From 78afc3856fac8e52f6fa747dc4b79dc6556e449d Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Tue, 17 Oct 2023 13:39:08 +0000
Subject: [PATCH] fix self link to status groups by implementing route
 /status-groups/{id}, fixes #3357

Closes #3357

Merge request studip/studip!2284
---
 lib/classes/JsonApi/RouteMap.php              |  2 ++
 .../JsonApi/Routes/StatusgroupShow.php        | 33 +++++++++++++++++++
 lib/models/Statusgruppen.php                  |  7 ++++
 3 files changed, 42 insertions(+)
 create mode 100644 lib/classes/JsonApi/Routes/StatusgroupShow.php

diff --git a/lib/classes/JsonApi/RouteMap.php b/lib/classes/JsonApi/RouteMap.php
index effbf8f5fa5..e779e8b25ae 100644
--- a/lib/classes/JsonApi/RouteMap.php
+++ b/lib/classes/JsonApi/RouteMap.php
@@ -115,6 +115,8 @@ class RouteMap
         $group->get('/config-values/{id}', Routes\ConfigValues\ConfigValuesShow::class);
         $group->patch('/config-values/{id}', Routes\ConfigValues\ConfigValuesUpdate::class);
 
+        $group->get('/status-groups/{id}', Routes\StatusgroupShow::class);
+
         $this->addAuthenticatedBlubberRoutes($group);
         $this->addAuthenticatedConsultationRoutes($group);
         $this->addAuthenticatedContactsRoutes($group);
diff --git a/lib/classes/JsonApi/Routes/StatusgroupShow.php b/lib/classes/JsonApi/Routes/StatusgroupShow.php
new file mode 100644
index 00000000000..ba7814fa869
--- /dev/null
+++ b/lib/classes/JsonApi/Routes/StatusgroupShow.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace JsonApi\Routes;
+
+use JsonApi\Errors\AuthorizationFailedException;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use JsonApi\JsonApiController;
+use JsonApi\Errors\RecordNotFoundException;
+
+class StatusgroupShow extends JsonApiController
+{
+    protected $allowedIncludePaths = [
+        'range'
+    ];
+
+    public function __invoke(Request $request, Response $response, $args)
+    {
+        $group = \Statusgruppen::find($args['id']);
+        if (!$group) {
+            throw new RecordNotFoundException();
+        }
+
+        $user = $this->getUser($request);
+        $range = $group->range;
+
+        if ($range && !$range->isAccessibleToUser($user->id)) {
+            throw new AuthorizationFailedException();
+        }
+
+        return $this->getContentResponse($group);
+    }
+}
diff --git a/lib/models/Statusgruppen.php b/lib/models/Statusgruppen.php
index ebf8e133f00..fa620f56602 100644
--- a/lib/models/Statusgruppen.php
+++ b/lib/models/Statusgruppen.php
@@ -39,6 +39,7 @@
  *
  * @property ConsultationBlock[]|SimpleORMapCollection $consultation_blocks
  * @property ConsultationResponsibility[]|SimpleORMapCollection $consultation_responsibilities
+ * @property-read Range|null $range
  */
 class Statusgruppen extends SimpleORMap implements PrivacyObject
 {
@@ -93,6 +94,12 @@ class Statusgruppen extends SimpleORMap implements PrivacyObject
 
         $config['additional_fields']['children'] = true;
 
+        $config['additional_fields']['range'] = [
+            'get' => function (Statusgruppen $group): ?Range {
+                return RangeFactory::find($group->range_id);
+            },
+        ];
+
         $config['default_values']['position'] = null;
 
         $config['registered_callbacks']['before_store'][] = 'cbAddPosition';
-- 
GitLab