fix #379 - allow admins to access/view invisible users

Closes #379

fix #379 - allow admins to access/view invisible users
4726723a · Viktoria Wiebe · Jan-Hendrik Willms · 209aabc2 · 4726723a · 4726723a
Commit 4726723a authored 3 years ago by Viktoria Wiebe Committed by Jan-Hendrik Willms 3 years ago
--- a/app/controllers/resources/resource.php
+++ b/app/controllers/resources/resource.php
@@ -148,7 +148,7 @@ class Resources_ResourceController extends AuthenticatedController
    protected function getPermissionUserSearch()
    {
        return QuickSearch::get(
-            'searched_user_id', new StandardSearch('user_id'));
+            'searched_user_id', new PermissionSearch('user'));
    }

--- a/lib/classes/searchtypes/PermissionSearch.class.php
+++ b/lib/classes/searchtypes/PermissionSearch.class.php
@@ -139,7 +139,6 @@ class PermissionSearch extends SQLSearch {
                          AND auth_user_md5.user_id NOT IN (:exclude_user)
                          AND {$visibility_condition}
                        ORDER BY auth_user_md5.Nachname, auth_user_md5.Vorname, auth_user_md5.username";
-            break;
            case 'user_inst':
                return "SELECT DISTINCT $first_column, CONCAT(Nachname, ', ', Vorname, ' (', username, ')')
                        FROM auth_user_md5
@@ -202,6 +201,9 @@ class PermissionSearch extends SQLSearch {
        if (in_array($this->search, ['user_not_already_in_sem', 'user_inst_not_already_in_sem'])) {
            $data[':sem_perm'] = ['autor', 'tutor', 'dozent'];
        }
+        if (in_array($this->search, ['user', 'user_inst'])) {
+            $data[':permission'] = ['autor', 'tutor', 'dozent', 'admin'];
+        }
        return $data;
    }