From f7e75f5649318e3324bd1273e8959656b0118e29 Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Mon, 15 May 2023 08:44:50 +0000
Subject: [PATCH] connect oer share action with configurable perms, fixes #2638

Closes #2638

Merge request studip/studip!1795
---
 app/controllers/file.php        | 6 +++++-
 lib/filesystem/StandardFile.php | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/app/controllers/file.php b/app/controllers/file.php
index e7378aab2cd..4895eabc4a0 100644
--- a/app/controllers/file.php
+++ b/app/controllers/file.php
@@ -503,7 +503,11 @@ class FileController extends AuthenticatedController
 
         $this->folder = $this->file->getFoldertype();
 
-        if (!$this->folder || !$this->folder->isFileEditable($this->file->getId(), $GLOBALS['user']->id)) {
+        if (
+            !$this->folder
+            || !$this->folder->isFileEditable($this->file->getId(), $GLOBALS['user']->id)
+            || !$GLOBALS['perm']->have_perm(Config::get()->OER_PUBLIC_STATUS)
+        ) {
             throw new AccessDeniedException();
         }
 
diff --git a/lib/filesystem/StandardFile.php b/lib/filesystem/StandardFile.php
index 371f0416691..4547d37c0f7 100644
--- a/lib/filesystem/StandardFile.php
+++ b/lib/filesystem/StandardFile.php
@@ -294,7 +294,11 @@ class StandardFile implements FileType, ArrayAccess, StandardFileInterface
                 'link-to-clipboard'
             );
         }
-        if ($this->isEditable($GLOBALS['user']->id) && Config::get()->OERCAMPUS_ENABLED) {
+        if (
+            $this->isEditable($GLOBALS['user']->id)
+            && Config::get()->OERCAMPUS_ENABLED
+            && $GLOBALS['perm']->have_perm(Config::get()->OER_PUBLIC_STATUS)
+        ) {
             $actionMenu->addLink(
                 URLHelper::getURL('dispatch.php/file/share_oer/' . $this->fileref->id),
                 _('Im OER Campus veröffentlichen'),
-- 
GitLab