monitoring/security: Hide delete comment action in the comments overview if user lacks the respective permission

2015-01-23 09:18:29 +01:00 · 2015-01-23 09:18:29 +01:00 · bd65f4d50a
parent ac5ac10feb
commit bd65f4d50a
2 changed files with 6 additions and 1 deletions
--- a/modules/monitoring/application/controllers/ListController.php
+++ b/modules/monitoring/application/controllers/ListController.php
@ -484,7 +484,10 @@ class Monitoring_ListController extends Controller
                'comment_expiration'    => $this->translate('Expiration')
            )
        );
-        $this->view->delCommentForm = new DeleteCommentCommandForm();
+
+        if ($this->Auth()->hasPermission('monitoring/command/comment/delete')) {
+            $this->view->delCommentForm = new DeleteCommentCommandForm();
+        }
    }

    public function servicegroupsAction()
--- a/modules/monitoring/application/views/scripts/list/comments.phtml
+++ b/modules/monitoring/application/views/scripts/list/comments.phtml
@ -75,6 +75,7 @@
              date('H:i', $comment->expiration)
            ) : $this->translate('This comment does not expire.'); ?>
        </td>
+        <?php if (isset($delCommentForm)): // Form is unset if the current user lacks the respective permission ?>
        <td style="width: 2em" data-base-target="self">
          <?php
          $delCommentForm = clone $delCommentForm;
@ -87,6 +88,7 @@
          echo $delCommentForm;
          ?>
        </td>
+        <?php endif ?>
      </tr>
 <?php endforeach ?>
    </tbody>