Prevent display of events to non-admins/non-roots [Tracker #10911]

application/libraries/Login_session.php

@@ -128,7 +128,8 @@ public function authenticate($username, $password)
                 $nav_access = array(
                     'dashboard' => $authorization->check_acl($username, '/app/dashboard'),
                     'marketplace' => $authorization->check_acl($username, '/app/marketplace'),
-                    'support' => $authorization->check_acl($username, '/app/support')
+                    'support' => $authorization->check_acl($username, '/app/support'),
+                    'events' => $authorization->check_acl($username, '/app/events')
                 );
                 $this->framework->session->set_userdata('nav_acl', $nav_access);
             }

application/libraries/Page.php

@@ -994,7 +994,8 @@ protected function _display_page()
             $events = new Events();
 
             try {
-                $this->data['alerts'] = $events->get_events(Events::FLAG_WARN | Events::FLAG_CRIT, Events::FLAG_RESOLVED, 5);
+                if ($this->framework->session->userdata('username') == 'root' || $this->framework->session->userdata['nav_acl']['events'])
+                    $this->data['alerts'] = $events->get_events(Events::FLAG_WARN | Events::FLAG_CRIT, Events::FLAG_RESOLVED, 5);
             } catch (\Exception $e) {
                 // Not fatal
             }