From fd2ecf395db1641754366e850c921b02097eb2a8 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@netways.de>
Date: Wed, 27 May 2015 10:32:09 +0200
Subject: [PATCH] GroupController: Apply permission
 config/application/groups/add

refs #8826
---
 application/controllers/GroupController.php | 1 +
 application/views/scripts/group/list.phtml  | 2 +-
 application/views/scripts/group/show.phtml  | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/application/controllers/GroupController.php b/application/controllers/GroupController.php
index 53bfa204c..fe8853a06 100644
--- a/application/controllers/GroupController.php
+++ b/application/controllers/GroupController.php
@@ -165,6 +165,7 @@ class GroupController extends AuthBackendController
      */
     public function addAction()
     {
+        $this->assertPermission('config/application/groups/add');
         $backend = $this->getUserGroupBackend($this->params->getRequired('backend'), 'Icinga\Data\Extensible');
         $form = new UserGroupForm();
         $form->setRedirectUrl(Url::fromPath('group/list', array('backend' => $backend->getName())));
diff --git a/application/views/scripts/group/list.phtml b/application/views/scripts/group/list.phtml
index c737af078..3ad65f624 100644
--- a/application/views/scripts/group/list.phtml
+++ b/application/views/scripts/group/list.phtml
@@ -22,8 +22,8 @@ if ($backend === null) {
     echo $this->translate('No backend found which is able to list groups') . '</div>';
     return;
 } else {
-    $extensible = $backend instanceof Extensible;
     $reducible = $backend instanceof Reducible;
+    $extensible = $this->hasPermission('config/application/groups/add') && $backend instanceof Extensible;
 }
 
 if (count($groups) > 0): ?>
diff --git a/application/views/scripts/group/show.phtml b/application/views/scripts/group/show.phtml
index 718dde255..61f793cb7 100644
--- a/application/views/scripts/group/show.phtml
+++ b/application/views/scripts/group/show.phtml
@@ -3,7 +3,7 @@
 use Icinga\Data\Extensible;
 use Icinga\Data\Updatable;
 
-$extensible = $backend instanceof Extensible;
+$extensible = $this->hasPermission('config/application/groups/add') && $backend instanceof Extensible;
 
 $editLink = null;
 if ($backend instanceof Updatable) {