neither show the dialog for confidential dates of other users nor be able to...

neither show the dialog for confidential dates of other users nor be able to drag such dates, fixes #4706 Closes #4706 Merge request studip/studip!3636

neither show the dialog for confidential dates of other users nor be able to...
9fd14abe · Moritz Strohm · 1066b580 · 9fd14abe · 9fd14abe
Commit 9fd14abe authored 4 months ago by Moritz Strohm
--- a/lib/models/calendar/CalendarDate.php
+++ b/lib/models/calendar/CalendarDate.php
@@ -177,13 +177,15 @@ class CalendarDate extends SimpleORMap implements PrivacyObject
                }
            } elseif ($assignment->user instanceof User) {
                if ($assignment->user->isCalendarReadable($range_id)) {
-                    return true;
+                    //The date is only readable if it isn't confidential:
+                    return $this->access !== 'CONFIDENTIAL';
                }
            }
        }

-        //In case the date is not in a calendar of the user or a course
-        //where the user has access to, it is only visible when it is public.
+        //In case the date is not in a calendar of a user or a course
+        //where the user has read access to, the date is only visible
+        //when it is public.
        return $this->access === 'PUBLIC';
    }


--- a/lib/models/calendar/CalendarDateAssignment.php
+++ b/lib/models/calendar/CalendarDateAssignment.php
@@ -652,32 +652,37 @@ class CalendarDateAssignment extends SimpleORMap implements Event
            }
        }

-        $show_url_params = [];
-        if ($this->calendar_date->repetition_type) {
-            $show_url_params['selected_date'] = $begin->format('Y-m-d');
+        $studip_urls = [];
+        $action_urls = [];
+        if (!$hide_confidential_data) {
+            $show_url_params = [];
+            if ($this->calendar_date->repetition_type !== CalendarDate::REPETITION_SINGLE) {
+                $show_url_params['selected_date'] = $begin->format('Y-m-d');
+            }
+            $studip_urls['show'] = URLHelper::getURL('dispatch.php/calendar/date/index/' . $this->calendar_date_id, $show_url_params);
+
+            if ($this->isWritable($user_id)) {
+                $action_urls['resize_dialog'] = URLHelper::getURL('dispatch.php/calendar/date/move/' . $this->calendar_date_id);
+                $action_urls['move_dialog']   = URLHelper::getURL('dispatch.php/calendar/date/move/' . $this->calendar_date_id, ['original_date' => $begin->format('Y-m-d')]);
+            }
        }

        return new \Studip\Calendar\EventData(
            $begin,
            $end,
-            !$hide_confidential_data ? $this->getTitle() : '',
+            !$hide_confidential_data ? $this->getTitle() : _('Vertraulich'),
            $event_classes,
            $text_colour,
            $background_colour,
-            $this->isWritable($user_id),
+            $this->isWritable($user_id) && $this->calendar_date->isVisible($user_id),
            CalendarDateAssignment::class,
            $this->id,
            CalendarDate::class,
            $this->calendar_date_id,
            'user',
            $this->range_id ?? '',
-            [
-                'show'   => URLHelper::getURL('dispatch.php/calendar/date/index/' . $this->calendar_date_id, $show_url_params)
-            ],
-            [
-                'resize_dialog' => URLHelper::getURL('dispatch.php/calendar/date/move/' . $this->calendar_date_id),
-                'move_dialog'   => URLHelper::getURL('dispatch.php/calendar/date/move/' . $this->calendar_date_id, ['original_date' => $begin->format('Y-m-d')])
-            ],
+            $studip_urls,
+            $action_urls,
            $this->participation === 'DECLINED' ? 'decline-circle-full' : '',
            $border_colour,
            $all_day,