Restrict access to application log with 'application/log' permission

fixes #11279
2016-03-02 20:47:22 +01:00 · 2016-03-02 20:47:22 +01:00 · 88d973ac39
parent 929f45deea
commit 88d973ac39
3 changed files with 9 additions and 5 deletions
--- a/application/controllers/ListController.php
+++ b/application/controllers/ListController.php
@ -39,6 +39,8 @@ class ListController extends Controller
     */
    public function applicationlogAction()
    {
+        $this->assertPermission('application/log');
+
        if (! Logger::writesToFile()) {
            $this->httpNotFound('Page not found');
        }
--- a/library/Icinga/Application/Web.php
+++ b/library/Icinga/Application/Web.php
@ -363,9 +363,10 @@ class Web extends EmbeddedWeb

            if (Logger::writesToFile()) {
                $menu['system']['children']['application_log'] = array(
-                    'label'     => t('Application Log'),
-                    'url'       => 'list/applicationlog',
-                    'priority'  => 710
+                    'label'      => t('Application Log'),
+                    'url'        => 'list/applicationlog',
+                    'permission' => 'application/log',
+                    'priority'   => 710
                );
            }
        } else {
--- a/library/Icinga/Web/Menu.php
+++ b/library/Icinga/Web/Menu.php
@ -260,8 +260,9 @@ class Menu implements RecursiveIterator
            ));
            if (Logger::writesToFile()) {
                $section->add(t('Application Log'), array(
-                    'url'      => 'list/applicationlog',
-                    'priority' => 710
+                    'url'        => 'list/applicationlog',
+                    'permission' => 'application/log',
+                    'priority'   => 710
                ));
            }