From f746ba810931be96aaf1b2299a35d73e38f57f77 Mon Sep 17 00:00:00 2001 From: Alejandro Gallardo Escobar <alex@artica.es> Date: Wed, 22 Jun 2016 14:50:57 +0200 Subject: [PATCH] Improved the ACL of the ehorus integration (cherry picked from commit 55fee7bf8f468d2afd97b52b7c1bdfb0c0ce2257) --- pandora_console/operation/agentes/ehorus.php | 24 ++++++++++--------- .../operation/agentes/ver_agente.php | 3 ++- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/pandora_console/operation/agentes/ehorus.php b/pandora_console/operation/agentes/ehorus.php index 99dbdcae23..c64796e382 100644 --- a/pandora_console/operation/agentes/ehorus.php +++ b/pandora_console/operation/agentes/ehorus.php @@ -16,21 +16,12 @@ // Load global vars global $config; -check_login (); - -if (! check_acl ($config['id_user'], 0, 'AM') && ! is_user_admin ($config['id_user'])) { - db_pandora_audit('ACL Violation', 'Trying to access eHorus'); - require ('general/noaccess.php'); - return; -} - -require_once($config['homedir'] . '/include/functions_ui.php'); -require_once($config['homedir'] . '/include/functions_agents.php'); - if (!$config['ehorus_enabled']) { return; } +check_login (); + /* Get the parameters */ $agent_id = (int) get_parameter('id_agente'); $client_tab = (string) get_parameter('client_tab'); @@ -40,6 +31,17 @@ if (empty($agent_id)) { return; } +$group_id = db_get_value('id_grupo', 'tagente', 'id_agente', $agent_id); + +if ($group_id === false || (!check_acl($config['id_user'], $group_id, 'AM') && !is_user_admin($config['id_user']))) { + db_pandora_audit('ACL Violation', 'Trying to access eHorus'); + require ('general/noaccess.php'); + return; +} + +require_once($config['homedir'] . '/include/functions_ui.php'); +require_once($config['homedir'] . '/include/functions_agents.php'); + $ehorus_agent_id = agents_get_agent_custom_field($agent_id, $config['ehorus_custom_field']); if (empty($ehorus_agent_id)) { diff --git a/pandora_console/operation/agentes/ver_agente.php b/pandora_console/operation/agentes/ver_agente.php index c43afa0d81..4cca1e4131 100644 --- a/pandora_console/operation/agentes/ver_agente.php +++ b/pandora_console/operation/agentes/ver_agente.php @@ -925,7 +925,8 @@ if (enterprise_installed() && $config['log_collector']) { } /* eHorus tab */ -if ($config['ehorus_enabled'] && !empty($config['ehorus_custom_field'])) { +if ($config['ehorus_enabled'] && !empty($config['ehorus_custom_field']) + && (check_acl($config['id_user'], $id_grupo, 'AM') || is_user_admin($config['id_user']))) { $ehorus_agent_id = agents_get_agent_custom_field($id_agente, $config['ehorus_custom_field']); if (!empty($ehorus_agent_id)) { $tab_url = 'index.php?sec=estado&sec2=operation/agentes/ver_agente&tab=ehorus&id_agente='.$id_agente;