Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/matomo-org/matomo.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--plugins/ScheduledReports/API.php20
-rw-r--r--plugins/SitesManager/API.php4
2 files changed, 24 insertions, 0 deletions
diff --git a/plugins/ScheduledReports/API.php b/plugins/ScheduledReports/API.php
index e7771d1f8a..e5926e1b44 100644
--- a/plugins/ScheduledReports/API.php
+++ b/plugins/ScheduledReports/API.php
@@ -12,9 +12,11 @@ use Exception;
use Piwik\Common;
use Piwik\Date;
use Piwik\Db;
+use Piwik\NoAccessException;
use Piwik\Piwik;
use Piwik\Plugins\LanguagesManager\LanguagesManager;
use Piwik\Plugins\SegmentEditor\API as APISegmentEditor;
+use Piwik\Plugins\SitesManager\API as SitesManagerApi;
use Piwik\ReportRenderer;
use Piwik\ReportRenderer\Html;
use Piwik\Site;
@@ -288,8 +290,11 @@ class API extends \Piwik\Plugin\API
$report = reset($reports);
$idSite = $report['idsite'];
+ $login = $report['login'];
$reportType = $report['type'];
+ $this->checkUserHasViewPermission($login, $idSite);
+
// override report period
if (empty($period)) {
$period = $report['period'];
@@ -935,4 +940,19 @@ class API extends \Piwik\Plugin\API
return $additionalFile;
}
+
+ private function checkUserHasViewPermission($login, $idSite)
+ {
+ if (empty($idSite)) {
+ return;
+ }
+
+ $idSitesUserHasAccess = SitesManagerApi::getInstance()->getSitesIdWithAtLeastViewAccess($login);
+
+ if (empty($idSitesUserHasAccess)
+ || !in_array($idSite, $idSitesUserHasAccess)
+ ) {
+ throw new NoAccessException(Piwik::translate('General_ExceptionPrivilege', array("'view'")));
+ }
+ }
}
diff --git a/plugins/SitesManager/API.php b/plugins/SitesManager/API.php
index 386734e1f8..222f3be7af 100644
--- a/plugins/SitesManager/API.php
+++ b/plugins/SitesManager/API.php
@@ -340,6 +340,10 @@ class API extends \Piwik\Plugin\API
|| TaskScheduler::isTaskBeingExecuted())
) {
+ if (Piwik::hasTheUserSuperUserAccess($_restrictSitesToLogin)) {
+ return Access::getInstance()->getSitesIdWithAtLeastViewAccess();
+ }
+
$accessRaw = Access::getInstance()->getRawSitesWithSomeViewAccess($_restrictSitesToLogin);
$sitesId = array();
foreach ($accessRaw as $access) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-18 05:30:42 +0300