tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

monitoring/security: Hide delete comment action in the comments overview if user lacks the respective permission

This commit is contained in:
Eric Lippmann 2015-01-23 09:18:29 +01:00
parent ac5ac10feb
commit bd65f4d50a
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/monitoring/application/controllers/ListController.php
View File

@ -484,7 +484,10 @@ class Monitoring_ListController extends Controller
'comment_expiration' => $this->translate('Expiration') 'comment_expiration' => $this->translate('Expiration')
) )
); );
$this->view->delCommentForm = new DeleteCommentCommandForm();
if ($this->Auth()->hasPermission('monitoring/command/comment/delete')) {
$this->view->delCommentForm = new DeleteCommentCommandForm();
}
} }
public function servicegroupsAction() public function servicegroupsAction()

2
modules/monitoring/application/views/scripts/list/comments.phtml
View File

@ -75,6 +75,7 @@
date('H:i', $comment->expiration) date('H:i', $comment->expiration)
) : $this->translate('This comment does not expire.'); ?> ) : $this->translate('This comment does not expire.'); ?>
</td> </td>
<?php if (isset($delCommentForm)): // Form is unset if the current user lacks the respective permission ?>
<td style="width: 2em" data-base-target="self"> <td style="width: 2em" data-base-target="self">
<?php <?php
$delCommentForm = clone $delCommentForm; $delCommentForm = clone $delCommentForm;
@ -87,6 +88,7 @@
echo $delCommentForm; echo $delCommentForm;
?> ?>
</td> </td>
<?php endif ?>
</tr> </tr>
<?php endforeach ?> <?php endforeach ?>
</tbody> </tbody>