From bdc637ff67af3506fa57eb71761bf61bb54d5fe9 Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@netways.de>
Date: Fri, 30 Jan 2015 10:31:49 +0100
Subject: [PATCH] monitoring/security: Guard toggling object features

Toggling object features will only be possible if the user has the permission monitoring/command/feature/object.
---
 .../forms/Command/Object/ToggleObjectFeaturesCommandForm.php     | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/monitoring/application/forms/Command/Object/ToggleObjectFeaturesCommandForm.php b/modules/monitoring/application/forms/Command/Object/ToggleObjectFeaturesCommandForm.php
index bf0a1d8b1..46858555f 100644
--- a/modules/monitoring/application/forms/Command/Object/ToggleObjectFeaturesCommandForm.php
+++ b/modules/monitoring/application/forms/Command/Object/ToggleObjectFeaturesCommandForm.php
@@ -107,6 +107,7 @@ class ToggleObjectFeaturesCommandForm extends ObjectsCommandForm
      */
     public function onSuccess()
     {
+        $this->assertPermission('monitoring/command/feature/object');
         foreach ($this->objects as $object) {
             /** @var \Icinga\Module\Monitoring\Object\MonitoredObject $object */
             foreach ($this->getValues() as $feature => $enabled) {