Skip to content
Snippets Groups Projects
Commit a3d5dec9 authored by Ron Lucke's avatar Ron Lucke Committed by Elmar Ludwig
Browse files

fix #3008 

Closes #3008

Merge request studip/studip!2064
parent ba199253
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/classes/JsonApi/Routes/Courseware/Authority.php
+ 8
2
View file @ a3d5dec9
......@@ -529,9 +529,15 @@ class Authority
return $GLOBALS['perm']->have_perm('root', $user->id);
}
public static function canCreateClipboard(User $user): bool
public static function canCreateClipboard(User $user, $resource): bool
{
return true;
if ($resource instanceof StructuralElement) {
$structural_element = $resource;
} else {
$structural_element = $resource->getStructuralElement();
}
return $structural_element->canEdit($user);
}
public static function canUpdateClipboard(User $user, Clipboard $resource): bool
......
lib/classes/JsonApi/Routes/Courseware/ClipboardsCreate.php
+ 4
3
View file @ a3d5dec9
......@@ -29,13 +29,14 @@ class ClipboardsCreate extends JsonApiController
{
$json = $this->validate($request);
$user = $this->getUser($request);
if (!Authority::canCreateClipboard($user)) {
throw new AuthorizationFailedException();
}
$object = $this->getObject($json);
if (!$object) {
throw new RecordNotFoundException();
}
if (!Authority::canCreateClipboard($user, $object)) {
throw new AuthorizationFailedException();
}
$clipboard = $this->createClipboard($user, $json, $object);
return $this->getCreatedResponse($clipboard);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment