Skip to content
Snippets Groups Projects
Commit aee06a2a authored by Jan-Hendrik Willms's avatar Jan-Hendrik Willms
Browse files

fix permission handling, fixes #2160

Closes #2160

Merge request studip/studip!1395
parent e343ab9e
No related branches found
No related tags found
No related merge requests found
...@@ -28,7 +28,7 @@ class RoomManagement_OverviewController extends AuthenticatedController ...@@ -28,7 +28,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
{ {
public function before_filter(&$action, &$args) public function before_filter(&$action, &$args)
{ {
if ($action == 'public_booking_plans') { if ($action === 'public_booking_plans') {
if (Config::get()->RESOURCES_SHOW_PUBLIC_ROOM_PLANS) { if (Config::get()->RESOURCES_SHOW_PUBLIC_ROOM_PLANS) {
$this->allow_nobody = true; $this->allow_nobody = true;
} else { } else {
...@@ -36,6 +36,7 @@ class RoomManagement_OverviewController extends AuthenticatedController ...@@ -36,6 +36,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
} }
} }
parent::before_filter($action, $args); parent::before_filter($action, $args);
$this->user = User::findCurrent(); $this->user = User::findCurrent();
$this->user_is_root = $GLOBALS['perm']->have_perm('root'); $this->user_is_root = $GLOBALS['perm']->have_perm('root');
$this->user_is_global_resource_user = ResourceManager::userHasGlobalPermission($this->user); $this->user_is_global_resource_user = ResourceManager::userHasGlobalPermission($this->user);
...@@ -43,16 +44,13 @@ class RoomManagement_OverviewController extends AuthenticatedController ...@@ -43,16 +44,13 @@ class RoomManagement_OverviewController extends AuthenticatedController
$this->show_resource_actions = ( $this->show_resource_actions = (
ResourceManager::userHasGlobalPermission($this->user, 'autor') ResourceManager::userHasGlobalPermission($this->user, 'autor')
|| || ResourceManager::userHasResourcePermissions($this->user, 'autor')
ResourceManager::userHasResourcePermissions($this->user, 'autor')
); );
$this->show_admin_actions = ( $this->show_admin_actions = (
$this->user_is_global_resource_admin $this->user_is_global_resource_admin
|| || ResourceManager::userHasResourcePermissions($this->user)
ResourceManager::userHasResourcePermissions($this->user)
); );
$this->show_global_admin_actions = $this->user_is_global_resource_admin; $this->show_global_admin_actions = $this->user_is_global_resource_admin;
} }
public function index_action() public function index_action()
...@@ -61,10 +59,10 @@ class RoomManagement_OverviewController extends AuthenticatedController ...@@ -61,10 +59,10 @@ class RoomManagement_OverviewController extends AuthenticatedController
Navigation::activateItem('/resources/overview'); Navigation::activateItem('/resources/overview');
} }
$sufficient_permissions = $sufficient_permissions = (
ResourceManager::userHasGlobalPermission($this->user) $this->user_is_global_resource_user
|| || ResourceManager::userHasResourcePermissions($this->user, 'user')
ResourceManager::userHasResourcePermissions($this->user, 'user'); );
if (!$sufficient_permissions) { if (!$sufficient_permissions) {
throw new AccessDeniedException(); throw new AccessDeniedException();
} }
...@@ -97,14 +95,12 @@ class RoomManagement_OverviewController extends AuthenticatedController ...@@ -97,14 +95,12 @@ class RoomManagement_OverviewController extends AuthenticatedController
$tree_selected_resource = null; $tree_selected_resource = null;
if ($this->user_is_global_resource_admin) { if ($this->user_is_global_resource_admin) {
if (ResourceManager::userHasGlobalPermission($this->user, 'admin')){
$locations = Location::findAll(); $locations = Location::findAll();
if ($locations) { if ($locations) {
$sidebar->addWidget( $sidebar->addWidget(
new ResourceTreeWidget($locations) new ResourceTreeWidget($locations)
); );
} }
}
$tree_selected_resource = Request::get('tree_selected_resource'); $tree_selected_resource = Request::get('tree_selected_resource');
if ($tree_selected_resource) { if ($tree_selected_resource) {
...@@ -131,10 +127,9 @@ class RoomManagement_OverviewController extends AuthenticatedController ...@@ -131,10 +127,9 @@ class RoomManagement_OverviewController extends AuthenticatedController
if (!$tree_selected_resource && $this->room_requests_activated) { if (!$tree_selected_resource && $this->room_requests_activated) {
if (Config::get()->RESOURCES_DISPLAY_CURRENT_REQUESTS_IN_OVERVIEW) { if (Config::get()->RESOURCES_DISPLAY_CURRENT_REQUESTS_IN_OVERVIEW) {
$this->display_current_requests = true; $this->display_current_requests = true;
$this->current_user = User::findCurrent();
//Load a list with the current room requests: //Load a list with the current room requests:
if (ResourceManager::userHasGlobalPermission($this->current_user, 'admin')) { if ($this->user_is_global_resource_admin) {
//Global resource admins can see all room requests. //Global resource admins can see all room requests.
//Get the 10 latest requests: //Get the 10 latest requests:
$room_requests = RoomRequest::findBySql( $room_requests = RoomRequest::findBySql(
...@@ -146,7 +141,7 @@ class RoomManagement_OverviewController extends AuthenticatedController ...@@ -146,7 +141,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
//Users who aren't global resource admins see only the requests //Users who aren't global resource admins see only the requests
//of the rooms where they have at least 'autor' permissions. //of the rooms where they have at least 'autor' permissions.
$rooms = RoomManager::getUserRooms( $rooms = RoomManager::getUserRooms(
$this->current_user, $this->user,
'autor' 'autor'
); );
$room_ids = []; $room_ids = [];
...@@ -329,7 +324,7 @@ class RoomManagement_OverviewController extends AuthenticatedController ...@@ -329,7 +324,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
public function rooms_action() public function rooms_action()
{ {
if (ResourceManager::userHasGlobalPermission($this->user)) { if ($this->user_is_global_resource_user) {
PageLayout::setTitle(_('Übersicht über alle Räume')); PageLayout::setTitle(_('Übersicht über alle Räume'));
} else { } else {
PageLayout::setTitle(_('Meine Räume')); PageLayout::setTitle(_('Meine Räume'));
...@@ -345,8 +340,7 @@ class RoomManagement_OverviewController extends AuthenticatedController ...@@ -345,8 +340,7 @@ class RoomManagement_OverviewController extends AuthenticatedController
//Check permissions: //Check permissions:
$sufficient_permissions = ( $sufficient_permissions = (
$this->user_is_global_resource_user $this->user_is_global_resource_user
|| || ResourceManager::userHasResourcePermissions($this->user, 'user')
ResourceManager::userHasResourcePermissions($this->user, 'user')
); );
if (!$sufficient_permissions) { if (!$sufficient_permissions) {
throw new AccessDeniedException(); throw new AccessDeniedException();
......
...@@ -845,12 +845,16 @@ class ResourceManager ...@@ -845,12 +845,16 @@ class ResourceManager
* This method does the mapping from the old resource management permissions * This method does the mapping from the old resource management permissions
* to the new resource management permissions. * to the new resource management permissions.
*/ */
public static function getGlobalResourcePermission(User $user) public static function getGlobalResourcePermission(User $user = null)
{ {
if (!$user) {
return '';
}
global $perm; global $perm;
//First we check if the user is a root user: //First we check if the user is a root user:
if ($perm->get_perm($user->id) == 'root') { if ($perm->get_perm($user->id) === 'root') {
return 'admin'; return 'admin';
} }
...@@ -886,11 +890,15 @@ class ResourceManager ...@@ -886,11 +890,15 @@ class ResourceManager
* If this is not set the current timestamp will be used. * If this is not set the current timestamp will be used.
*/ */
public static function userHasResourcePermissions( public static function userHasResourcePermissions(
User $user, User $user = null,
$level = 'admin', $level = 'admin',
$time = null $time = null
) )
{ {
if (!$user) {
return false;
}
//Get all permissions and temporary permissions of the user: //Get all permissions and temporary permissions of the user:
$permissions = ResourcePermission::findBySQL( $permissions = ResourcePermission::findBySQL(
...@@ -1062,16 +1070,14 @@ class ResourceManager ...@@ -1062,16 +1070,14 @@ class ResourceManager
* Checks if the specified user has the specified permission level * Checks if the specified user has the specified permission level
* for the resource management system. * for the resource management system.
* *
* @param User $user The user whose global resource permissions * @param User|null $user The user whose global resource permissions shall be checked.
* shall be checked. * @param string $requested_permission The required permission level for the user.
* @param string $requested_permission The required permission level
* for the user.
* *
* @returns bool True, if the user has the required permission level, * @returns bool True, if the user has the required permission level,
* false otherwise. * false otherwise.
*/ */
public static function userHasGlobalPermission( public static function userHasGlobalPermission(
User $user, User $user = null,
$requested_permission = 'user' $requested_permission = 'user'
) )
{ {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment