Allow to blacklist access to servicegroups

application/controllers/ServicegroupController.php

@@ -19,6 +19,8 @@ class ServicegroupController extends Controller
 
     public function init()
     {
+        $this->assertRouteAccess('servicegroups');
+
         $this->setTitle(t('Service Group'));
 
         $name = $this->params->shiftRequired('name');

application/controllers/ServicegroupsController.php

@@ -18,6 +18,13 @@ use ipl\Web\Url;
 
 class ServicegroupsController extends Controller
 {
+    public function init()
+    {
+        parent::init();
+
+        $this->assertRouteAccess();
+    }
+
     public function indexAction()
     {
         $this->setTitle(t('Service Groups'));

configuration.php

@@ -308,10 +308,13 @@ namespace Icinga\Module\Icingadb
         ]);
     }
 
-    $section->add(N_('Service Groups'), [
-        'url' => 'icingadb/servicegroups',
-        'priority' => 80
-    ]);
+    if (! array_key_exists('servicegroups', $routeBlacklist)) {
+        $section->add(N_('Service Groups'), [
+            'url' => 'icingadb/servicegroups',
+            'priority' => 80
+        ]);
+    }
+
     $section->add(N_('History'), [
         'url' => 'icingadb/history',
         'priority' => 90

library/Icingadb/Widget/Detail/ObjectDetail.php

@@ -209,8 +209,11 @@ class ObjectDetail extends BaseHtmlElement
                     : new EmptyState(t('Not a member of any host group.'))
             );
         } else {
-            $servicegroups = $this->object->servicegroup;
-            $this->applyRestrictions($servicegroups);
+            $servicegroups = [];
+            if ($this->isPermittedRoute('servicegroups')) {
+                $servicegroups = $this->object->servicegroup;
+                $this->applyRestrictions($servicegroups);
+            }
 
             $servicegroupList = new TagList();
             foreach ($servicegroups as $servicegroup) {