From 76ed0b81d55a6bbd447bd0db59b8f7ad7825db8c Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Thu, 3 Oct 2024 09:40:33 +0000
Subject: [PATCH] fix deletion of bookings, fixes #4566
Closes #4566
Merge request studip/studip!3475
---
app/controllers/resources/booking.php | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
diff --git a/app/controllers/resources/booking.php b/app/controllers/resources/booking.php
index 53735198208..b2ab0dac577 100644
--- a/app/controllers/resources/booking.php
+++ b/app/controllers/resources/booking.php
@@ -1885,29 +1885,27 @@ class Resources_BookingController extends AuthenticatedController
{
PageLayout::setTitle(_('Buchung löschen'));
- if ($this->booking->isReadOnlyForUser($this->current_user)) {
+ $booking = ResourceBooking::find($booking_id) ?? $this->booking;
+ if (!$booking) {
+ throw new InvalidArgumentException(_('Diese Buchung existiert nicht'));
+ }
+
+ if ($booking->isReadOnlyForUser($this->current_user)) {
//The user must not delete this booking!
throw new AccessDeniedException();
}
- $this->show_details = true;
- if (Request::submitted('hide_details')) {
- $this->show_details = false;
- }
+ $this->show_details = !Request::submitted('hide_details');
$this->show_question = true;
if (Request::submitted('confirm')) {
CSRFProtection::verifyUnsafeRequest();
- if ($this->booking->delete()) {
+ if ($booking->delete()) {
$this->show_question = false;
- PageLayout::postSuccess(
- _('Die Buchung wurde gelöscht!')
- );
+ PageLayout::postSuccess(_('Die Buchung wurde gelöscht!'));
} else {
- PageLayout::postError(
- _('Fehler beim Löschen der Buchung!')
- );
+ PageLayout::postError(_('Fehler beim Löschen der Buchung!'));
}
}
}
--
GitLab