From f46a5872666d2237c478baa3be10d589eef1e5b9 Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@netways.de>
Date: Thu, 22 Jan 2015 17:25:30 +0100
Subject: [PATCH] monitoring/security: Hide 'Remove Problem Acknowledgement'
 action if user lacks the respective permission

---
 .../scripts/show/components/acknowledgement.phtml    |  8 +++++++-
 .../Web/Controller/MonitoredObjectController.php     | 12 +++++++-----
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/modules/monitoring/application/views/scripts/show/components/acknowledgement.phtml b/modules/monitoring/application/views/scripts/show/components/acknowledgement.phtml
index 9b323e2f5..02415ec19 100644
--- a/modules/monitoring/application/views/scripts/show/components/acknowledgement.phtml
+++ b/modules/monitoring/application/views/scripts/show/components/acknowledgement.phtml
@@ -22,7 +22,13 @@ if ($object->getType() === $object::TYPE_HOST) {
 if ($object->acknowledged): ?>
     <tr>
         <th><?= $this->translate('Acknowledged') ?></th>
-        <td><?= $removeAckForm ?></td>
+        <td>
+            <?php if (isset($removeAckForm)) { // Form is unset if the current user lacks the respective permission
+                echo $removeAckForm;
+            } else {
+                echo '&#45;';
+            } ?>
+        </td>
     </tr>
 <?php else: ?>
     <tr>
diff --git a/modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php b/modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php
index dd83f415b..c9ba70dca 100644
--- a/modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php
+++ b/modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php
@@ -67,11 +67,13 @@ abstract class MonitoredObjectController extends Controller
         }
         if ( ! in_array((int) $this->object->state, array(0, 99))) {
             if ((bool) $this->object->acknowledged) {
-                $removeAckForm = new RemoveAcknowledgementCommandForm();
-                $removeAckForm
-                    ->setObjects($this->object)
-                    ->handleRequest();
-                $this->view->removeAckForm = $removeAckForm;
+                if ($auth->hasPermission('monitoring/command/remove-acknowledgement')) {
+                    $removeAckForm = new RemoveAcknowledgementCommandForm();
+                    $removeAckForm
+                        ->setObjects($this->object)
+                        ->handleRequest();
+                    $this->view->removeAckForm = $removeAckForm;
+                }
             } else {
                 $ackForm = new AcknowledgeProblemCommandForm();
                 $ackForm