From 9fd14abeaf7a3d2996540ffa7144b81e019624a2 Mon Sep 17 00:00:00 2001
From: Moritz Strohm <strohm@data-quest.de>
Date: Wed, 13 Nov 2024 11:52:39 +0000
Subject: [PATCH] neither show the dialog for confidential dates of other users
nor be able to drag such dates, fixes #4706
Closes #4706
Merge request studip/studip!3636
---
lib/models/calendar/CalendarDate.php | 8 +++--
.../calendar/CalendarDateAssignment.php | 29 +++++++++++--------
2 files changed, 22 insertions(+), 15 deletions(-)
diff --git a/lib/models/calendar/CalendarDate.php b/lib/models/calendar/CalendarDate.php
index 1d49ff52245..ebfb20edddb 100644
--- a/lib/models/calendar/CalendarDate.php
+++ b/lib/models/calendar/CalendarDate.php
@@ -177,13 +177,15 @@ class CalendarDate extends SimpleORMap implements PrivacyObject
}
} elseif ($assignment->user instanceof User) {
if ($assignment->user->isCalendarReadable($range_id)) {
- return true;
+ //The date is only readable if it isn't confidential:
+ return $this->access !== 'CONFIDENTIAL';
}
}
}
- //In case the date is not in a calendar of the user or a course
- //where the user has access to, it is only visible when it is public.
+ //In case the date is not in a calendar of a user or a course
+ //where the user has read access to, the date is only visible
+ //when it is public.
return $this->access === 'PUBLIC';
}
diff --git a/lib/models/calendar/CalendarDateAssignment.php b/lib/models/calendar/CalendarDateAssignment.php
index 43c00809f4b..05fafece4d4 100644
--- a/lib/models/calendar/CalendarDateAssignment.php
+++ b/lib/models/calendar/CalendarDateAssignment.php
@@ -652,32 +652,37 @@ class CalendarDateAssignment extends SimpleORMap implements Event
}
}
- $show_url_params = [];
- if ($this->calendar_date->repetition_type) {
- $show_url_params['selected_date'] = $begin->format('Y-m-d');
+ $studip_urls = [];
+ $action_urls = [];
+ if (!$hide_confidential_data) {
+ $show_url_params = [];
+ if ($this->calendar_date->repetition_type !== CalendarDate::REPETITION_SINGLE) {
+ $show_url_params['selected_date'] = $begin->format('Y-m-d');
+ }
+ $studip_urls['show'] = URLHelper::getURL('dispatch.php/calendar/date/index/' . $this->calendar_date_id, $show_url_params);
+
+ if ($this->isWritable($user_id)) {
+ $action_urls['resize_dialog'] = URLHelper::getURL('dispatch.php/calendar/date/move/' . $this->calendar_date_id);
+ $action_urls['move_dialog'] = URLHelper::getURL('dispatch.php/calendar/date/move/' . $this->calendar_date_id, ['original_date' => $begin->format('Y-m-d')]);
+ }
}
return new \Studip\Calendar\EventData(
$begin,
$end,
- !$hide_confidential_data ? $this->getTitle() : '',
+ !$hide_confidential_data ? $this->getTitle() : _('Vertraulich'),
$event_classes,
$text_colour,
$background_colour,
- $this->isWritable($user_id),
+ $this->isWritable($user_id) && $this->calendar_date->isVisible($user_id),
CalendarDateAssignment::class,
$this->id,
CalendarDate::class,
$this->calendar_date_id,
'user',
$this->range_id ?? '',
- [
- 'show' => URLHelper::getURL('dispatch.php/calendar/date/index/' . $this->calendar_date_id, $show_url_params)
- ],
- [
- 'resize_dialog' => URLHelper::getURL('dispatch.php/calendar/date/move/' . $this->calendar_date_id),
- 'move_dialog' => URLHelper::getURL('dispatch.php/calendar/date/move/' . $this->calendar_date_id, ['original_date' => $begin->format('Y-m-d')])
- ],
+ $studip_urls,
+ $action_urls,
$this->participation === 'DECLINED' ? 'decline-circle-full' : '',
$border_colour,
$all_day,
--
GitLab