ensure user is actually a member of a course when sending notifications, fixes #2023

Closes #2023 Merge request studip/studip!1317

ensure user is actually a member of a course when sending notifications, fixes #2023
221e61bc · Jan-Hendrik Willms · ffabf00f · 221e61bc · 221e61bc · 221e61bc
Commit 221e61bc authored 2 years ago by Jan-Hendrik Willms
--- a/lib/classes/ModulesNotification.class.php
+++ b/lib/classes/ModulesNotification.class.php
@@ -79,19 +79,24 @@ class ModulesNotification
-    function getAllNotifications ($user_id = NULL)
+    public function getAllNotifications ($user_id = null)
    {
+        if ($user_id === null) {
-        if (is_null($user_id)) {
            $user_id = $GLOBALS['user']->id;
        }
        $my_sem = [];
-        $query = "SELECT s.Seminar_id, s.Name, s.chdate, s.start_time, IFNULL(visitdate, :threshold) AS visitdate "
+        $query = "SELECT s.Seminar_id, s.Name, s.chdate, s.start_time, IFNULL(visitdate, :threshold) AS visitdate
-               . "FROM seminar_user_notifications su "
+                  FROM seminar_user_notifications su
-               . "LEFT JOIN seminare s USING (Seminar_id) "
+                  JOIN seminar_user USING (user_id, seminar_id)
-               . "LEFT JOIN object_user_visits ouv ON (ouv.object_id = su.Seminar_id AND ouv.user_id = :user_id AND ouv.plugin_id = 0) "
+                  JOIN seminare s USING (Seminar_id)
-               . "WHERE su.user_id = :user_id";
+                  LEFT JOIN object_user_visits ouv
+                    ON (
+                        ouv.object_id = su.Seminar_id
+                        AND ouv.user_id = :user_id
+                        AND ouv.plugin_id = 0
+                    )
+                  WHERE su.user_id = :user_id";
        $statement = DBManager::get()->prepare($query);
        $statement->bindValue(':user_id', $user_id);
@@ -101,21 +106,23 @@ class ModulesNotification
            $seminar_id = $row['Seminar_id'];
            $tools = ToolActivation::findbyRange_id($seminar_id);
            $notification = CourseMemberNotification::find([$user_id, $seminar_id]);
+            if (!$notification || count($notification->notification_data) === 0) {
+                continue;
+            }
            $my_sem[$seminar_id] = [
-                    'name'       => $row['Name'],
+                'name'         => $row['Name'],
-                    'chdate'     => $row['chdate'],
+                'chdate'       => $row['chdate'],
-                    'start_time' => $row['start_time'],
+                'start_time'   => $row['start_time'],
-                    'tools'    => new SimpleCollection($tools),
+                'tools'        => new SimpleCollection($tools),
-                    'visitdate'  => $row['visitdate'],
+                'visitdate'    => $row['visitdate'],
-                    'notification'=> $notification ? $notification->notification_data->getArrayCopy() : []
+                'notification' => $notification->notification_data->getArrayCopy(),
            ];
        }
        $visit_data = get_objects_visits(array_keys($my_sem), 'sem', null, $user_id, array_keys($this->registered_notification_modules));
        $news = [];
        foreach ($my_sem as $seminar_id => $s_data) {
-            if (!count($s_data['notification'])) {
-                continue;
-            }
            $navigation = MyRealmModel::getAdditionalNavigations($seminar_id, $s_data, null, $user_id, $visit_data[$seminar_id]);
            $n_data = [];
            foreach ($this->registered_notification_modules as $id => $m_data) {
@@ -124,11 +131,11 @@ class ModulesNotification
                    && $navigation[$id]->getImage()
                    && $navigation[$id]->getImage()->getRole() === Icon::ROLE_ATTENTION
                ) {
-                        $data = $this->getPluginText($navigation[$id], $seminar_id, $id);
+                    $data = $this->getPluginText($navigation[$id], $seminar_id, $id);
-                        if ($data) {
+                    if ($data) {
-                            $n_data[] = $data;
+                        $n_data[] = $data;
-                        }
                    }
+                }
            }
            if (count($n_data)) {
                $news[$s_data['name']] = $n_data;
@@ -149,6 +156,8 @@ class ModulesNotification
            $template_text->set_attribute('sso', $auth_plugin);
            return ['text' => $template_text->render(), 'html' => $template->render()];
        }
+        return null;
    }
    function getPluginText($nav, $seminar_id, $id)

--- a/lib/cronjobs/send_mail_notifications.class.php
+++ b/lib/cronjobs/send_mail_notifications.class.php
@@ -94,40 +94,46 @@ class SendMailNotificationsJob extends CronJob
     */
    public function execute($last_result, $parameters = [])
    {
-        global $user;
+        $notification = new ModulesNotification();
-        $cli_user = $user;
+        $query = "SELECT DISTINCT user_id
+                  FROM seminar_user_notifications
+                  JOIN seminar_user USING (user_id, seminar_id)";
+        DBManager::get()->fetchFirst(
+            $query,
+            [],
+            function ($user_id) use ($parameters, $notification) {
+                $user = User::find($user_id);
+                if (
+                    !$user
+                    || $user->locked
+                    || ($user->config->EXPIRATION_DATE > 0 && $user->config->EXPIRATION_DATE < time())
+                ) {
+                    return;
+                }
-        $notification = new ModulesNotification();
+                $ok = false;
+                $mailmessage = $notification->getAllNotifications($user->id);
-        $query = "SELECT DISTINCT user_id FROM seminar_user_notifications";
+                if ($mailmessage) {
+                    setTempLanguage('', $user->preferred_language);
-        $rs = DBManager::get()->query($query);
+                    $ok = StudipMail::sendMessage(
-        while($r = $rs->fetch()){
+                        $user->email,
-            $user = new Seminar_User($r["user_id"]);
+                        "[" . Config::get()->UNI_NAME_CLEAN . "] " . _('Tägliche Benachrichtigung'),
-            if ($user->locked || ($user->cfg->EXPIRATION_DATE > 0 && $user->cfg->EXPIRATION_DATE < time())) {
+                        $mailmessage['text'],
-                continue;
+                        $user->config->MAIL_AS_HTML ? $mailmessage['html'] : null
-            }
+                    );
-            setTempLanguage('', $user->preferred_language);
+                }
-            $to = $user->email;
-            $title = "[" . Config::get()->UNI_NAME_CLEAN . "] " . _("Tägliche Benachrichtigung");
+                // Unset user configuration cache to preserve memory
-            $mailmessage = $notification->getAllNotifications($user->id);
+                UserConfig::set($user->id, null);
-            $ok = false;
-            if ($mailmessage) {
+                // Log results
-                if ($user->cfg->getValue('MAIL_AS_HTML')) {
+                if ($ok !== false && $parameters['verbose']) {
-                    $smail = new StudipMail();
+                    echo $user->username . ':' . $ok . "\n";
-                    $ok = $smail->setSubject($title)
-                                ->addRecipient($to)
-                                ->setBodyHtml($mailmessage['html'])
-                                ->setBodyText($mailmessage['text'])
-                                ->send();
-                } else {
-                    $ok = StudipMail::sendMessage($to, $title, $mailmessage['text']);
                }
            }
-            UserConfig::set($user->id, null);
+        );
-            if ($ok !== false && $parameters['verbose']) echo $user->username . ':' . $ok . "\n";
-        }
-        $user = $cli_user;
    }
 }
--- a/lib/models/CourseMemberNotification.php
+++ b/lib/models/CourseMemberNotification.php
@@ -20,6 +20,8 @@
 * @property string chdate database column
 * @property User user belongs_to User
 * @property Course course belongs_to Course
+ *
+ * @property JSONArrayObject notification_data
 */
 class CourseMemberNotification extends SimpleORMap implements PrivacyObject
 {

--- a/lib/models/User.class.php
+++ b/lib/models/User.class.php
@@ -68,6 +68,8 @@
 * @property UserInfo   info   has_one UserInfo
 * @property UserOnline online has_one UserOnline
 * @property Kategorie[]|SimpleORMapCollection $profile_categories has_many Kategorie
+ *
+ * @property UserConfig config
 */
 class User extends AuthUserMd5 implements Range, PrivacyObject
 {