From 31480dbdf30e1b656ea702604f142aa5ee531da2 Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Tue, 5 Nov 2024 08:10:15 +0000
Subject: [PATCH] correct calls to StructualElement::canRead(), fixes #4815

Closes #4815

Merge request studip/studip!3605
---
 app/controllers/courseware/lti.php                  | 2 +-
 lib/classes/globalsearch/GlobalSearchCourseware.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/courseware/lti.php b/app/controllers/courseware/lti.php
index 7792051d953..93159cc61dd 100644
--- a/app/controllers/courseware/lti.php
+++ b/app/controllers/courseware/lti.php
@@ -11,7 +11,7 @@ class Courseware_LtiController extends AuthenticatedController
     public function iframe_action($block_id)
     {
         $cw_block = \Courseware\Block::find($block_id);
-        if (!$cw_block->container->structural_element->canRead($GLOBALS['user']->id)) {
+        if (!$cw_block->container->structural_element->canRead(User::findCurrent())) {
             throw new AccessDeniedException();
         }
 
diff --git a/lib/classes/globalsearch/GlobalSearchCourseware.php b/lib/classes/globalsearch/GlobalSearchCourseware.php
index de069fe887e..1d34ad7a4f9 100644
--- a/lib/classes/globalsearch/GlobalSearchCourseware.php
+++ b/lib/classes/globalsearch/GlobalSearchCourseware.php
@@ -118,7 +118,7 @@ class GlobalSearchCourseware extends GlobalSearchModule implements GlobalSearchF
     {
         $structural_element = StructuralElement::find($data['id']);
         $unit = $structural_element->findUnit();
-        if ($unit && $structural_element->canRead($GLOBALS['user'])) {
+        if ($unit && $structural_element->canRead(User::findCurrent())) {
             $description = '';
             if ($data['type'] === 'cw_structural_elements') {
                 $description = self::mark($structural_element->payload['description'], $search, true);
-- 
GitLab