From 64ac9bf3e725a265262317d8ae25dc28d845f1fe Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+github@gmail.com>
Date: Thu, 11 Nov 2021 15:27:43 +0100
Subject: [PATCH] allow admin access to consultations on profile, fixes #414

---
 app/controllers/consultation/admin.php | 9 +++++++--
 lib/models/User.class.php              | 1 +
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/app/controllers/consultation/admin.php b/app/controllers/consultation/admin.php
index 0ca50b37c02..b8f2b95964d 100644
--- a/app/controllers/consultation/admin.php
+++ b/app/controllers/consultation/admin.php
@@ -28,7 +28,7 @@ class Consultation_AdminController extends ConsultationController
         $this->setupSidebar($action, $this->range_config);
 
         // Show information about which user is edited when a deputy edits
-        if ($this->range instanceof User && Deputy::isDeputy($GLOBALS['user']->id, $this->range->id, true)) {
+        if ($this->range instanceof User && !$this->isOwnProfile()) {
             $message = sprintf(
                 _('Daten von: %1$s (%2$s), Status: %3$s'),
                 htmlReady($this->range->getFullName()),
@@ -735,7 +735,7 @@ class Consultation_AdminController extends ConsultationController
         }
 
         foreach ($slot_ids as $slot_id) {
-            list($block_id, $slot_id) = explode('-', $slot_id);
+            [$block_id, $slot_id] = explode('-', $slot_id);
             try {
                 if ($slot = $this->loadSlot($block_id, $slot_id)) {
                     $slots[$slot->id] = $slot;
@@ -831,4 +831,9 @@ class Consultation_AdminController extends ConsultationController
              ? $this->range->getConfiguration()
              : $GLOBALS['user']->cfg;
     }
+
+    private function isOwnProfile()
+    {
+        return $this->range->username === $GLOBALS['user']->username;
+    }
 }
diff --git a/lib/models/User.class.php b/lib/models/User.class.php
index 3212b70f7f4..7853ccbd3af 100644
--- a/lib/models/User.class.php
+++ b/lib/models/User.class.php
@@ -1413,6 +1413,7 @@ class User extends AuthUserMd5 implements Range, PrivacyObject
             $user_id = $GLOBALS['user']->id;
         }
         return $user_id === $this->user_id
+            || $GLOBALS['perm']->have_profile_perm('admin', $this->user_id)
             || Deputy::isDeputy($user_id, $this->user_id, true)
             || self::find($user_id)->perms === 'root';
     }
-- 
GitLab