From 39be220dfa709b1eb1d4a30a56befed08d53f765 Mon Sep 17 00:00:00 2001
From: Moritz Strohm <strohm@data-quest.de>
Date: Thu, 23 Nov 2023 15:46:58 +0000
Subject: [PATCH] prevent temporary permissions to be deleted when managing
 them for one user, re #2158

Merge request studip/studip!2019
---
 app/controllers/resources/resource.php | 48 ++++++++++++++------------
 1 file changed, 25 insertions(+), 23 deletions(-)

diff --git a/app/controllers/resources/resource.php b/app/controllers/resources/resource.php
index 59cd68137b2..47d6b999d92 100644
--- a/app/controllers/resources/resource.php
+++ b/app/controllers/resources/resource.php
@@ -1125,30 +1125,32 @@ class Resources_ResourceController extends AuthenticatedController
                 }
             }
 
-            //Now we must remove all permissions where the resource_id is given
-            //and where the user_id is not in the $user_ids array which has been
-            //filled above.
-            if ($user_ids) {
-                $deleted_permissions = ResourceTemporaryPermission::deleteBySql(
-                    'resource_id = :resource_id
-                    AND
-                    user_id NOT IN ( :user_ids )',
-                    [
-                        'resource_id' => $this->resource_id,
-                        'user_ids' => $user_ids
-                    ]
-                );
-            } else {
-                //In case no user_ids are collected above all permissions
-                //for the resource have to be deleted:
-                $deleted_permissions = ResourceTemporaryPermission::deleteBySQL(
-                    'resource_id = :resource_id',
-                    [
-                        'resource_id' => $this->resource_id,
-                    ]
-                );
+            $deleted_permissions = 0;
+            if (!$this->single_user_mode) {
+                //Now we must remove all permissions where the resource_id is given
+                //and where the user_id is not in the $user_ids array which has been
+                //filled above.
+                if ($user_ids) {
+                    $deleted_permissions = ResourceTemporaryPermission::deleteBySql(
+                        'resource_id = :resource_id
+                        AND
+                        user_id NOT IN ( :user_ids )',
+                        [
+                            'resource_id' => $this->resource_id,
+                            'user_ids' => $user_ids
+                        ]
+                    );
+                } else {
+                    //In case no user_ids are collected above all permissions
+                    //for the resource have to be deleted:
+                    $deleted_permissions = ResourceTemporaryPermission::deleteBySQL(
+                        'resource_id = :resource_id',
+                        [
+                            'resource_id' => $this->resource_id,
+                        ]
+                    );
+                }
             }
-
             if (count($errors)) {
                 PageLayout::postError(
                     _('Die folgenden Fehler traten auf beim Speichern der Berechtigungen:'),
-- 
GitLab