Skip to content
Snippets Groups Projects
Commit 599ad994 authored by Elmar Ludwig's avatar Elmar Ludwig Committed by David Siegfried
Browse files

check if the user needs booking rights on the resource, fixes #2570

Closes #2570

Merge request studip/studip!2159
parent 6b037e5e
No related branches found
No related tags found
No related merge requests found
...@@ -485,21 +485,32 @@ class ResourceBooking extends SimpleORMap implements PrivacyObject, Studip\Calen ...@@ -485,21 +485,32 @@ class ResourceBooking extends SimpleORMap implements PrivacyObject, Studip\Calen
$this->booking_user = User::findCurrent(); $this->booking_user = User::findCurrent();
} }
//Check if the user has booking rights on the resource.
//The user must have either permanent permissions or they have to
//have booking rights by a temporary permission in this moment
//(the moment this booking is saved).
$derived_resource = $this->resource->getDerivedClassInstance(); $derived_resource = $this->resource->getDerivedClassInstance();
$user_has_booking_rights = $derived_resource->userHasBookingRights(
$this->booking_user, $this->begin, $this->end // check if the user needs booking rights on the resource
); if (
if (!$user_has_booking_rights) { $this->isFieldDirty('resource_id')
throw new ResourcePermissionException( || $this->isFieldDirty('repetition_interval')
sprintf( || $this->begin < $this->getPristineValue('begin')
_('Unzureichende Berechtigungen zum Buchen der Ressource %s!'), || $this->end > $this->getPristineValue('end')
$this->resource->name || $this->preparation_time > $this->getPristineValue('preparation_time')
) || $this->repeat_end > $this->getPristineValue('repeat_end')
) {
//Check if the user has booking rights on the resource.
//The user must have either permanent permissions or they have to
//have booking rights by a temporary permission in this moment
$user_has_booking_rights = $derived_resource->userHasBookingRights(
$this->booking_user, $this->begin, $this->end
); );
if (!$user_has_booking_rights) {
throw new ResourcePermissionException(
sprintf(
_('Unzureichende Berechtigungen zum Buchen der Ressource %s!'),
$this->resource->name
)
);
}
} }
$time_intervals = $this->calculateTimeIntervals(true); $time_intervals = $this->calculateTimeIntervals(true);
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment