require login when an action is called that needs a user object, fixes #944

Closes #944

Merge request studip/studip!535

app/controllers/course/forum/index.php

@@ -177,6 +177,8 @@ class Course_Forum_IndexController extends ForumController
      */
     function newest_action($page = null)
     {
+        ForumPerm::check('fav_entry', $this->getId());
+
         $nav = Navigation::getItem('course/forum2');
         $nav->setImage(Icon::create('forum', 'info'));
         Navigation::activateItem('course/forum2/newest');
@@ -211,6 +213,8 @@ class Course_Forum_IndexController extends ForumController
      */
     function latest_action($page = null)
     {
+        ForumPerm::check('fav_entry', $this->getId());
+
         $nav = Navigation::getItem('course/forum2');
         $nav->setImage(Icon::create('forum', 'info'));
         Navigation::activateItem('course/forum2/latest');
@@ -245,6 +249,8 @@ class Course_Forum_IndexController extends ForumController
      */
     function favorites_action($page = null)
     {
+        ForumPerm::check('fav_entry', $this->getId());
+
         $nav = Navigation::getItem('course/forum2');
         $nav->setImage(Icon::create('forum', 'info'));
         Navigation::activateItem('course/forum2/favorites');
@@ -832,4 +838,13 @@ class Course_Forum_IndexController extends ForumController
 
         ForumHelpers::createPDF($this->getId(), $parent_id);
     }
+
+    public function rescue($exception)
+    {
+        if ($exception instanceof AccessDeniedException) {
+            $GLOBALS['auth']->login_if($GLOBALS['user']->id === 'nobody');
+        }
+
+        parent::rescue($exception);
+    }
 }