From b83abc4dbc3f5725fa79285db00de6728cdb9bd4 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@netways.de>
Date: Mon, 15 Jun 2015 15:58:15 +0200
Subject: [PATCH] CommentController: Restrict display of single comments

refs #9009
---
 .../application/controllers/CommentController.php           | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/monitoring/application/controllers/CommentController.php b/modules/monitoring/application/controllers/CommentController.php
index 7ab331adc..59ad90fc7 100644
--- a/modules/monitoring/application/controllers/CommentController.php
+++ b/modules/monitoring/application/controllers/CommentController.php
@@ -25,7 +25,7 @@ class Monitoring_CommentController extends Controller
     {
         $commentId = $this->params->getRequired('comment_id');
 
-        $this->comment = $this->backend->select()->from('comment', array(
+        $query = $this->backend->select()->from('comment', array(
             'id'         => 'comment_internal_id',
             'objecttype' => 'object_type',
             'comment'    => 'comment_data',
@@ -38,8 +38,10 @@ class Monitoring_CommentController extends Controller
             'service_description',
             'host_display_name',
             'service_display_name'
-        ))->where('comment_internal_id', $commentId)->getQuery()->fetchRow();
+        ))->where('comment_internal_id', $commentId);
+        $this->applyRestriction('monitoring/filter/objects', $query);
 
+        $this->comment = $query->getQuery()->fetchRow();
         if ($this->comment === false) {
             $this->httpNotFound($this->translate('Comment not found'));
         }