Skip to content
Snippets Groups Projects
Commit 20bc39a5 authored by Jan-Hendrik Willms's avatar Jan-Hendrik Willms Committed by Jan-Hendrik Willms
Browse files

fix access to institute administration, fixes #4458

Closes #4458

Merge request studip/studip!3243
parent 0e78bb5d
No related branches found
No related tags found
No related merge requests found
...@@ -100,13 +100,12 @@ class Course_ContentmodulesController extends AuthenticatedController ...@@ -100,13 +100,12 @@ class Course_ContentmodulesController extends AuthenticatedController
public function trigger_action() public function trigger_action()
{ {
$context = Context::get(); $context = Context::get();
if (!$context->isEditableByUser()) {
$required_perm = $context->getRangeType() === 'course' ? 'tutor' : 'admin';
if (!$GLOBALS['perm']->have_studip_perm($required_perm, $context->id)) {
throw new AccessDeniedException(); throw new AccessDeniedException();
} }
if (Request::isPost()) { if (Request::isPost()) {
if ($context->getRangeType() === 'course') { if ($context instanceof Course) {
$sem_class = $context->getSemClass(); $sem_class = $context->getSemClass();
} else { } else {
$sem_class = SemClass::getDefaultInstituteClass($context->type); $sem_class = SemClass::getDefaultInstituteClass($context->type);
...@@ -128,6 +127,7 @@ class Course_ContentmodulesController extends AuthenticatedController ...@@ -128,6 +127,7 @@ class Course_ContentmodulesController extends AuthenticatedController
$this->redirect("course/contentmodules/trigger", ['cid' => $context->getId(), 'plugin_id' => $module->getPluginId()]); $this->redirect("course/contentmodules/trigger", ['cid' => $context->getId(), 'plugin_id' => $module->getPluginId()]);
return; return;
} }
$active_tool = ToolActivation::find([$context->id, Request::int('plugin_id')]); $active_tool = ToolActivation::find([$context->id, Request::int('plugin_id')]);
$template = $GLOBALS['template_factory']->open('tabs.php'); $template = $GLOBALS['template_factory']->open('tabs.php');
$template->navigation = Navigation::getItem('/course'); $template->navigation = Navigation::getItem('/course');
...@@ -141,11 +141,10 @@ class Course_ContentmodulesController extends AuthenticatedController ...@@ -141,11 +141,10 @@ class Course_ContentmodulesController extends AuthenticatedController
public function reorder_action() public function reorder_action()
{ {
$context = Context::get(); $context = Context::get();
if (!$context->isEditableByUser()) {
$required_perm = $context->getRangeType() === 'course' ? 'tutor' : 'admin';
if (!$GLOBALS['perm']->have_studip_perm($required_perm, $context->id)) {
throw new AccessDeniedException(); throw new AccessDeniedException();
} }
if (Request::isPost()) { if (Request::isPost()) {
$position = 0; $position = 0;
foreach (Request::getArray('order') as $plugin_id) { foreach (Request::getArray('order') as $plugin_id) {
...@@ -156,6 +155,7 @@ class Course_ContentmodulesController extends AuthenticatedController ...@@ -156,6 +155,7 @@ class Course_ContentmodulesController extends AuthenticatedController
$this->redirect($this->reorderURL()); $this->redirect($this->reorderURL());
return; return;
} }
Navigation::getItem('/course/admin')->setActive(true); Navigation::getItem('/course/admin')->setActive(true);
$template = $GLOBALS['template_factory']->open('tabs.php'); $template = $GLOBALS['template_factory']->open('tabs.php');
$template->navigation = Navigation::getItem('/course'); $template->navigation = Navigation::getItem('/course');
...@@ -169,12 +169,12 @@ class Course_ContentmodulesController extends AuthenticatedController ...@@ -169,12 +169,12 @@ class Course_ContentmodulesController extends AuthenticatedController
if (!Request::isPost()) { if (!Request::isPost()) {
throw new AccessDeniedException(); throw new AccessDeniedException();
} }
$context = Context::get();
$required_perm = $context->getRangeType() === 'course' ? 'tutor' : 'admin'; $context = Context::get();
if (!$GLOBALS['perm']->have_studip_perm($required_perm, $context->id)) { if (!$context->isEditableByUser()) {
throw new AccessDeniedException(); throw new AccessDeniedException();
} }
$moduleclass = Request::get('moduleclass'); $moduleclass = Request::get('moduleclass');
$module = new $moduleclass; $module = new $moduleclass;
...@@ -207,15 +207,15 @@ class Course_ContentmodulesController extends AuthenticatedController ...@@ -207,15 +207,15 @@ class Course_ContentmodulesController extends AuthenticatedController
public function rename_action($module_id) public function rename_action($module_id)
{ {
$context = Context::get(); $context = Context::get();
if (!$context->isEditableByUser()) {
$required_perm = $context->getRangeType() === 'course' ? 'tutor' : 'admin';
if (!$GLOBALS['perm']->have_studip_perm($required_perm, $context->id)) {
throw new AccessDeniedException(); throw new AccessDeniedException();
} }
$this->module = PluginManager::getInstance()->getPluginById($module_id); $this->module = PluginManager::getInstance()->getPluginById($module_id);
$this->metadata = $this->module->getMetadata(); $this->metadata = $this->module->getMetadata();
PageLayout::setTitle(_('Werkzeug umbenennen')); PageLayout::setTitle(_('Werkzeug umbenennen'));
$this->tool = ToolActivation::find([$context->id, $module_id]); $this->tool = ToolActivation::find([$context->id, $module_id]);
if (Request::isPost()) { if (Request::isPost()) {
$metadata = $this->tool->metadata->getArrayCopy(); $metadata = $this->tool->metadata->getArrayCopy();
if (!trim(Request::get('displayname')) || Request::submitted('delete')) { if (!trim(Request::get('displayname')) || Request::submitted('delete')) {
...@@ -358,8 +358,5 @@ class Course_ContentmodulesController extends AuthenticatedController ...@@ -358,8 +358,5 @@ class Course_ContentmodulesController extends AuthenticatedController
} catch (Exception $e) { } catch (Exception $e) {
return null; return null;
} }
} }
} }
...@@ -311,10 +311,11 @@ class Institute extends SimpleORMap implements Range ...@@ -311,10 +311,11 @@ class Institute extends SimpleORMap implements Range
public function isEditableByUser($user_id = null): bool public function isEditableByUser($user_id = null): bool
{ {
if ($user_id === null) { if ($user_id === null) {
$user_id = $GLOBALS['user']->id; $user_id = User::findCurrent()->id;
} }
$member = $this->members->findOneBy('user_id', $user_id); $member = $this->members->findOneBy('user_id', $user_id);
return ($member && in_array($member->inst_perms, ['tutor', 'dozent', 'admin'])) return ($member && $member->inst_perms === 'admin')
|| User::find($user_id)->perms === 'root'; || User::find($user_id)->perms === 'root';
} }
......
...@@ -24,15 +24,38 @@ class CoreAdmin extends CorePlugin implements StudipModule ...@@ -24,15 +24,38 @@ class CoreAdmin extends CorePlugin implements StudipModule
*/ */
public function getTabNavigation($course_id) public function getTabNavigation($course_id)
{ {
if ($GLOBALS['perm']->have_studip_perm('tutor', $course_id)) { $range = RangeFactory::find($course_id);
$navigation = new Navigation(_('Verwaltung'));
$navigation->setImage(Icon::create('admin', Icon::ROLE_INFO_ALT)); // Given range is invalid, leave early
$navigation->setActiveImage(Icon::create('admin', Icon::ROLE_INFO)); if (!$range) {
return [];
}
// Special case: Tutors of institutes may manage votes
if (
Config::get()->VOTE_ENABLE
&& $range instanceof Institute
&& !$range->isEditableByUser()
&& Seminar_Perm::get()->have_studip_perm('tutor', $range->id)
) {
$navigation = $this->getRootNavigation();
$this->addVoteNavigation($navigation);
return ['admin' => $navigation];
}
// User may not edit this range
if (!$range->isEditableByUser()) {
return [];
}
// Build regular admin navigation
$navigation = $this->getRootNavigation();
$main = new Navigation(_('Werkzeuge'), 'dispatch.php/course/contentmodules'); $main = new Navigation(_('Werkzeuge'), 'dispatch.php/course/contentmodules');
$navigation->addSubNavigation('contentmodules', $main); $navigation->addSubNavigation('contentmodules', $main);
if (!Context::isInstitute()) { if ($range instanceof Course) {
$item = new Navigation(_('Grunddaten'), 'dispatch.php/course/basicdata/view/' . $course_id); $item = new Navigation(_('Grunddaten'), 'dispatch.php/course/basicdata/view/' . $course_id);
$item->setImage(Icon::create('edit')); $item->setImage(Icon::create('edit'));
$item->setDescription(_('Bearbeiten der Grundeinstellungen dieser Veranstaltung.')); $item->setDescription(_('Bearbeiten der Grundeinstellungen dieser Veranstaltung.'));
...@@ -48,8 +71,7 @@ class CoreAdmin extends CorePlugin implements StudipModule ...@@ -48,8 +71,7 @@ class CoreAdmin extends CorePlugin implements StudipModule
$item->setDescription(_('Zuordnung dieser Veranstaltung zu Studienbereichen für die Darstellung im Verzeichnis aller Veranstaltungen.')); $item->setDescription(_('Zuordnung dieser Veranstaltung zu Studienbereichen für die Darstellung im Verzeichnis aller Veranstaltungen.'));
$navigation->addSubNavigation('study_areas', $item); $navigation->addSubNavigation('study_areas', $item);
$current_course = Course::find($course_id); if ($range->getSemClass()['module']) {
if ($current_course && $current_course->getSemClass()->offsetGet('module')) {
$item = new Navigation(_('LV-Gruppen'), 'dispatch.php/course/lvgselector/index/' . $course_id, ['list' => 'TRUE']); $item = new Navigation(_('LV-Gruppen'), 'dispatch.php/course/lvgselector/index/' . $course_id, ['list' => 'TRUE']);
$item->setImage(Icon::create('learnmodule')); $item->setImage(Icon::create('learnmodule'));
$item->setDescription(_('Zuordnung der Veranstaltung zu Lehrveranstaltungsgruppen um die Einordnung innerhalb des Modulverzeichnisses festzulegen.')); $item->setDescription(_('Zuordnung der Veranstaltung zu Lehrveranstaltungsgruppen um die Einordnung innerhalb des Modulverzeichnisses festzulegen.'));
...@@ -73,12 +95,8 @@ class CoreAdmin extends CorePlugin implements StudipModule ...@@ -73,12 +95,8 @@ class CoreAdmin extends CorePlugin implements StudipModule
} // endif modules only seminars } // endif modules only seminars
if ($GLOBALS['perm']->have_studip_perm('tutor', $course_id)) {
if (Config::get()->VOTE_ENABLE) { if (Config::get()->VOTE_ENABLE) {
$item = new Navigation(_('Fragebögen'), 'dispatch.php/questionnaire/courseoverview'); $this->addVoteNavigation($navigation);
$item->setImage(Icon::create('vote'));
$item->setDescription(_('Erstellen und bearbeiten von Fragebögen.'));
$navigation->addSubNavigation('questionnaires', $item);
} }
if (Config::get()->EVAL_ENABLE) { if (Config::get()->EVAL_ENABLE) {
$item = new Navigation(_('Evaluationen'), 'admin_evaluation.php?view=eval_sem'); $item = new Navigation(_('Evaluationen'), 'admin_evaluation.php?view=eval_sem');
...@@ -86,15 +104,13 @@ class CoreAdmin extends CorePlugin implements StudipModule ...@@ -86,15 +104,13 @@ class CoreAdmin extends CorePlugin implements StudipModule
$item->setDescription(_('Richten Sie fragebogenbasierte Umfragen und Lehrevaluationen ein.')); $item->setDescription(_('Richten Sie fragebogenbasierte Umfragen und Lehrevaluationen ein.'));
$navigation->addSubNavigation('evaluation', $item); $navigation->addSubNavigation('evaluation', $item);
} }
}
/* /*
* Is the current SemClass available for grouping other courses? * Is the current SemClass available for grouping other courses?
* -> show child management * -> show child management
*/ */
$course = Course::find($course_id); if ($range instanceof Course) {
if ($course) { $c = $range->getSemClass();
$c = $course->getSemClass();
if ($c->isGroup()) { if ($c->isGroup()) {
$item = new Navigation(_('Unterveranstaltungen'), 'dispatch.php/course/grouping/children'); $item = new Navigation(_('Unterveranstaltungen'), 'dispatch.php/course/grouping/children');
...@@ -120,9 +136,6 @@ class CoreAdmin extends CorePlugin implements StudipModule ...@@ -120,9 +136,6 @@ class CoreAdmin extends CorePlugin implements StudipModule
} }
return ['admin' => $navigation]; return ['admin' => $navigation];
} else {
return [];
}
} }
/** /**
...@@ -145,4 +158,20 @@ class CoreAdmin extends CorePlugin implements StudipModule ...@@ -145,4 +158,20 @@ class CoreAdmin extends CorePlugin implements StudipModule
// TODO: Implement getInfoTemplate() method. // TODO: Implement getInfoTemplate() method.
return null; return null;
} }
private function getRootNavigation(): Navigation
{
$navigation = new Navigation(_('Verwaltung'));
$navigation->setImage(Icon::create('admin', Icon::ROLE_INFO_ALT));
$navigation->setActiveImage(Icon::create('admin', Icon::ROLE_INFO));
return $navigation;
}
private function addVoteNavigation(Navigation &$navigation): void
{
$item = new Navigation(_('Fragebögen'), 'dispatch.php/questionnaire/courseoverview');
$item->setImage(Icon::create('vote'));
$item->setDescription(_('Erstellen und bearbeiten von Fragebögen.'));
$navigation->addSubNavigation('questionnaires', $item);
}
} }
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment