Fixed 2 wrong ACL check about reporting.

- 'IR' was required for listing custom graphs at editting items.
  - 'IW' was required for add/delete SLA items at editting SLA items
This commit is contained in:
Hirofumi Kosaka 2017-03-16 19:54:05 +09:00
parent e7fa5d1f00
commit f4c812c469
2 changed files with 3 additions and 3 deletions

View File

@ -1141,7 +1141,7 @@ You can of course remove the warnings, that's why we include the source and do n
html_print_select($graphs, 'id_custom_graph', $value_selected, 'change_custom_graph();', __('None'), 0);
}
else {
$list_custom_graphs = custom_graphs_get_user ($config['id_user'], false, true, "IR");
$list_custom_graphs = custom_graphs_get_user ($config['id_user'], false, true, "RR");
$graphs = array();
foreach ($list_custom_graphs as $custom_graph) {

View File

@ -19,7 +19,7 @@ global $config;
// Login check
check_login ();
if (! check_acl ($config['id_user'], 0, "IW")) {
if (! check_acl ($config['id_user'], 0, "RW")) {
db_pandora_audit("ACL Violation",
"Trying to access report builder");
require ("general/noaccess.php");