From fd77c3083804e1967d5830435dbcd0d0f5b491c2 Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@netways.de>
Date: Thu, 23 Jul 2015 12:57:23 +0200
Subject: [PATCH] Don't load module dashboards if the authenticated user lacks
 the module permission

refs #9644
---
 library/Icinga/Web/Widget/Dashboard.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/library/Icinga/Web/Widget/Dashboard.php b/library/Icinga/Web/Widget/Dashboard.php
index 1d6a882f1..0bb7ce2e5 100644
--- a/library/Icinga/Web/Widget/Dashboard.php
+++ b/library/Icinga/Web/Widget/Dashboard.php
@@ -70,13 +70,13 @@ class Dashboard extends AbstractWidget
     {
         $manager = Icinga::app()->getModuleManager();
         foreach ($manager->getLoadedModules() as $module) {
-            /** @var $module \Icinga\Application\Modules\Module */
-            $this->mergePanes($module->getPaneItems());
+            if ($this->getUser()->can($manager::MODULE_PERMISSION_NS . $module->getName())) {
+                $this->mergePanes($module->getPaneItems());
+            }
 
         }
-        if ($this->user !== null) {
-            $this->loadUserDashboards();
-        }
+
+        $this->loadUserDashboards();
 
         return $this;
     }
@@ -90,11 +90,11 @@ class Dashboard extends AbstractWidget
     {
         $output = array();
         foreach ($this->panes as $pane) {
-            if ($pane->isUserWidget() === true) {
+            if ($pane->isUserWidget()) {
                 $output[$pane->getName()] = $pane->toArray();
             }
             foreach ($pane->getDashlets() as $dashlet) {
-                if ($dashlet->isUserWidget() === true) {
+                if ($dashlet->isUserWidget()) {
                     $output[$pane->getName() . '.' . $dashlet->getTitle()] = $dashlet->toArray();
                 }
             }