fixing permission issue for regular users allowing them to access

history of other servers

src/psm/Module/Server/Controller/AbstractServerController.class.php

@@ -39,10 +39,12 @@ abstract class AbstractServerController extends AbstractController {
 
 	/**
 	 * Get all servers for the current user
+	 * @param int $server_id if true only that server will be retrieved.
 	 * @return array
 	 */
-	public function getServers() {
+	public function getServers($server_id = null) {
 		$sql_join = '';
+		$sql_where = '';
 
 		if($this->user != null && $this->user->getUserLevel() > PSM_USER_ADMIN) {
 			// restrict by user_id
@@ -51,6 +53,10 @@ abstract class AbstractServerController extends AbstractController {
 						AND `us`.`server_id`=`s`.`server_id`
 						)";
 		}
+		if($server_id !== null) {
+			$server_id = intval($server_id);
+			$sql_where ="WHERE `s`.`server_id`={$server_id} ";
+		}
 
 		$sql = "SELECT
 					`s`.`server_id`,
@@ -71,9 +77,14 @@ abstract class AbstractServerController extends AbstractController {
 					`s`.`warning_threshold_counter`
 				FROM `".PSM_DB_PREFIX."servers` AS `s`
 				{$sql_join}
+				{$sql_where}
 				ORDER BY `active` ASC, `status` DESC, `label` ASC";
 		$servers = $this->db->query($sql);
 
+		if($server_id !== null && count($servers) == 1) {
+			$servers = $servers[0];
+		}
+
 		return $servers;
 
 	}

src/psm/Module/Server/Controller/ServerController.class.php

@@ -230,11 +230,8 @@ class ServerController extends AbstractServerController {
 		$server_id = isset($_GET['id']) ? intval($_GET['id']) : 0;
 
 		// get server entry
-		$server = $this->db->selectRow(
-			PSM_DB_PREFIX.'servers',
-			array('server_id' => $server_id)
-		);
-		if (empty($server)) {
+		$server = $this->getServers($server_id);
+		if(empty($server)) {
 			$this->addMessage('Invalid server', 'error');
 			return $this->initializeAction('index');
 		}