From 17b24ac5da280a20368942a3f933130d97ec2554 Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Mon, 8 Jul 2024 17:50:06 +0000
Subject: [PATCH] split display and booking action into two separate actions,
 fixes #3771

Closes #3771

Merge request studip/studip!3180
---
 app/controllers/consultation/admin.php | 29 ++++++++++++++------------
 app/views/consultation/admin/book.php  |  2 +-
 2 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/app/controllers/consultation/admin.php b/app/controllers/consultation/admin.php
index a1f16c549bf..1a831247639 100644
--- a/app/controllers/consultation/admin.php
+++ b/app/controllers/consultation/admin.php
@@ -394,24 +394,27 @@ class Consultation_AdminController extends ConsultationController
                 'sem_perm'   => $permissions,
             ]);
         }
+    }
 
-        if (Request::isPost()) {
-            CSRFProtection::verifyUnsafeRequest();
+    public function store_booking_action($block_id, $slot_id, $page = 0): void
+    {
+        CSRFProtection::verifyUnsafeRequest();
 
-            if ($this->slot->isOccupied()) {
-                PageLayout::postError(_('Dieser Termin ist bereits belegt.'));
-            } else {
-                $booking = new ConsultationBooking();
-                $booking->slot_id = $this->slot->id;
-                $booking->user_id = Request::option('user_id');
-                $booking->reason  = trim(Request::get('reason'));
-                $booking->store();
+        $slot = $this->loadSlot($block_id, $slot_id);
 
-                PageLayout::postSuccess(_('Der Termin wurde reserviert.'));
-            }
+        if ($slot->isOccupied()) {
+            PageLayout::postError(_('Dieser Termin ist bereits belegt.'));
+        } else {
+            $booking = new ConsultationBooking();
+            $booking->slot_id = $slot->id;
+            $booking->user_id = Request::option('user_id');
+            $booking->reason  = trim(Request::get('reason'));
+            $booking->store();
 
-            $this->redirect("consultation/admin/index/{$page}#slot-{$this->slot->id}");
+            PageLayout::postSuccess(_('Der Termin wurde reserviert.'));
         }
+
+        $this->redirect("consultation/admin/index/{$page}#slot-{$slot->id}");
     }
 
     public function edit_action($block_id, $page = 0)
diff --git a/app/views/consultation/admin/book.php b/app/views/consultation/admin/book.php
index a5a4371bd31..9e2fa9172dc 100644
--- a/app/views/consultation/admin/book.php
+++ b/app/views/consultation/admin/book.php
@@ -5,7 +5,7 @@
  * @var int $page
  */
 ?>
-<form action="<?= $controller->book($slot->block, $slot, $page) ?>" method="post" class="default">
+<form action="<?= $controller->store_booking($slot->block, $slot, $page) ?>" method="post" class="default">
     <?= CSRFProtection::tokenTag() ?>
 
     <fieldset>
-- 
GitLab