From 4726723aaf7191556d50f0634c3a67906b9ece27 Mon Sep 17 00:00:00 2001
From: Viktoria Wiebe <vwiebe@uni-osnabrueck.de>
Date: Fri, 22 Apr 2022 13:55:06 +0000
Subject: [PATCH] fix #379 - allow admins to access/view invisible users
Closes #379
---
app/controllers/resources/resource.php | 2 +-
lib/classes/searchtypes/PermissionSearch.class.php | 4 +++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/app/controllers/resources/resource.php b/app/controllers/resources/resource.php
index 42de1f32127..f152f8efdde 100644
--- a/app/controllers/resources/resource.php
+++ b/app/controllers/resources/resource.php
@@ -148,7 +148,7 @@ class Resources_ResourceController extends AuthenticatedController
protected function getPermissionUserSearch()
{
return QuickSearch::get(
- 'searched_user_id', new StandardSearch('user_id'));
+ 'searched_user_id', new PermissionSearch('user'));
}
diff --git a/lib/classes/searchtypes/PermissionSearch.class.php b/lib/classes/searchtypes/PermissionSearch.class.php
index 035047582bf..cc4ce3ebafe 100644
--- a/lib/classes/searchtypes/PermissionSearch.class.php
+++ b/lib/classes/searchtypes/PermissionSearch.class.php
@@ -139,7 +139,6 @@ class PermissionSearch extends SQLSearch {
AND auth_user_md5.user_id NOT IN (:exclude_user)
AND {$visibility_condition}
ORDER BY auth_user_md5.Nachname, auth_user_md5.Vorname, auth_user_md5.username";
- break;
case 'user_inst':
return "SELECT DISTINCT $first_column, CONCAT(Nachname, ', ', Vorname, ' (', username, ')')
FROM auth_user_md5
@@ -202,6 +201,9 @@ class PermissionSearch extends SQLSearch {
if (in_array($this->search, ['user_not_already_in_sem', 'user_inst_not_already_in_sem'])) {
$data[':sem_perm'] = ['autor', 'tutor', 'dozent'];
}
+ if (in_array($this->search, ['user', 'user_inst'])) {
+ $data[':permission'] = ['autor', 'tutor', 'dozent', 'admin'];
+ }
return $data;
}
--
GitLab