From b4970cb1bdf2dfb58ae7bca3c7b7a01aff4d9026 Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Thu, 31 Aug 2023 12:59:44 +0000
Subject: [PATCH] find only visible courses if not at least admin, fixes #3046

Closes #3046

Merge request studip/studip!2091
---
 lib/models/RangeTreeNode.php         | 8 ++++++++
 lib/models/StudipStudyArea.class.php | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/lib/models/RangeTreeNode.php b/lib/models/RangeTreeNode.php
index d1c18238396..4d52fedaf71 100644
--- a/lib/models/RangeTreeNode.php
+++ b/lib/models/RangeTreeNode.php
@@ -146,6 +146,10 @@ class RangeTreeNode extends SimpleORMap implements StudipTreeNode
             $parameters = ['ids' => $with_children ? $this->getDescendantIds() : [$this->id]];
         }
 
+        if (!$GLOBALS['perm']->have_perm(Config::get()->SEM_VISIBILITY_PERM)) {
+            $query .= " AND s.`visible` = 1";
+        }
+
         if ($semclass !== 0) {
             $query .= "  AND s.`status` IN (:types)";
             $parameters['types'] = array_map(
@@ -200,6 +204,10 @@ class RangeTreeNode extends SimpleORMap implements StudipTreeNode
             $parameters = ['ids' => $with_children ? $this->getDescendantIds() : [$this->id]];
         }
 
+        if (!$GLOBALS['perm']->have_perm(Config::get()->SEM_VISIBILITY_PERM)) {
+            $query .= " AND s.`visible` = 1";
+        }
+
         if ($searchterm) {
             $query .= " AND s.`Name` LIKE :searchterm";
             $parameters['searchterm'] = '%' . trim($searchterm) . '%';
diff --git a/lib/models/StudipStudyArea.class.php b/lib/models/StudipStudyArea.class.php
index 6134fdaf4f7..1ea7722fc47 100644
--- a/lib/models/StudipStudyArea.class.php
+++ b/lib/models/StudipStudyArea.class.php
@@ -498,6 +498,10 @@ class StudipStudyArea extends SimpleORMap implements StudipTreeNode
             $parameters = ['ids' => $with_children ? $this->getDescendantIds() : [$this->id]];
         }
 
+        if (!$GLOBALS['perm']->have_perm(Config::get()->SEM_VISIBILITY_PERM)) {
+            $query .= " AND s.`visible` = 1";
+        }
+
         if ($semclass !== 0) {
             $query .= "  AND s.`status` IN (:types)";
             $parameters['types'] = array_map(
@@ -544,6 +548,10 @@ class StudipStudyArea extends SimpleORMap implements StudipTreeNode
             $parameters = ['ids' => $with_children ? $this->getDescendantIds() : [$this->id]];
         }
 
+        if (!$GLOBALS['perm']->have_perm(Config::get()->SEM_VISIBILITY_PERM)) {
+            $query .= " AND s.`visible` = 1";
+        }
+
         if ($semclass !== 0) {
             $query .= "  AND s.`status` IN (:types)";
             $parameters['types'] = array_map(
-- 
GitLab