monitoring/security: Hide 'Check Now' action if user lacks the respective permission

modules/monitoring/application/views/scripts/show/components/checkstatistics.phtml

@@ -23,7 +23,9 @@ if ($object->getType() === $object::TYPE_HOST) {
 <tr>
     <th><?= $this->translate('Last check') ?></th>
     <td data-base-target="_self">
-        <?= $checkNowForm ?>
+        <?php if (isset($checkNowForm)) { // Form is unset if the current user lacks the respective permission
+            echo $checkNowForm;
+        } ?>
         <?= $this->timeSince($object->last_check) ?>
     </td>
 </tr>

modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php

@@ -57,11 +57,14 @@ abstract class MonitoredObjectController extends Controller
     public function showAction()
     {
         $this->setAutorefreshInterval(10);
-        $checkNowForm = new CheckNowCommandForm();
+        $auth = $this->Auth();
-        $checkNowForm
+        if ($auth->hasPermission('monitoring/command/schedule-check')) {
-            ->setObjects($this->object)
+            $checkNowForm = new CheckNowCommandForm();
-            ->handleRequest();
+            $checkNowForm
-        $this->view->checkNowForm = $checkNowForm;
+                ->setObjects($this->object)
+                ->handleRequest();
+            $this->view->checkNowForm = $checkNowForm;
+        }
         if ( ! in_array((int) $this->object->state, array(0, 99))) {
             if ((bool) $this->object->acknowledged) {
                 $removeAckForm = new RemoveAcknowledgementCommandForm();