From 8a4fc458c915d37b224a582631723c91e17b8bc1 Mon Sep 17 00:00:00 2001
From: Moritz Strohm <strohm@data-quest.de>
Date: Mon, 18 Dec 2023 13:58:13 +0000
Subject: [PATCH] NewsRangesSearch::getResults: regard deputies for users that
 do not have admin or root permissions, fixes #3558

Closes #3558

Merge request studip/studip!2472
---
 lib/classes/searchtypes/NewsRangesSearch.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/lib/classes/searchtypes/NewsRangesSearch.php b/lib/classes/searchtypes/NewsRangesSearch.php
index 849b5c585a9..bbcde3ad702 100644
--- a/lib/classes/searchtypes/NewsRangesSearch.php
+++ b/lib/classes/searchtypes/NewsRangesSearch.php
@@ -125,6 +125,24 @@ class NewsRangesSearch extends SearchType
             $parameters[':user_id'] = $user->id;
             $parameters[':user_name'] = $user->getFullname();
             $parameters[':profile_name'] = _('Profilseite');
+
+            $deputy_number = 1;
+            $deputies = Deputy::findBySQL(
+                "`range_id` = :user_id",
+                ['user_id' => $user->id]
+            );
+            foreach ($deputies as $deputy) {
+                $sql_searches[] = "SELECT *
+                    FROM (
+                        SELECT CAST(CONCAT(:deputy_id{$deputy_number}, '__person') AS BINARY) AS `range_id`,
+                            CONCAT_WS(' - ', :deputy_name{$deputy_number}, :deputy_profile_name{$deputy_number}) AS `name`
+                    ) AS tmp_user_table
+                    WHERE `name` LIKE :input";
+                $parameters[":deputy_id{$deputy_number}"] = $deputy->user_id;
+                $parameters[":deputy_name{$deputy_number}"] = $deputy->deputy->getFullName();
+                $parameters[":deputy_profile_name{$deputy_number}"] = _('Profilseite');
+                $deputy_number++;
+            }
         }
 
         $searches = implode(' UNION ALL ', $sql_searches);
-- 
GitLab