From 578969b98a4382ed1f9a9834f6d4f0e02591798c Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Mon, 5 Dec 2022 13:15:40 +0000
Subject: [PATCH] fail safe room request filtering, fixes #1840

Closes #1840

Merge request studip/studip!1209
---
 app/controllers/room_management/overview.php  | 12 ++---
 .../resources/ResourceRequest.class.php       | 52 +++++++++++++------
 2 files changed, 43 insertions(+), 21 deletions(-)

diff --git a/app/controllers/room_management/overview.php b/app/controllers/room_management/overview.php
index b4f1d63ee01..cbd13d99929 100644
--- a/app/controllers/room_management/overview.php
+++ b/app/controllers/room_management/overview.php
@@ -148,10 +148,9 @@ class RoomManagement_OverviewController extends AuthenticatedController
                     //Global resource admins can see all room requests.
                     //Get the 10 latest requests:
                     $room_requests = RoomRequest::findBySql(
-                        "resource_requests.closed = '0'
+                        "resource_requests.closed = 0
                         ORDER BY chdate DESC
-                        LIMIT 10",
-                        ['room_class_names' => RoomManager::getAllRoomClassNames()]
+                        LIMIT 10"
                     );
                 } else {
                     //Users who aren't global resource admins see only the requests
@@ -175,7 +174,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
                         AND
                         resource_categories.class_name IN ( :room_class_names )
                         AND
-                        resource_requests.closed = '0'
+                        resource_requests.closed = 0
                         ORDER BY chdate DESC
                         LIMIT 10",
                         [
@@ -185,8 +184,9 @@ class RoomManagement_OverviewController extends AuthenticatedController
                     );
                 }
                 $this->room_requests = SimpleCollection::createFromArray($room_requests)
-                    ->filter(function($room_request) {
-                        return $room_request->getEndDate()->getTimestamp() > time();
+                    ->filter(function (RoomRequest $room_request) {
+                        return !$room_request->getEndDate()
+                            || $room_request->getEndDate()->getTimestamp() > time();
                     });
             }
         }
diff --git a/lib/models/resources/ResourceRequest.class.php b/lib/models/resources/ResourceRequest.class.php
index 9cb7296aa73..a398c71ede7 100644
--- a/lib/models/resources/ResourceRequest.class.php
+++ b/lib/models/resources/ResourceRequest.class.php
@@ -50,8 +50,14 @@
  * @property string mkdate database column
  * @property string chdate database column
  * @property Resource resource belongs_to Resource
+ * @property ResourceCategory $category belongs_to Category
  * @property User requester belongs_to User
  * @property User last_modifier belongs_to User
+ * @property Course $course belongs_to Course
+ * @property SeminarCycleDate $cycle belongs_to SeminarCycleDate
+ * @property CourseDate $date belongs_to CourseDate
+ * @property ResourceRequestProperty[]|SimpleORMapCollection $properties has_many ResourceRequestProperty
+ * @property ResourceRequestAppointment[]|SimpleORMapCollection $appointments has_many ResourceRequestAppointment
  *
  *
  * The attributes begin and end are only used in simple resource requests.
@@ -801,46 +807,62 @@ class ResourceRequest extends SimpleORMap implements PrivacyObject, Studip\Calen
     public function getStartDate()
     {
         $start_date = new DateTime();
-        if (count($this->appointments)) {
-            $start_date->setTimestamp($this->appointments[0]->appointment->date);
+        if (count($this->appointments) > 0) {
+            $start_date->setTimestamp($this->appointments->first()->appointment->date);
             return $start_date;
-        } elseif ($this->termin_id) {
+        }
+
+        if ($this->termin_id) {
             $start_date->setTimestamp($this->date->date);
             return $start_date;
-        } elseif ($this->metadate_id) {
-            $start_date->setTimestamp($this->cycle->dates[0]->date);
+        }
+
+        if ($this->metadate_id) {
+            $start_date->setTimestamp($this->cycle->dates->first()->date);
             return $start_date;
-        } elseif ($this->course_id) {
-            $start_date = new DateTime();
-            $start_date->setTimestamp($this->course->dates[0]->date);
+        }
+
+        if ($this->course_id) {
+            $start_date->setTimestamp($this->course->dates->first()->date);
             return $start_date;
-        } elseif ($this->begin) {
+        }
+
+        if ($this->begin) {
             $start_date->setTimestamp($this->begin);
             return $start_date;
         }
+
         return null;
     }
 
     public function getEndDate()
     {
         $end_date = new DateTime();
-        if (count($this->appointments)) {
+        if (count($this->appointments) > 0) {
             $end_date->setTimestamp($this->appointments->last()->appointment->end_time);
             return $end_date;
-        } elseif ($this->termin_id) {
+        }
+
+        if ($this->termin_id) {
             $end_date->setTimestamp($this->date->end_time);
             return $end_date;
-        } elseif ($this->metadate_id) {
+        }
+
+        if ($this->metadate_id) {
             $end_date->setTimestamp($this->cycle->dates->last()->end_time);
             return $end_date;
-        } elseif ($this->course_id) {
-            $end_date = new DateTime();
+        }
+
+        if ($this->course_id) {
             $end_date->setTimestamp($this->course->dates->last()->end_time);
             return $end_date;
-        } elseif ($this->end) {
+        }
+
+        if ($this->end) {
             $end_date->setTimestamp($this->end);
             return $end_date;
         }
+
         return null;
     }
 
-- 
GitLab