From 8187135564116718f34393beed1205a2abcab03c Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@netways.de>
Date: Mon, 15 Jun 2015 15:58:54 +0200
Subject: [PATCH] CommentsController: Restrict display of comments

refs #9009
---
 .../application/controllers/CommentsController.php          | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/monitoring/application/controllers/CommentsController.php b/modules/monitoring/application/controllers/CommentsController.php
index 9b31755cc..a86b30310 100644
--- a/modules/monitoring/application/controllers/CommentsController.php
+++ b/modules/monitoring/application/controllers/CommentsController.php
@@ -30,7 +30,7 @@ class Monitoring_CommentsController extends Controller
             'comment_internal_id',
             (string)$this->params
         ));
-        $this->comments = $this->backend->select()->from('comment', array(
+        $query = $this->backend->select()->from('comment', array(
             'id'         => 'comment_internal_id',
             'objecttype' => 'object_type',
             'comment'    => 'comment_data',
@@ -43,8 +43,10 @@ class Monitoring_CommentsController extends Controller
             'service_description',
             'host_display_name',
             'service_display_name'
-        ))->addFilter($this->filter)->getQuery()->fetchAll();
+        ))->addFilter($this->filter);
+        $this->applyRestriction('monitoring/filter/objects', $query);
 
+        $this->comments = $query->getQuery()->fetchAll();
         if (false === $this->comments) {
             throw new Zend_Controller_Action_Exception($this->translate('Comment not found'));
         }