From f746ba810931be96aaf1b2299a35d73e38f57f77 Mon Sep 17 00:00:00 2001
From: Alejandro Gallardo Escobar <alex@artica.es>
Date: Wed, 22 Jun 2016 14:50:57 +0200
Subject: [PATCH] Improved the ACL of the ehorus integration (cherry picked
 from commit 55fee7bf8f468d2afd97b52b7c1bdfb0c0ce2257)

---
 pandora_console/operation/agentes/ehorus.php  | 24 ++++++++++---------
 .../operation/agentes/ver_agente.php          |  3 ++-
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/pandora_console/operation/agentes/ehorus.php b/pandora_console/operation/agentes/ehorus.php
index 99dbdcae23..c64796e382 100644
--- a/pandora_console/operation/agentes/ehorus.php
+++ b/pandora_console/operation/agentes/ehorus.php
@@ -16,21 +16,12 @@
 // Load global vars
 global $config;
 
-check_login ();
-
-if (! check_acl ($config['id_user'], 0, 'AM') && ! is_user_admin ($config['id_user'])) {
-	db_pandora_audit('ACL Violation', 'Trying to access eHorus');
-	require ('general/noaccess.php');
-	return;
-}
-
-require_once($config['homedir'] . '/include/functions_ui.php');
-require_once($config['homedir'] . '/include/functions_agents.php');
-
 if (!$config['ehorus_enabled']) {
 	return;
 }
 
+check_login ();
+
 /* Get the parameters */
 $agent_id = (int) get_parameter('id_agente');
 $client_tab = (string) get_parameter('client_tab');
@@ -40,6 +31,17 @@ if (empty($agent_id)) {
 	return;
 }
 
+$group_id = db_get_value('id_grupo', 'tagente', 'id_agente', $agent_id);
+
+if ($group_id === false || (!check_acl($config['id_user'], $group_id, 'AM') && !is_user_admin($config['id_user']))) {
+	db_pandora_audit('ACL Violation', 'Trying to access eHorus');
+	require ('general/noaccess.php');
+	return;
+}
+
+require_once($config['homedir'] . '/include/functions_ui.php');
+require_once($config['homedir'] . '/include/functions_agents.php');
+
 $ehorus_agent_id = agents_get_agent_custom_field($agent_id, $config['ehorus_custom_field']);
 
 if (empty($ehorus_agent_id)) {
diff --git a/pandora_console/operation/agentes/ver_agente.php b/pandora_console/operation/agentes/ver_agente.php
index c43afa0d81..4cca1e4131 100644
--- a/pandora_console/operation/agentes/ver_agente.php
+++ b/pandora_console/operation/agentes/ver_agente.php
@@ -925,7 +925,8 @@ if (enterprise_installed() && $config['log_collector']) {
 }
 
 /* eHorus tab */
-if ($config['ehorus_enabled'] && !empty($config['ehorus_custom_field'])) {
+if ($config['ehorus_enabled'] && !empty($config['ehorus_custom_field'])
+		&& (check_acl($config['id_user'], $id_grupo, 'AM') || is_user_admin($config['id_user']))) {
 	$ehorus_agent_id = agents_get_agent_custom_field($id_agente, $config['ehorus_custom_field']);
 	if (!empty($ehorus_agent_id)) {
 		$tab_url = 'index.php?sec=estado&sec2=operation/agentes/ver_agente&tab=ehorus&id_agente='.$id_agente;