From 1517c72be17d7a4dc6247db6d3184211806ba544 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@netways.de>
Date: Wed, 27 May 2015 10:34:10 +0200
Subject: [PATCH] GroupController: Apply permission
 config/application/groups/member/add

refs #8826
---
 application/controllers/GroupController.php | 1 +
 application/controllers/UserController.php  | 9 +++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/application/controllers/GroupController.php b/application/controllers/GroupController.php
index 7c7b11da3..9b16c9880 100644
--- a/application/controllers/GroupController.php
+++ b/application/controllers/GroupController.php
@@ -228,6 +228,7 @@ class GroupController extends AuthBackendController
      */
     public function addmemberAction()
     {
+        $this->assertPermission('config/application/groups/member/add');
         $groupName = $this->params->getRequired('group');
         $backend = $this->getUserGroupBackend($this->params->getRequired('backend'), 'Icinga\Data\Extensible');
 
diff --git a/application/controllers/UserController.php b/application/controllers/UserController.php
index f2c2ba2d4..8b926a44f 100644
--- a/application/controllers/UserController.php
+++ b/application/controllers/UserController.php
@@ -120,8 +120,12 @@ class UserController extends AuthBackendController
             $memberships
         );
 
-        $extensibleBackends = $this->loadUserGroupBackends('Icinga\Data\Extensible');
-        $this->view->showCreateMembershipLink = ! empty($extensibleBackends);
+        if ($this->hasPermission('config/application/groups/member/add')) {
+            $extensibleBackends = $this->loadUserGroupBackends('Icinga\Data\Extensible');
+            $this->view->showCreateMembershipLink = ! empty($extensibleBackends);
+        } else {
+            $this->view->showCreateMembershipLink = false;
+        }
 
         $this->view->user = $user;
         $this->view->backend = $backend;
@@ -220,6 +224,7 @@ class UserController extends AuthBackendController
      */
     public function createmembershipAction()
     {
+        $this->assertPermission('config/application/groups/member/add');
         $userName = $this->params->getRequired('user');
         $backend = $this->getUserBackend($this->params->getRequired('backend'));