Resolve "Wiki: Exception taucht auf, wenn ich mit autor-Berechtigungen eine...

Resolve "Wiki: Exception taucht auf, wenn ich mit autor-Berechtigungen eine nicht existierende Seite aufrufe" Closes #4991 Merge request studip/studip!3750

Resolve "Wiki: Exception taucht auf, wenn ich mit autor-Berechtigungen eine...
c14cdd1a · Rasmus Fuhse · 44b518ce · c14cdd1a · c14cdd1a · c14cdd1a
Commit c14cdd1a authored 3 months ago by Rasmus Fuhse
--- a/app/controllers/course/wiki.php
+++ b/app/controllers/course/wiki.php
@@ -1338,6 +1338,8 @@ class Course_WikiController extends AuthenticatedController

    private function validateWikiPage(WikiPage $page, Range $context, bool $for_edit = false): void
    {
+        $page->range_id = $page->range_id ?: $context->id;
+
        if (
            !$page->isNew()
            && $page->range_id !== $context->id
@@ -1349,7 +1351,11 @@ class Course_WikiController extends AuthenticatedController
        }

        if ($for_edit && !$page->isEditable()) {
-            throw new Exception(_('Sie dürfen diese Wikiseite nicht bearbeiten'));
+            if ($page->isNew()) {
+                throw new AccessDeniedException(_('Sie dürfen keine neue Wikiseite anlegen.'));
+            } else {
+                throw new AccessDeniedException(_('Sie dürfen diese Wikiseite nicht bearbeiten'));
+            }
        }
    }
 }
--- a/lib/classes/RangeFactory.php
+++ b/lib/classes/RangeFactory.php
@@ -8,16 +8,24 @@
 */
 final class RangeFactory
 {
-    const TYPE_MAPPING = [
+    public const TYPE_MAPPING = [
        'sem'  => 'course',
        'user' => 'user',
        'inst' => 'institute',
        'fak'  => 'institute',
    ];

-    public static function find($id)
-    {
-        $type = get_object_type($id, ['sem', 'user', 'inst', 'fak']);
+    /**
+     * Finds a Range for a given id or false if there is no Range with the id.
+     * @param string $id   Range id
+     * @param array $search_types array can have values of 'sem', 'user', 'inst' and/or 'fak'
+     * @return Range|false
+     */
+    public static function find(
+        string $id,
+        array $search_types = ['sem', 'user', 'inst', 'fak']
+    ) {
+        $type = get_object_type($id, $search_types);
        if ($type === false) {
            return false;
        }
@@ -30,12 +38,10 @@ final class RangeFactory
     *
     * @param string $type Range type
     * @param mixed  $id   Range id
-     * @return mixed any of the supported range types
+     * @return Range any of the supported range types
     * @throws Exception when an invalid range type was given
-     *
-     * @todo Should this be more dynamic in case any more ranges are added?
     */
-    public static function createRange($type, $id)
+    public static function createRange(string $type, string $id): Range
    {
        if ($type === 'user') {
            return new User($id);

--- a/lib/models/WikiPage.php
+++ b/lib/models/WikiPage.php
@@ -191,6 +191,15 @@ class WikiPage extends SimpleORMap implements PrivacyObject
            return false;
        }

+        // Check create permission if page is new
+        if ($this->isNew()) {
+            $range = RangeFactory::find($this->range_id, ['sem', 'inst']);
+            $permission = $range->getConfiguration()->getValue('WIKI_CREATE_PERMISSION');
+            return $permission === 'all'
+                || $GLOBALS['perm']->have_studip_perm($permission, $this->range_id, $user_id);
+        }
+
+        // Otherwise check write permissions
        if ($this->write_permission === 'all') {
            return true;
        }