From af9ea7f07dba0cae3602de18a5c6f8c2694451c8 Mon Sep 17 00:00:00 2001
From: David Siegfried <david.siegfried@uni-vechta.de>
Date: Wed, 6 Apr 2022 17:25:34 +0000
Subject: [PATCH] check user-permissons, closes #870
---
app/controllers/resources/resource.php | 1 -
app/controllers/resources/room.php | 6 ++----
.../resources/_common/_room_search_result.php | 19 ++++++++++-------
app/views/resources/building/index.php | 17 ++++++++-------
app/views/resources/location/index.php | 16 +++++++-------
app/views/resources/room/index.php | 21 +++++++++++--------
lib/models/resources/Resource.class.php | 12 +++++++++--
7 files changed, 53 insertions(+), 39 deletions(-)
diff --git a/app/controllers/resources/resource.php b/app/controllers/resources/resource.php
index 19d951b0429..42de1f32127 100644
--- a/app/controllers/resources/resource.php
+++ b/app/controllers/resources/resource.php
@@ -1016,7 +1016,6 @@ class Resources_ResourceController extends AuthenticatedController
//Get the list of temporary permissions for the user-IDs in the list:
$user_permissions = Request::getArray('permissions');
- //var_dump($user_permissions);die();
$processed_permissions = 0;
$errors = [];
diff --git a/app/controllers/resources/room.php b/app/controllers/resources/room.php
index 7b1ad87d543..01af12eda85 100644
--- a/app/controllers/resources/room.php
+++ b/app/controllers/resources/room.php
@@ -67,10 +67,7 @@ class Resources_RoomController extends AuthenticatedController
$user,
'autor'
);
- $current_user_is_resource_user = $this->room->userHasPermission(
- $user,
- 'user'
- );
+ $current_user_is_resource_user = $this->room->userHasPermission($user);
$sidebar = Sidebar::get();
$actions = new ActionsWidget();
@@ -167,6 +164,7 @@ class Resources_RoomController extends AuthenticatedController
$this->grouped_properties = $this->room->getGroupedProperties(
$this->room->getRequiredPropertyNames()
);
+ $this->geo_coordinates_object = $this->room->building->getPropertyObject('geo_coordinates');
}
diff --git a/app/views/resources/_common/_room_search_result.php b/app/views/resources/_common/_room_search_result.php
index 45b700b9ec3..7c82fcfd3e1 100644
--- a/app/views/resources/_common/_room_search_result.php
+++ b/app/views/resources/_common/_room_search_result.php
@@ -55,14 +55,17 @@
);
}
if ($room->building) {
- $actions->addLink(
- ResourceManager::getMapUrlForResourcePosition(
- $room->building->getPropertyObject('geo_coordinates')
- ),
- _('Zum Lageplan'),
- Icon::create('globe'),
- ['target' => '_blank']
- );
+ $geo_coordinates_object = $room->building->getPropertyObject('geo_coordinates');
+ if ($geo_coordinates_object instanceof ResourceProperty) {
+ $actions->addLink(
+ ResourceManager::getMapUrlForResourcePosition(
+ $room->building->getPropertyObject('geo_coordinates')
+ ),
+ _('Zum Lageplan'),
+ Icon::create('globe'),
+ ['target' => '_blank']
+ );
+ }
}
if ($clipboard_widget_id) {
$actions->addLink(
diff --git a/app/views/resources/building/index.php b/app/views/resources/building/index.php
index 140bbfe6027..4f46a0c17a1 100644
--- a/app/views/resources/building/index.php
+++ b/app/views/resources/building/index.php
@@ -30,7 +30,6 @@
</section>
</section>
<? endif ?>
-
<div data-dialog-button>
<? if (Request::isDialog()) : ?>
<? if ($geo_coordinates_object instanceof ResourceProperty): ?>
@@ -40,13 +39,15 @@
['target' => '_blank']
) ?>
<? endif ?>
- <?= \Studip\LinkButton::createEdit(
- _('Bearbeiten'),
- $building->getActionURL('edit'),
- [
- 'data-dialog' => 'size=auto'
- ]
- ) ?>
+ <? if ($building->userHasPermission($GLOBALS['user']->getAuthenticatedUser(), 'admin')) : ?>
+ <?= \Studip\LinkButton::createEdit(
+ _('Bearbeiten'),
+ $building->getActionURL('edit'),
+ [
+ 'data-dialog' => 'size=auto'
+ ]
+ ) ?>
+ <? endif ?>
<? endif ?>
</div>
<?
diff --git a/app/views/resources/location/index.php b/app/views/resources/location/index.php
index ae281970e70..162bfcd8d5c 100644
--- a/app/views/resources/location/index.php
+++ b/app/views/resources/location/index.php
@@ -19,13 +19,15 @@
['target' => '_blank']
) ?>
</div>
- <?= \Studip\LinkButton::createEdit(
- _('Bearbeiten'),
- $location->getActionURL('edit'),
- [
- 'data-dialog' => 'size=auto'
- ]
- ) ?>
+ <? if($location->userHasPermission(User::findCurrent(), 'admin')) : ?>
+ <?= \Studip\LinkButton::createEdit(
+ _('Bearbeiten'),
+ $location->getActionURL('edit'),
+ [
+ 'data-dialog' => 'size=auto'
+ ]
+ ) ?>
+ <? endif ?>
<? endif ?>
<? endif ?>
<? $property_groups = $location->getGroupedProperties($other_properties) ?>
diff --git a/app/views/resources/room/index.php b/app/views/resources/room/index.php
index a68bfc98974..92143b960fa 100644
--- a/app/views/resources/room/index.php
+++ b/app/views/resources/room/index.php
@@ -88,21 +88,24 @@
$room->getActionURL('semester_plan'),
['data-dialog' => 'size=big']) ?>
<? endif ?>
- <? if ($room->building) : ?>
+
+ <? if ($geo_coordinates_object instanceof ResourceProperty): ?>
<?= \Studip\LinkButton::create(
_('Zum Lageplan'),
ResourceManager::getMapUrlForResourcePosition(
- $room->building->getPropertyObject('geo_coordinates')
+ $geo_coordinates_object
)
) ?>
<? endif ?>
- <?= \Studip\LinkButton::createEdit(
- _('Bearbeiten'),
- $room->getActionURL('edit'),
- [
- 'data-dialog' => 'size=auto'
- ]
- ) ?>
+ <? if ($room->userHasPermission(User::findCurrent(), 'admin')) : ?>
+ <?= \Studip\LinkButton::createEdit(
+ _('Bearbeiten'),
+ $room->getActionURL('edit'),
+ [
+ 'data-dialog' => 'size=auto'
+ ]
+ ) ?>
+ <? endif ?>
<? if (!$current_user_is_resource_autor && $room->requestable) : ?>
<?= \Studip\LinkButton::create(
_('Raum anfragen'),
diff --git a/lib/models/resources/Resource.class.php b/lib/models/resources/Resource.class.php
index 7fbaf575fc1..b012daed854 100644
--- a/lib/models/resources/Resource.class.php
+++ b/lib/models/resources/Resource.class.php
@@ -1439,13 +1439,16 @@ class Resource extends SimpleORMap implements StudipItem
);
$property->store();
+
+ if ($name === 'geo_coordinates' && $property->state === '+0.0000000+0.0000000+0.0000000CRSWGS_84/') {
+ return null;
+ }
return $property;
} else {
return null;
}
}
-
- return ResourceProperty::findOneBySql(
+ $property = ResourceProperty::findOneBySql(
"INNER JOIN resource_property_definitions rpd
ON resource_properties.property_id = rpd.property_id
WHERE resource_properties.resource_id = :resource_id
@@ -1455,6 +1458,11 @@ class Resource extends SimpleORMap implements StudipItem
'name' => $name
]
);
+
+ if ($name === 'geo_coordinates' && $property->state === '+0.0000000+0.0000000+0.0000000CRSWGS_84/') {
+ return null;
+ }
+ return $property;
}
/**
--
GitLab