configuration.php: Only provide permitted search urls

fixes #976
Icinga · Mar 22, 2024 · 02fb857 · 02fb857
1 parent 1230fae
commit 02fb857
Showing 1 changed file with 24 additions and 17 deletions.
diff --git a/configuration.php b/configuration.php
@@ -136,6 +136,14 @@
     );
 
     if (! $this::exists('monitoring') || ($authenticated && ! $auth->getUser()->can('module/monitoring'))) {
+        $routeDenylist = [];
+        if ($authenticated && ! $auth->getUser()->isUnrestricted()) {
+            // The empty array is for PHP pre 7.4, older versions require at least a single param for array_merge
+            $routeDenylist = array_flip(array_merge([], ...array_map(function ($restriction) {
+                return StringHelper::trimSplit($restriction);
+            }, $auth->getRestrictions('icingadb/denylist/routes'))));
+        }
+
         /*
         * Available navigation items
         */
@@ -165,16 +173,22 @@
             'icingadb/services?sort=service.state.severity&limit=10',
             97
         );
-        $this->provideSearchUrl(
-            $this->translate('Hostgroups'),
-            'icingadb/hostgroups?limit=10',
-            96
-        );
-        $this->provideSearchUrl(
-            $this->translate('Servicegroups'),
-            'icingadb/servicegroups?limit=10',
-            95
-        );
+
+        if (! array_key_exists('hostgroups', $routeDenylist)) {
+            $this->provideSearchUrl(
+                $this->translate('Hostgroups'),
+                'icingadb/hostgroups?limit=10',
+                96
+            );
+        }
+
+        if (! array_key_exists('servicegroups', $routeDenylist)) {
+            $this->provideSearchUrl(
+                $this->translate('Servicegroups'),
+                'icingadb/servicegroups?limit=10',
+                95
+            );
+        }
 
         /**
          * Current Incidents
@@ -340,13 +354,6 @@
             'url'         => 'icingadb/services',
             'icon'        => 'cog'
         ]);
-        $routeDenylist = [];
-        if ($authenticated && ! $auth->getUser()->isUnrestricted()) {
-            // The empty array is for PHP pre 7.4, older versions require at least a single param for array_merge
-            $routeDenylist = array_flip(array_merge([], ...array_map(function ($restriction) {
-                return StringHelper::trimSplit($restriction);
-            }, $auth->getRestrictions('icingadb/denylist/routes'))));
-        }
 
         if (! array_key_exists('hostgroups', $routeDenylist)) {
             $overviewSection->add(N_('Host Groups'), [