From daff14df9b36886177e2be0fab5cb271a830b37e Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Mon, 2 Mar 2020 16:39:12 -0500
Subject: [PATCH] Allow users without System::View to read servers.json

---
 web/api/app/Controller/ServersController.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/web/api/app/Controller/ServersController.php b/web/api/app/Controller/ServersController.php
index c30de038f..c3ac6fad7 100644
--- a/web/api/app/Controller/ServersController.php
+++ b/web/api/app/Controller/ServersController.php
@@ -17,12 +17,17 @@ class ServersController extends AppController {
 
   public function beforeFilter() {
     parent::beforeFilter();
+    /*
+     * A user needs the server data to calculate how to view a monitor, and there really isn't anything sensitive in this data.
+     * So it has been decided for now to just let everyone read it.
+     
     global $user;
     $canView = (!$user) || ($user['System'] != 'None');
     if ( !$canView ) {
       throw new UnauthorizedException(__('Insufficient Privileges'));
       return;
     }
+     */
   }
 
 /**
@@ -34,7 +39,7 @@ class ServersController extends AppController {
     $this->Server->recursive = 0;
     
     $options = '';
-    $servers = $this->Server->find('all',$options);
+    $servers = $this->Server->find('all', $options);
 		$this->set(array(
 					'servers' => $servers,
 					'_serialize' => array('servers')
@@ -50,13 +55,13 @@ class ServersController extends AppController {
  */
   public function view($id = null) {
     $this->Server->recursive = 0;
-    if (!$this->Server->exists($id)) {
+    if ( !$this->Server->exists($id) ) {
       throw new NotFoundException(__('Invalid server'));
     }
     $restricted = '';
     
     $options = array('conditions' => array( 
-          array('Server.' . $this->Server->primaryKey => $id),
+          array('Server.'.$this->Server->primaryKey => $id),
           $restricted
           )
         );