From b64e995dc2760ddab04f51f15794ff55ae744ab0 Mon Sep 17 00:00:00 2001
From: David Siegfried <david.siegfried@uni-vechta.de>
Date: Thu, 15 Dec 2022 14:31:06 +0000
Subject: [PATCH] check perms, closes #1763
Closes #1763
Merge request studip/studip!1248
---
lib/navigation/BrowseNavigation.php | 21 ++++++++++-----------
public/export.php | 4 ++--
2 files changed, 12 insertions(+), 13 deletions(-)
diff --git a/lib/navigation/BrowseNavigation.php b/lib/navigation/BrowseNavigation.php
index 69173041962..6302fb87f75 100644
--- a/lib/navigation/BrowseNavigation.php
+++ b/lib/navigation/BrowseNavigation.php
@@ -54,24 +54,23 @@ class BrowseNavigation extends Navigation
*/
public function initSubNavigation()
{
- global $user, $perm;
-
parent::initSubNavigation();
- $sem_create_perm = in_array(Config::get()->SEM_CREATE_PERM, ['root', 'admin', 'dozent']) ? Config::get()->SEM_CREATE_PERM : 'dozent';
-
// my courses
- if (is_object($user) && $user->id != 'nobody') {
+ if (User::findCurrent()) {
- if ($perm->have_perm('admin')) {
+ if ($GLOBALS['perm']->have_perm('admin')) {
$navigation = new Navigation(_('Administration'));
} else {
$navigation = new Navigation(_('Meine Veranstaltungen'));
}
- $navigation->addSubNavigation('list', new Navigation($perm->have_perm('admin') ? _('Veranstaltungsadministration') : _('Aktuelle Veranstaltungen'), 'dispatch.php/my_courses'));
+ $navigation->addSubNavigation('list', new Navigation(
+ $GLOBALS['perm']->have_perm('admin') ? _('Veranstaltungsadministration') : _('Aktuelle Veranstaltungen'),
+ 'dispatch.php/my_courses'
+ ));
- if ($perm->have_perm('admin')) {
+ if ($GLOBALS['perm']->have_perm('admin')) {
$navigation->addSubNavigation('overlapping', new Navigation(_('Ãœberschneidungsfreiheit'), 'dispatch.php/admin/overlapping'));
$navigation->addSubNavigation('schedule', new Navigation(_('Veranstaltungs-Stundenplan'), 'dispatch.php/admin/courseplanning'));
} else {
@@ -91,7 +90,7 @@ class BrowseNavigation extends Navigation
$this->addSubNavigation('my_studygroups', $navigation);
}
- if (!$perm->have_perm('admin')) {
+ if (!$GLOBALS['perm']->have_perm('admin')) {
$navigation = new Navigation(_('Meine Einrichtungen'), 'dispatch.php/my_institutes');
$this->addSubNavigation('my_institutes', $navigation);
@@ -101,7 +100,7 @@ class BrowseNavigation extends Navigation
}
}
- if ($perm->have_perm('admin') || ($perm->have_perm('dozent') && Config::get()->ALLOW_DOZENT_COURSESET_ADMIN)) {
+ if ($GLOBALS['perm']->have_perm('admin') || ($GLOBALS['perm']->have_perm('dozent') && Config::get()->ALLOW_DOZENT_COURSESET_ADMIN)) {
$navigation = new Navigation(_('Anmeldesets'), 'dispatch.php/admission/courseset/index');
$this->addSubNavigation('coursesets', $navigation);
$navigation->addSubNavigation('sets', new Navigation(_('Anmeldesets verwalten'), 'dispatch.php/admission/courseset/index'));
@@ -110,7 +109,7 @@ class BrowseNavigation extends Navigation
}
// export
- if (Config::get()->EXPORT_ENABLE) {
+ if (Config::get()->EXPORT_ENABLE && $GLOBALS['perm']->have_perm('tutor')) {
$navigation = new Navigation(_('Export'), 'export.php');
$this->addSubNavigation('export', $navigation);
}
diff --git a/public/export.php b/public/export.php
index b24638acd08..9430a68bcbc 100644
--- a/public/export.php
+++ b/public/export.php
@@ -53,9 +53,9 @@ $format = Request::option('format');
$choose = Request::quoted('choose');
$range_id = Request::option('range_id');
-if (($o_mode != "direct") AND ($o_mode != "passthrough"))
+if ($o_mode !== 'direct' && $o_mode !== 'passthrough')
{
- $perm->check("tutor");
+ $GLOBALS['perm']->check('tutor');
include ('lib/seminar_open.php'); // initialise Stud.IP-Session
}
--
GitLab