Security: Hide config menu items if the user lacks the required permission

refs #8720
2015-03-12 15:37:56 +01:00 · 2015-03-12 15:37:56 +01:00 · 093dfd627e
parent da16bfcef3
commit 093dfd627e
1 changed files with 6 additions and 4 deletions
--- a/library/Icinga/Web/Menu.php
+++ b/library/Icinga/Web/Menu.php
@ -232,12 +232,14 @@ class Menu implements RecursiveIterator
                'priority' => 200
            ));
            $section->add(t('Configuration'), array(
-                'url'      => 'config',
-                'priority' => 300
+                'url'           => 'config',
+                'permission'    => 'config/application/*',
+                'priority'      => 300
            ));
            $section->add(t('Modules'), array(
-                'url'      => 'config/modules',
-                'priority' => 400
+                'url'           => 'config/modules',
+                'permission'    => 'config/modules',
+                'priority'      => 400
            ));

            if (Logger::writesToFile()) {