From 2ee187ae53468e90d4b1b8fae1182efc272e5785 Mon Sep 17 00:00:00 2001
From: Luis Calvo <luis.calvo@artica.es>
Date: Mon, 16 Nov 2020 18:30:23 +0100
Subject: [PATCH] Fixed acl on discovery tasklist

---
 pandora_console/godmode/wizards/DiscoveryTaskList.class.php | 4 ++++
 pandora_console/include/class/HTML.class.php                | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/pandora_console/godmode/wizards/DiscoveryTaskList.class.php b/pandora_console/godmode/wizards/DiscoveryTaskList.class.php
index 59a9fab84a..de2f70a629 100644
--- a/pandora_console/godmode/wizards/DiscoveryTaskList.class.php
+++ b/pandora_console/godmode/wizards/DiscoveryTaskList.class.php
@@ -448,6 +448,10 @@ class DiscoveryTaskList extends HTML
             $table->align[9] = 'left';
 
             foreach ($recon_tasks as $task) {
+                if ($this->aclMulticheck('AR|AW|AM', $task['id_group']) === false) {
+                    continue;
+                }
+
                 $no_operations = false;
                 $data = [];
                 $server_name = servers_get_name($task['id_recon_server']);
diff --git a/pandora_console/include/class/HTML.class.php b/pandora_console/include/class/HTML.class.php
index 41ceabf5ab..92cd8cc29f 100644
--- a/pandora_console/include/class/HTML.class.php
+++ b/pandora_console/include/class/HTML.class.php
@@ -254,7 +254,7 @@ class HTML
      *
      * @return boolean Alowed or not.
      */
-    public function aclMulticheck($access=null)
+    public function aclMulticheck($access=null, $id_group=0)
     {
         global $config;
 
@@ -268,7 +268,7 @@ class HTML
         foreach ($perms as $perm) {
             $allowed = $allowed || (bool) check_acl(
                 $config['id_user'],
-                0,
+                $id_group,
                 $perm
             );
         }