fix deletion of bookings, fixes #4566

Closes #4566 Merge request studip/studip!3475

fix deletion of bookings, fixes #4566
76ed0b81 · Jan-Hendrik Willms · David Siegfried · 0ad1eca4 · 76ed0b81
Commit 76ed0b81 authored 5 months ago by Jan-Hendrik Willms Committed by David Siegfried 5 months ago
--- a/app/controllers/resources/booking.php
+++ b/app/controllers/resources/booking.php
@@ -1885,29 +1885,27 @@ class Resources_BookingController extends AuthenticatedController
    {
        PageLayout::setTitle(_('Buchung löschen'));
-        if ($this->booking->isReadOnlyForUser($this->current_user)) {
+        $booking = ResourceBooking::find($booking_id) ?? $this->booking;
+        if (!$booking) {
+            throw new InvalidArgumentException(_('Diese Buchung existiert nicht'));
+        }
+        if ($booking->isReadOnlyForUser($this->current_user)) {
            //The user must not delete this booking!
            throw new AccessDeniedException();
        }
-        $this->show_details = true;
+        $this->show_details = !Request::submitted('hide_details');
-        if (Request::submitted('hide_details')) {
-            $this->show_details = false;
-        }
        $this->show_question = true;
        if (Request::submitted('confirm')) {
            CSRFProtection::verifyUnsafeRequest();
-            if ($this->booking->delete()) {
+            if ($booking->delete()) {
                $this->show_question = false;
-                PageLayout::postSuccess(
+                PageLayout::postSuccess(_('Die Buchung wurde gelöscht!'));
-                    _('Die Buchung wurde gelöscht!')
-                );
            } else {
-                PageLayout::postError(
+                PageLayout::postError(_('Fehler beim Löschen der Buchung!'));
-                    _('Fehler beim Löschen der Buchung!')
-                );
            }
        }
    }