Allow to blacklist access to hostgroups

application/controllers/HostgroupController.php

@@ -19,6 +19,8 @@ class HostgroupController extends Controller
 
     public function init()
     {
+        $this->assertRouteAccess('hostgroups');
+
         $this->setTitle(t('Host Group'));
 
         $name = $this->params->shiftRequired('name');

application/controllers/HostgroupsController.php

@@ -18,6 +18,13 @@ use ipl\Web\Url;
 
 class HostgroupsController extends Controller
 {
+    public function init()
+    {
+        parent::init();
+
+        $this->assertRouteAccess();
+    }
+
     public function indexAction()
     {
         $this->setTitle(t('Host Groups'));

configuration.php

@@ -301,10 +301,13 @@ namespace Icinga\Module\Icingadb
         ]);
     }
 
-    $section->add(N_('Host Groups'), [
-        'url' => 'icingadb/hostgroups',
-        'priority' => 80
-    ]);
+    if (! array_key_exists('hostgroups', $routeBlacklist)) {
+        $section->add(N_('Host Groups'), [
+            'url' => 'icingadb/hostgroups',
+            'priority' => 80
+        ]);
+    }
+
     $section->add(N_('Service Groups'), [
         'url' => 'icingadb/servicegroups',
         'priority' => 80

library/Icingadb/Widget/Detail/ObjectDetail.php

@@ -191,8 +191,11 @@ class ObjectDetail extends BaseHtmlElement
         $groups = [Html::tag('h2', t('Groups'))];
 
         if ($this->objectType === 'host') {
-            $hostgroups = $this->object->hostgroup;
-            $this->applyRestrictions($hostgroups);
+            $hostgroups = [];
+            if ($this->isPermittedRoute('hostgroups')) {
+                $hostgroups = $this->object->hostgroup;
+                $this->applyRestrictions($hostgroups);
+            }
 
             $hostgroupList = new TagList();
             foreach ($hostgroups as $hostgroup) {