From 7cd4ce3fd32dc2de0195cff6edc672b8edefbeae Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Fri, 25 Nov 2022 10:38:06 +0000
Subject: [PATCH] ensure only valid User objects are passed as responsible
 persons, fixes #1821

Closes #1821

Merge request studip/studip!1197
---
 lib/models/ConsultationBlock.php | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/lib/models/ConsultationBlock.php b/lib/models/ConsultationBlock.php
index c3373e3c1e0..55c31dc8e93 100644
--- a/lib/models/ConsultationBlock.php
+++ b/lib/models/ConsultationBlock.php
@@ -95,25 +95,26 @@ class ConsultationBlock extends SimpleORMap implements PrivacyObject
         };
 
         $config['additional_fields']['responsible_persons']['get'] = function (ConsultationBlock $block) {
-            if (count($block->responsibilities) !== 0) {
-                $result = [];
+            $persons = [];
+            if (count($block->responsibilities) > 0) {
                 foreach (array_merge(...$block->responsibilities->getUsers()) as $user) {
-                    $result[$user->id] = $user;
+                    $persons[$user->id] = $user;
                 }
-                return array_values($result);
+            } elseif ($block->range instanceof User) {
+                $persons[] = $block->range;
+            } elseif ($block->range instanceof Course) {
+                $persons = ConsultationResponsibility::getCourseResponsibilities($block->range);
+            } elseif ($block->range instanceof Institute) {
+                $persons = ConsultationResponsibility::getInstituteResponsibilites($block->range);
+            } else {
+                throw new Exception('Unknown range type');
             }
 
-            if ($block->range instanceof User) {
-                return [$block->range];
-            }
-            if ($block->range instanceof Course) {
-                return ConsultationResponsibility::getCourseResponsibilities($block->range);
-            }
-            if ($block->range instanceof Institute) {
-                return ConsultationResponsibility::getInstituteResponsibilites($block->range);
-            }
-
-            throw new Exception('Unknown range type');
+            // Ensure we only return objects of type User
+            $persons = array_filter($persons, function ($person) {
+                return $person instanceof User;
+            });
+            return array_values($persons);
         };
 
         $config['registered_callbacks']['after_store'][] = function (ConsultationBlock $block) {
-- 
GitLab