if (!check_acl ($user_in_db, 0, "PM")) {