diff --git a/app/controllers/admin/courses.php b/app/controllers/admin/courses.php
index 11f9ced9c6195d176b114b9b2567919190f3d4ef..3a7812675a171fd63f27e0de49c8c6cb7a3b166b 100644
--- a/app/controllers/admin/courses.php
+++ b/app/controllers/admin/courses.php
@@ -279,7 +279,7 @@ class Admin_CoursesController extends AuthenticatedController
//delete all temporary permission changes
if (is_array($_SESSION)) {
foreach (array_keys($_SESSION) as $key) {
- if (mb_strpos($key, 'seminar_change_view_') !== false) {
+ if (strpos($key, 'seminar_change_view_') === 0) {
unset($_SESSION[$key]);
}
}
diff --git a/app/controllers/course/change_view.php b/app/controllers/course/change_view.php
index e22b8f141d0fb94a6df63b0f08c38ff8548c45d6..58cc9957880b4821964df53475643d99153f8e61 100644
--- a/app/controllers/course/change_view.php
+++ b/app/controllers/course/change_view.php
@@ -33,7 +33,7 @@ class Course_ChangeViewController extends AuthenticatedController
public function set_changed_view_action()
{
if (!$GLOBALS['perm']->have_studip_perm('tutor', $this->course_id)) {
- throw new Trails_Exception(400);
+ throw new AccessDeniedException();
}
$_SESSION["seminar_change_view_{$this->course_id}"] = 'autor';
$this->relocate('course/overview');
@@ -47,13 +47,6 @@ class Course_ChangeViewController extends AuthenticatedController
*/
public function reset_changed_view_action()
{
- /*
- * We need to check the real database entry here because $perm would
- * only return the simulated rights.
- */
- if (!CourseMember::findByCourseAndStatus($this->course_id, ['tutor', 'dozent'])) {
- throw new Trails_Exception(400);
- }
unset($_SESSION["seminar_change_view_{$this->course_id}"]);
$this->relocate('course/management');
}
diff --git a/app/controllers/course/management.php b/app/controllers/course/management.php
index 528db7e989655962e8d2be0376ce480bf9705cde..2f8bc7b2d621da9fb470d20060cfb4c31fa421aa 100644
--- a/app/controllers/course/management.php
+++ b/app/controllers/course/management.php
@@ -25,7 +25,7 @@ class Course_ManagementController extends AuthenticatedController
parent::before_filter($action, $args);
if (!$GLOBALS['perm']->have_studip_perm("tutor", $GLOBALS['SessionSeminar'])) {
- throw new Trails_Exception(400);
+ throw new AccessDeniedException();
}
if (Context::isCourse()) {
$sem_class = $GLOBALS['SEM_CLASS'][$GLOBALS['SEM_TYPE'][Context::get()->status]['class']] ?: SemClass::getDefaultSemClass();
@@ -97,13 +97,12 @@ class Course_ManagementController extends AuthenticatedController
)->asDialog('size=auto');
}
}
- if (in_array($GLOBALS['perm']->get_studip_perm($course->id), words('tutor dozent'))) {
- $actions->addLink(
- _('Studierendenansicht simulieren'),
- URLHelper::getURL('dispatch.php/course/change_view/set_changed_view'),
- Icon::create('visibility-invisible')
- );
- }
+
+ $actions->addLink(
+ _('Studierendenansicht simulieren'),
+ URLHelper::getURL('dispatch.php/course/change_view/set_changed_view'),
+ Icon::create('visibility-invisible')
+ );
$sidebar->addWidget($actions);
diff --git a/lib/phplib/Seminar_Perm.class.php b/lib/phplib/Seminar_Perm.class.php
index b78d95fcd68fae121b5a7a473cb8b70e38fb988c..e8469838e7fe3d16333baf11c59fb1f95a3fa55f 100644
--- a/lib/phplib/Seminar_Perm.class.php
+++ b/lib/phplib/Seminar_Perm.class.php
@@ -144,7 +144,7 @@ class Seminar_Perm
}
}
if ($user_perm == "root") {
- return "root";
+ $status = "root";
} elseif ($user_perm == "admin") {
if (Config::get()->ALLOW_ADMIN_RELATED_INST) {
$sem_inst = 'seminar_inst';
@@ -180,25 +180,23 @@ class Seminar_Perm
}
}
+ if (isset($_SESSION['seminar_change_view_' . $range_id])) {
+ $status = $_SESSION['seminar_change_view_' . $range_id];
+ }
+
if ($status) {
return $status;
}
if (Config::get()->DEPUTIES_ENABLE && Deputy::isDeputy($user_id, $range_id)) {
- if ($_SESSION['seminar_change_view_' . $range_id]) {
- $status = $_SESSION['seminar_change_view_' . $range_id];
- } else {
- $status = 'dozent';
- }
+ $status = 'dozent';
} else {
$st = $db->prepare("SELECT status FROM seminar_user
WHERE user_id = ? AND Seminar_id = ?");
$st->execute([$user_id, $range_id]);
- if ($status = $st->fetchColumn()) {
- if (in_array($status, words('dozent tutor')) && isset($_SESSION['seminar_change_view_' . $range_id])) {
- $status = $_SESSION['seminar_change_view_' . $range_id];
- }
- } else {
+ $status = $st->fetchColumn();
+
+ if (!$status) {
$st = $db->prepare("SELECT inst_perms FROM user_inst
WHERE user_id = ? AND Institut_id = ?");
$st->execute([$user_id, $range_id]);
diff --git a/templates/layouts/base.php b/templates/layouts/base.php
index 2d0a8d1a4ea825c9c742ea44f0cca4539e1a53dd..52b709bda71048d6e37ec40fda718c61fc841a16 100644
--- a/templates/layouts/base.php
+++ b/templates/layouts/base.php
@@ -111,7 +111,7 @@ $getInstalledLanguages = function () {
(Navigation::hasItem('/admin/institute') && Navigation::getItem('/admin/institute')->isActive())); ?>
<div id="layout_page" <? if (!($contextable)) echo 'class="contextless"'; ?>>
- <? if (PageLayout::isHeaderEnabled() && is_object($GLOBALS['user']) && $GLOBALS['user']->id != 'nobody' && Navigation::hasItem('/course') && Navigation::getItem('/course')->isActive() && $_SESSION['seminar_change_view_'.Context::getId()]) : ?>
+ <? if (PageLayout::isHeaderEnabled() && Navigation::hasItem('/course') && Navigation::getItem('/course')->isActive() && $_SESSION['seminar_change_view_'.Context::getId()]) : ?>
<?= $this->render_partial('change_view', ['changed_status' => $_SESSION['seminar_change_view_'.Context::getId()]]) ?>
<? endif ?>