From 093dfd627ea563e61189782f3390dea0b6744290 Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@netways.de>
Date: Thu, 12 Mar 2015 15:37:56 +0100
Subject: [PATCH] Security: Hide config menu items if the user lacks the
 required permission

refs #8720
---
 library/Icinga/Web/Menu.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/library/Icinga/Web/Menu.php b/library/Icinga/Web/Menu.php
index 872fd3249..3e7882bfc 100644
--- a/library/Icinga/Web/Menu.php
+++ b/library/Icinga/Web/Menu.php
@@ -232,12 +232,14 @@ class Menu implements RecursiveIterator
                 'priority' => 200
             ));
             $section->add(t('Configuration'), array(
-                'url'      => 'config',
-                'priority' => 300
+                'url'           => 'config',
+                'permission'    => 'config/application/*',
+                'priority'      => 300
             ));
             $section->add(t('Modules'), array(
-                'url'      => 'config/modules',
-                'priority' => 400
+                'url'           => 'config/modules',
+                'permission'    => 'config/modules',
+                'priority'      => 400
             ));
 
             if (Logger::writesToFile()) {