Skip to content
Snippets Groups Projects
Commit 759e0fd8 authored by Moritz Strohm's avatar Moritz Strohm
Browse files

Fixed permissions for course participants in course calendar, fixes #3824 

Closes #3824

Merge request studip/studip!2690


(cherry picked from commit f04f6e74)

95eb0337 calendar/date: fixed edit button visibility for course calendar dates
00f71dad fixed saving of calendar dates for course calendars
parent 20fa2655
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/controllers/calendar/date.php
+ 25
8
View file @ 759e0fd8
......@@ -122,7 +122,7 @@ class Calendar_DateController extends AuthenticatedController
if ($this->date->repetition_type) {
$this->selected_date = Request::get('selected_date');
}
$this->calendar_assignments = CalendarDateAssignment::findBySql(
$this->user_calendar_assignments = CalendarDateAssignment::findBySql(
"INNER JOIN `auth_user_md5`
ON `calendar_date_assignments`.`range_id` = `auth_user_md5`.`user_id`
WHERE
......@@ -132,14 +132,14 @@ class Calendar_DateController extends AuthenticatedController
$this->participation_message = null;
$this->user_participation_status = '';
$this->all_assignments_writable = false;
$this->is_group_date = count($this->calendar_assignments) > 1;
$this->is_group_date = count($this->user_calendar_assignments) > 1;
if ($this->calendar_assignments) {
if ($this->user_calendar_assignments) {
$writable_assignment_c = 0;
$more_than_one_assignment = count($this->calendar_assignments) > 1;
$more_than_one_assignment = count($this->user_calendar_assignments) > 1;
//Find the calendar assignment of the user and set the participation message
//according to the participation status.
foreach ($this->calendar_assignments as $index => $assignment) {
foreach ($this->user_calendar_assignments as $index => $assignment) {
if ($assignment->range_id === $GLOBALS['user']->id && $this->is_group_date) {
$this->user_participation_status = $assignment->participation;
if ($assignment->participation === 'ACCEPTED') {
......@@ -156,7 +156,7 @@ class Calendar_DateController extends AuthenticatedController
} else {
//We don't need the users own assignment in the list of assignments
//when there is only one assignment to the users own calendar.
unset($this->calendar_assignments[$index]);
unset($this->user_calendar_assignments[$index]);
}
} else {
......@@ -166,10 +166,10 @@ class Calendar_DateController extends AuthenticatedController
}
}
$this->all_assignments_writable = $writable_assignment_c === count($this->calendar_assignments);
$this->all_assignments_writable = $writable_assignment_c === count($this->user_calendar_assignments);
//Order all calendar assignments by type and name:
uasort($this->calendar_assignments, function ($a, $b) {
uasort($this->user_calendar_assignments, function ($a, $b) {
$compare_name = ($a->course instanceof Course && $b->course instanceof Course)
|| ($a->user instanceof User && $b->user instanceof User);
if ($compare_name) {
......@@ -203,6 +203,20 @@ class Calendar_DateController extends AuthenticatedController
}
}
});
} else {
//Check for other calendar assignments (course calendar):
$writable_assignment_c = 0;
$other_assignment_c = 0;
foreach ($this->date->calendars as $assignment) {
if (Course::exists($assignment->range_id)) {
//It is a course assignment:
$other_assignment_c++;
if ($assignment->isWritable($GLOBALS['user']->id)) {
$writable_assignment_c++;
}
}
}
$this->all_assignments_writable = $writable_assignment_c == $other_assignment_c;
}
}
......@@ -500,6 +514,9 @@ class Calendar_DateController extends AuthenticatedController
if (($owner instanceof Course)) {
//Set the course as calendar:
$allowed_calendar_ids = [$owner->id];
} elseif (Context::isCourse()) {
//Set the course as allowed calendar:
$allowed_calendar_ids = [Context::getId()];
} else {
//Assign the date to the calendars of all the selected users:
$allowed_calendar_ids = [$GLOBALS['user']->id];
......
app/views/calendar/date/index.php
+ 1
1
View file @ 759e0fd8
......@@ -102,7 +102,7 @@
<section>
<table class="default">
<body>
<? foreach ($calendar_assignments as $assignment) : ?>
<? foreach ($user_calendar_assignments as $assignment) : ?>
<tr>
<td><?= htmlReady($assignment->getRangeName()) ?></td>
<td><?= htmlReady($assignment->getParticipationAsString()) ?></td>
......
lib/models/calendar/CalendarDate.class.php
+ 17
0
View file @ 759e0fd8
......@@ -210,6 +210,23 @@ class CalendarDate extends SimpleORMap implements PrivacyObject
//may change the date.
return true;
}
//In case $range_id is a User-ID, a check has to be made if the calendar
//date is bound to a course and the user has at least "tutor" permissions
//in the course.
if (User::exists($range_id)) {
$writable_via_course = false;
$assignments = CalendarDateAssignment::findByCalendar_date_id($this->id);
foreach ($assignments as $assignment) {
if (Course::exists($assignment->range_id)
&& $GLOBALS['perm']->have_studip_perm('tutor', $assignment->range_id, $range_id)) {
$writable_via_course = true;
break;
}
}
if ($writable_via_course) {
return true;
}
}
//Check contacts: Has the contact of the user that is represented by
//$range_id write permissions to all the calendars of all the users that
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment