From 599ad99435ac357fd7a9893a25114571550d3dc1 Mon Sep 17 00:00:00 2001
From: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>
Date: Fri, 15 Sep 2023 11:25:49 +0000
Subject: [PATCH] check if the user needs booking rights on the resource, fixes
 #2570

Closes #2570

Merge request studip/studip!2159
---
 .../resources/ResourceBooking.class.php       | 37 ++++++++++++-------
 1 file changed, 24 insertions(+), 13 deletions(-)

diff --git a/lib/models/resources/ResourceBooking.class.php b/lib/models/resources/ResourceBooking.class.php
index 218a3e43091..779c4b5aae3 100644
--- a/lib/models/resources/ResourceBooking.class.php
+++ b/lib/models/resources/ResourceBooking.class.php
@@ -485,21 +485,32 @@ class ResourceBooking extends SimpleORMap implements PrivacyObject, Studip\Calen
             $this->booking_user = User::findCurrent();
         }
 
-        //Check if the user has booking rights on the resource.
-        //The user must have either permanent permissions or they have to
-        //have booking rights by a temporary permission in this moment
-        //(the moment this booking is saved).
         $derived_resource = $this->resource->getDerivedClassInstance();
-        $user_has_booking_rights = $derived_resource->userHasBookingRights(
-            $this->booking_user, $this->begin, $this->end
-        );
-        if (!$user_has_booking_rights) {
-            throw new ResourcePermissionException(
-                sprintf(
-                    _('Unzureichende Berechtigungen zum Buchen der Ressource %s!'),
-                    $this->resource->name
-                )
+
+        // check if the user needs booking rights on the resource
+        if (
+            $this->isFieldDirty('resource_id')
+            || $this->isFieldDirty('repetition_interval')
+            || $this->begin < $this->getPristineValue('begin')
+            || $this->end > $this->getPristineValue('end')
+            || $this->preparation_time > $this->getPristineValue('preparation_time')
+            || $this->repeat_end > $this->getPristineValue('repeat_end')
+        ) {
+
+            //Check if the user has booking rights on the resource.
+            //The user must have either permanent permissions or they have to
+            //have booking rights by a temporary permission in this moment
+            $user_has_booking_rights = $derived_resource->userHasBookingRights(
+                $this->booking_user, $this->begin, $this->end
             );
+            if (!$user_has_booking_rights) {
+                throw new ResourcePermissionException(
+                    sprintf(
+                        _('Unzureichende Berechtigungen zum Buchen der Ressource %s!'),
+                        $this->resource->name
+                    )
+                );
+            }
         }
 
         $time_intervals = $this->calculateTimeIntervals(true);
-- 
GitLab