monitoring/security: Hide delete comment action in the comments overview if user lacks the respective permission

modules/monitoring/application/controllers/ListController.php

@@ -484,7 +484,10 @@ class Monitoring_ListController extends Controller
                 'comment_expiration'    => $this->translate('Expiration')
             )
         );
-        $this->view->delCommentForm = new DeleteCommentCommandForm();
+
+        if ($this->Auth()->hasPermission('monitoring/command/comment/delete')) {
+            $this->view->delCommentForm = new DeleteCommentCommandForm();
+        }
     }
 
     public function servicegroupsAction()

modules/monitoring/application/views/scripts/list/comments.phtml

@@ -75,6 +75,7 @@
               date('H:i', $comment->expiration)
             ) : $this->translate('This comment does not expire.'); ?>
         </td>
+        <?php if (isset($delCommentForm)): // Form is unset if the current user lacks the respective permission ?>
         <td style="width: 2em" data-base-target="self">
           <?php
           $delCommentForm = clone $delCommentForm;
@@ -87,6 +88,7 @@
           echo $delCommentForm;
           ?>
         </td>
+        <?php endif ?>
       </tr>
 <?php endforeach ?>
     </tbody>