From b414da35e8e41046b5f068ecc1d6f00f31370bc9 Mon Sep 17 00:00:00 2001
From: Marcus Eibrink-Lunzenauer <lunzenauer@elan-ev.de>
Date: Wed, 2 Nov 2022 10:42:51 +0100
Subject: [PATCH] Update Courseware's Authority class to allow unlocking
 blocks.

Refs #887 and #1735.
---
 .../JsonApi/Routes/Courseware/Authority.php   | 49 ++++++++++++++++++-
 1 file changed, 47 insertions(+), 2 deletions(-)

diff --git a/lib/classes/JsonApi/Routes/Courseware/Authority.php b/lib/classes/JsonApi/Routes/Courseware/Authority.php
index 5e30a415ceb..e293c84aeeb 100644
--- a/lib/classes/JsonApi/Routes/Courseware/Authority.php
+++ b/lib/classes/JsonApi/Routes/Courseware/Authority.php
@@ -59,7 +59,23 @@ class Authority
     public static function canUpdateBlock(User $user, Block $resource)
     {
         if ($resource->isBlocked()) {
-            return $resource->getBlockerUserId() == $user->id;
+            $structural_element = $resource->container->structural_element;
+
+            if ($structural_element->range_type === 'user') {
+                if ($structural_element->range_id === $user->id) {
+                    return true;
+                }
+
+                return $structural_element->canEdit($user);
+            }
+
+            $perm = $GLOBALS['perm']->have_studip_perm(
+                $structural_element->course->config->COURSEWARE_EDITING_PERMISSION,
+                $structural_element->course->id,
+                $user->id
+            );
+
+            return $resource->getBlockerUserId() === $user->id || $perm;
         }
 
         return self::canUpdateContainer($user, $resource->container);
@@ -72,7 +88,36 @@ class Authority
 
     public static function canUpdateEditBlocker(User $user, $resource)
     {
-        return $resource->edit_blocker_id == '' || $resource->edit_blocker_id === $user->id;
+        $structural_element = null;
+        if ($resource instanceof Block) {
+            $structural_element = $resource->container->structural_element;
+        }
+        if ($resource instanceof Container) {
+            $structural_element = $resource->structural_element;
+        }
+        if ($resource instanceof StructuralElement) {
+            $structural_element = $resource;
+        }
+
+        if ($structural_element === null) {
+            return false;
+        }
+
+        if ($structural_element->range_type === 'user') {
+            if ($structural_element->range_id === $user->id) {
+                return true;
+            }
+
+            return $structural_element->canEdit($user);
+        }
+
+        $perm = $GLOBALS['perm']->have_studip_perm(
+            $structural_element->course->config->COURSEWARE_EDITING_PERMISSION,
+            $structural_element->course->id,
+            $user->id
+        );
+
+        return $resource->edit_blocker_id == '' || $resource->edit_blocker_id === $user->id || $perm;
     }
 
     public static function canShowContainer(User $user, Container $resource)
-- 
GitLab