From 1fcb7b6cb808bd389e0212fc1f7a11237dd6e3d0 Mon Sep 17 00:00:00 2001 From: Adam Amstrong Date: Sat, 23 Apr 2011 10:47:40 +0000 Subject: [PATCH] fix users being able to view ports they are allowed to view, when not allowed to view the device git-svn-id: http://www.observium.org/svn/observer/trunk@2145 61d68cd4-352d-0410-923a-c4978735b2b8 --- html/pages/device.inc.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/html/pages/device.inc.php b/html/pages/device.inc.php index a1881448e..0ae25ced4 100644 --- a/html/pages/device.inc.php +++ b/html/pages/device.inc.php @@ -2,7 +2,7 @@ if ($_GET['id']) { $_GET['id'] = mres($_GET['id']); } -if ($_GET['section'] == "interface" && is_numeric($_GET['opta']) && port_permitted($_GET['opta'])) +if ($_GET['section'] == "port" && is_numeric($_GET['opta']) && port_permitted($_GET['opta'])) { $check_device = get_device_id_by_interface_id($_GET['opta']); $permit_ports = 1; @@ -264,18 +264,18 @@ if (device_permitted($_GET['id']) || $check_device == $_GET['id']) '); } - echo(""); + } + + if(device_permitted($device['device_id']) || $check_device == $_GET['id']) { echo('
'); include("pages/device/".mres(basename($section)).".inc.php"); echo("
"); + } else { + include("includes/error-no-perm.inc.php"); } } -else -{ - include("includes/error-no-perm.inc.php"); -} ?>