Use original policies to access feedback elements and entries.

fc110b22 · Marcus Eibrink-Lunzenauer · 30fe55e4 · fc110b22 · fc110b22
Commit fc110b22 authored 1 year ago by Marcus Eibrink-Lunzenauer
--- a/lib/classes/JsonApi/Routes/Feedback/Authority.php
+++ b/lib/classes/JsonApi/Routes/Feedback/Authority.php
@@ -53,54 +53,33 @@ class Authority
        return self::canShowFeedbackElement($user, $feedbackElement);
    }

-    /**
-     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
-     */
    public static function canCreateFeedbackEntry(User $user, FeedbackElement $element): bool
    {
-        if (!$element->isFeedbackable()) {
-            return false;
-        }
-
-        // TODO: Wann darf ich Feedback Entries schreiben
-        return true;
+        return $element->isFeedbackable($user->getId());
    }

-    /**
-     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
-     */
    public static function canUpdateFeedbackEntry(User $user, FeedbackEntry $entry): bool
    {
-        if (!$entry->isEditable()) {
-            return false;
-        }
-
-        // TODO: Wann darf ich Feedback Entries bearbeiten
-        return true;
+        return $entry->isEditable($user->getId());
    }

    public static function canDeleteFeedbackEntry(User $user, FeedbackEntry $entry): bool
    {
-        return self::canUpdateFeedbackEntry($user, $entry);
+        return $entry->isDeletable($user->getId());
    }

-    /**
-     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
-     */
    public static function canCreateFeedbackElement(User $user, FeedbackRange $range): bool
    {
-        // TODO: Wann darf ich Feedback Elemente anhängen
-        // bisher https://gitlab.studip.de/studip/studip/-/blob/main/lib/classes/Feedback.class.php#L76
-        return true;
+        return $range->isRangeAccessible($user->getId()) &&
+            Feedback::hasCreatePerm($range->getRangeCourseId(), $user->getId());
    }

-    /**
-     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
-     */
    public static function canUpdateFeedbackElement(User $user, FeedbackElement $element): bool
    {
-        // TODO: Wann darf ich Feedback Elemente ändern?
-        return true;
+        $range = $element->getRange();
+
+        return $range->isRangeAccessible($user->getId()) &&
+            Feedback::hasAdminPerm($range->getRangeCourseId(), $user->getId());
    }

    public static function canDeleteFeedbackElement(User $user, FeedbackElement $element): bool

--- a/lib/models/FeedbackEntry.php
+++ b/lib/models/FeedbackEntry.php
@@ -33,16 +33,17 @@ class FeedbackEntry extends SimpleORMap
        parent::configure($config);
    }

-    public function isEditable()
+    public function isEditable(string $user_id = null): bool
    {
-        return $this->user_id === $GLOBALS['user']->id;
+        $user_id = $user_id ?? $GLOBALS['user']->getId();
+
+        return $this->user_id === $user_id;
    }

-    public function isDeletable()
+    public function isDeletable(string $user_id = null): bool
    {
        $deletable = false;
-
-        $user_id = $GLOBALS['user']->id;
+        $user_id = $user_id ?? $GLOBALS['user']->getId();

        if ($this->user_id == $user_id) {
            $deletable = true;