From 3f13e0c2e70dc88a937f23bc34631b2a31f51a2a Mon Sep 17 00:00:00 2001
From: noackorama <noackorama@gmail.com>
Date: Wed, 5 May 2021 12:56:21 +0200
Subject: [PATCH] check dozent permission when used with DedicatedAdmin
---
controllers/copy.php | 30 ++++++++++++++++++------------
plugin.manifest | 2 +-
views/action/checkbox.php | 4 +++-
views/copy/info.php | 27 ++++++++++++++-------------
4 files changed, 36 insertions(+), 27 deletions(-)
diff --git a/controllers/copy.php b/controllers/copy.php
index 148dcb0..77c23e7 100755
--- a/controllers/copy.php
+++ b/controllers/copy.php
@@ -4,22 +4,28 @@ class CopyController extends PluginController
{
public function info_action()
{
- PageLayout::setTitle(_("Wie soll kopiert werden?"));
- $this->dozentensearch = new SQLSearch(
- "SELECT DISTINCT auth_user_md5.user_id, CONCAT(auth_user_md5.Vorname, \" \", auth_user_md5.Nachname), auth_user_md5.perms, auth_user_md5.username " .
- "FROM auth_user_md5 LEFT JOIN user_info ON (user_info.user_id = auth_user_md5.user_id) " .
- "WHERE (CONCAT(auth_user_md5.Vorname, \" \", auth_user_md5.Nachname) LIKE :input " .
+ if (Request::getArray("c")) {
+ PageLayout::setTitle(_("Wie soll kopiert werden?"));
+ $this->dozentensearch = new SQLSearch(
+ "SELECT DISTINCT auth_user_md5.user_id, CONCAT(auth_user_md5.Vorname, \" \", auth_user_md5.Nachname), auth_user_md5.perms, auth_user_md5.username " .
+ "FROM auth_user_md5 LEFT JOIN user_info ON (user_info.user_id = auth_user_md5.user_id) " .
+ "WHERE (CONCAT(auth_user_md5.Vorname, \" \", auth_user_md5.Nachname) LIKE :input " .
"OR CONCAT(auth_user_md5.Nachname, \" \", auth_user_md5.Vorname) LIKE :input " .
"OR CONCAT(auth_user_md5.Nachname, \", \", auth_user_md5.Vorname) LIKE :input " .
"OR auth_user_md5.username LIKE :input) " .
"AND " . get_vis_query() . " " .
"AND auth_user_md5.perms = 'dozent' " .
- "ORDER BY Vorname, Nachname", _("Lehrendennamen eingeben"), "user_id");
- $this->semesters = array_reverse(Semester::getAll());
- $this->semester = UserConfig::get($GLOBALS['user']->id)->COURSECOPY_SETTINGS_SEMESTER_ID
- ? Semester::find(UserConfig::get($GLOBALS['user']->id)->COURSECOPY_SETTINGS_SEMESTER_ID)
- : $this->semesters[0];
- $this->have_coursegroups = true;
+ "ORDER BY Vorname, Nachname", _("Lehrendennamen eingeben"), "user_id");
+ $this->semesters = array_reverse(Semester::getAll());
+ $this->semester = UserConfig::get($GLOBALS['user']->id)->COURSECOPY_SETTINGS_SEMESTER_ID
+ ? Semester::find(UserConfig::get($GLOBALS['user']->id)->COURSECOPY_SETTINGS_SEMESTER_ID)
+ : $this->semesters[0];
+ if (Seminar_Perm::get()->have_perm('admin')) {
+ $this->have_coursegroups = true;
+ }
+ } else {
+ throw new Trails_Exception(400);
+ }
}
public function semester_start_und_ende_action($semester_id)
@@ -30,7 +36,7 @@ class CopyController extends PluginController
public function process_action()
{
- if (Request::isPost()) {
+ if (Request::isPost() && count(Request::getArray("c"))) {
$params = [
"semester_id", "dozent_id", "lock_copied_courses",
"invisible_copied_courses", "cycles", "resource_assignments",
diff --git a/plugin.manifest b/plugin.manifest
index 9898ce7..9c73cda 100755
--- a/plugin.manifest
+++ b/plugin.manifest
@@ -1,6 +1,6 @@
pluginname=CourseCopy
pluginclassname=CourseCopy
-version=1.6
+version=1.7
origin=data-quest
studipMinVersion=4.0
studipMaxVersion=4.99.99
diff --git a/views/action/checkbox.php b/views/action/checkbox.php
index b04014d..a65a134 100755
--- a/views/action/checkbox.php
+++ b/views/action/checkbox.php
@@ -1 +1,3 @@
-<input type="checkbox" name="c[]" value="<?= htmlReady($course_id) ?>">
\ No newline at end of file
+<? if (Seminar_Perm::get()->have_studip_perm('dozent', $course_id)) : ?>
+<input type="checkbox" name="c[]" value="<?= htmlReady($course_id) ?>">
+<? endif ?>
\ No newline at end of file
diff --git a/views/copy/info.php b/views/copy/info.php
index df6a66f..492c82d 100755
--- a/views/copy/info.php
+++ b/views/copy/info.php
@@ -20,21 +20,22 @@
<? endforeach ?>
</select>
</label>
-
- <label>
- <?= _("Lehrende ersetzen durch ...") ?>
- <?
- $qs = QuickSearch::get("dozent_id", $dozentensearch);
- if (UserConfig::get($GLOBALS['user']->id)->COURSECOPY_SETTINGS_DOZENT_ID) {
- $qs->defaultValue(
- UserConfig::get($GLOBALS['user']->id)->COURSECOPY_SETTINGS_DOZENT_ID,
- get_fullname(UserConfig::get($GLOBALS['user']->id)->COURSECOPY_SETTINGS_DOZENT_ID)
- );
- }
- echo $qs->render()
- ?>
+ <? if (Seminar_Perm::get()->have_perm('admin')) : ?>
+ <label>
+ <?= _("Lehrende ersetzen durch ...") ?>
+ <?
+ $qs = QuickSearch::get("dozent_id", $dozentensearch);
+ if (UserConfig::get($GLOBALS['user']->id)->COURSECOPY_SETTINGS_DOZENT_ID) {
+ $qs->defaultValue(
+ UserConfig::get($GLOBALS['user']->id)->COURSECOPY_SETTINGS_DOZENT_ID,
+ get_fullname(UserConfig::get($GLOBALS['user']->id)->COURSECOPY_SETTINGS_DOZENT_ID)
+ );
+ }
+ echo $qs->render()
+ ?>
<label>
+ <? endif ?>
<input type="checkbox" name="copy_tutors" value="1"<?= UserConfig::get($GLOBALS['user']->id)->COURSECOPY_SETTINGS_COPY_TUTORS ? " checked" : "" ?>>
<?= _('Tutor/-innen mit übernehmen') ?>
</label>
--
GitLab