monitoring/security: Hide delete downtime action in the downtimes overview if user lacks the respective permission

2015-01-23 09:16:30 +01:00 · 2015-01-23 09:16:30 +01:00 · ac5ac10feb
parent 5967d5fe04
commit ac5ac10feb
2 changed files with 6 additions and 1 deletions
--- a/modules/monitoring/application/controllers/ListController.php
+++ b/modules/monitoring/application/controllers/ListController.php
@ -306,7 +306,10 @@ class Monitoring_ListController extends Controller
        ));

        $this->view->downtimes = $query->paginate();
-        $this->view->delDowntimeForm = new DeleteDowntimeCommandForm();
+
+        if ($this->Auth()->hasPermission('monitoring/command/downtime/delete')) {
+            $this->view->delDowntimeForm = new DeleteDowntimeCommandForm();
+        }
    }

    /**
--- a/modules/monitoring/application/views/scripts/list/downtimes.phtml
+++ b/modules/monitoring/application/views/scripts/list/downtimes.phtml
@ -114,6 +114,7 @@ use Icinga\Module\Monitoring\Object\Service;
        <?php endif ?>
          </small>
        </td>
+        <?php if (isset($delDowntimeForm)): // Form is unset if the current user lacks the respective permission ?>
        <td style="width: 2em" data-base-target="self">
          <?php
          $delDowntimeForm = clone $delDowntimeForm;
@ -126,6 +127,7 @@ use Icinga\Module\Monitoring\Object\Service;
          echo $delDowntimeForm;
          ?>
        </td>
+        <?php endif ?>
      </tr>
 <?php endforeach ?>
    </tbody>