hide request-buttons for user without permissions, closes #1270

Closes #1270 Merge request studip/studip!877

hide request-buttons for user without permissions, closes #1270
485b9355 · David Siegfried · ef8f85c9 · 485b9355 · 485b9355
Commit 485b9355 authored 2 years ago by David Siegfried
--- a/app/controllers/resources/room.php
+++ b/app/controllers/resources/room.php
@@ -33,6 +33,7 @@ class Resources_RoomController extends AuthenticatedController

    public function index_action($room_id = null)
    {
+        $this->user = User::findCurrent();
        $this->room = Room::find($room_id);

        if (!$this->room) {
@@ -54,20 +55,12 @@ class Resources_RoomController extends AuthenticatedController
            Navigation::activateItem('/room_management/overview/index');
        }

-        $user                                 = User::findCurrent();
-        $current_user_is_resource_admin       = $this->room->userHasPermission(
-            $user,
-            'admin'
-        );
-        $current_user_is_resource_tutor       = $this->room->userHasPermission(
-            $user,
-            'tutor'
-        );
-        $this->current_user_is_resource_autor = $this->room->userHasPermission(
-            $user,
-            'autor'
-        );
-        $current_user_is_resource_user        = $this->room->userHasPermission($user);
+        $this->current_user_is_resource_admin  = $this->room->userHasPermission($this->user, 'admin');
+        $current_user_is_resource_tutor        = $this->room->userHasPermission($this->user, 'tutor');
+        $this->current_user_is_resource_autor  = $this->room->userHasPermission($this->user, 'autor');
+        $this->current_user_has_request_rights = $this->room->userHasRequestRights($this->user);
+        $current_user_is_resource_user         = $this->room->userHasPermission($this->user);
+        $this->booking_plan_is_visible         = $this->room->bookingPlanVisibleForUser($this->user);

        $sidebar           = Sidebar::get();
        $actions           = new ActionsWidget();
@@ -92,7 +85,7 @@ class Resources_RoomController extends AuthenticatedController
                        'target' => '_blank'
                    ]
                );
-            } elseif ($this->room->bookingPlanVisibleForUser($user)) {
+            } elseif ($this->booking_plan_is_visible) {
                $actions_available = true;
                $actions->addLink(
                    _('Belegungsplan'),
@@ -111,7 +104,7 @@ class Resources_RoomController extends AuthenticatedController
                    ]
                );
            }
-            if ($current_user_is_resource_admin) {
+            if ($this->current_user_is_resource_admin) {
                $actions_available = true;
                $actions->addLink(
                    _('Raum bearbeiten'),
@@ -142,7 +135,10 @@ class Resources_RoomController extends AuthenticatedController
                );
            }
        }
-        if (!$this->current_user_is_resource_autor && $this->room->requestable) {
+        if (!$this->current_user_is_resource_autor
+            && $this->room->requestable
+            && $this->current_user_has_request_rights
+        ) {
            $actions_available = true;
            $actions->addLink(
                _('Raum anfragen'),

--- a/app/views/resources/room/index.php
+++ b/app/views/resources/room/index.php
@@ -69,7 +69,7 @@
 <? endif ?>

 <footer data-dialog-button>
-    <? if ($room->userHasPermission(User::findCurrent(), 'autor')) : ?>
+    <? if ($current_user_is_resource_autor) : ?>
        <?= \Studip\LinkButton::create(
            _('Wochenbelegung'),
            $room->getActionURL('booking_plan')
@@ -78,7 +78,7 @@
            _('Semesterbelegung'),
            $room->getActionURL('semester_plan')
        ) ?>
-    <? elseif ($room->bookingPlanVisibleForUser(User::findCurrent())) : ?>
+    <? elseif ($booking_plan_is_visible) : ?>
        <?= \Studip\LinkButton::create(
            _('Belegungsplan'),
            $room->getActionURL('booking_plan')
@@ -97,7 +97,7 @@
            )
        ) ?>
    <? endif ?>
-    <? if ($room->userHasPermission(User::findCurrent(), 'admin')) : ?>
+    <? if ($current_user_is_resource_admin) : ?>
        <?= \Studip\LinkButton::createEdit(
            _('Bearbeiten'),
            $room->getActionURL('edit'),
@@ -106,11 +106,10 @@
            ]
        ) ?>
    <? endif ?>
-    <? if (!$current_user_is_resource_autor && $room->requestable) : ?>
+    <? if (!$current_user_is_resource_autor && $room->requestable && $current_user_has_request_rights) : ?>
        <?= \Studip\LinkButton::create(
            _('Raum anfragen'),
            $room->getActionURL('request'),
            ['data-dialog' => 'size=auto']) ?>
    <? endif ?>
 </footer>
-