From c14cdd1a892fe19b9035feba01273ef5015cb64b Mon Sep 17 00:00:00 2001
From: Rasmus Fuhse <fuhse@data-quest.de>
Date: Wed, 11 Dec 2024 14:58:36 +0000
Subject: [PATCH] Resolve "Wiki: Exception taucht auf, wenn ich mit
autor-Berechtigungen eine nicht existierende Seite aufrufe"
Closes #4991
Merge request studip/studip!3750
---
app/controllers/course/wiki.php | 8 +++++++-
lib/classes/RangeFactory.php | 22 ++++++++++++++--------
lib/models/WikiPage.php | 9 +++++++++
3 files changed, 30 insertions(+), 9 deletions(-)
diff --git a/app/controllers/course/wiki.php b/app/controllers/course/wiki.php
index ddda49af86f..6fbd7ce5e59 100644
--- a/app/controllers/course/wiki.php
+++ b/app/controllers/course/wiki.php
@@ -1338,6 +1338,8 @@ class Course_WikiController extends AuthenticatedController
private function validateWikiPage(WikiPage $page, Range $context, bool $for_edit = false): void
{
+ $page->range_id = $page->range_id ?: $context->id;
+
if (
!$page->isNew()
&& $page->range_id !== $context->id
@@ -1349,7 +1351,11 @@ class Course_WikiController extends AuthenticatedController
}
if ($for_edit && !$page->isEditable()) {
- throw new Exception(_('Sie dürfen diese Wikiseite nicht bearbeiten'));
+ if ($page->isNew()) {
+ throw new AccessDeniedException(_('Sie dürfen keine neue Wikiseite anlegen.'));
+ } else {
+ throw new AccessDeniedException(_('Sie dürfen diese Wikiseite nicht bearbeiten'));
+ }
}
}
}
diff --git a/lib/classes/RangeFactory.php b/lib/classes/RangeFactory.php
index 8da592a28a1..f70e25a2aab 100644
--- a/lib/classes/RangeFactory.php
+++ b/lib/classes/RangeFactory.php
@@ -8,16 +8,24 @@
*/
final class RangeFactory
{
- const TYPE_MAPPING = [
+ public const TYPE_MAPPING = [
'sem' => 'course',
'user' => 'user',
'inst' => 'institute',
'fak' => 'institute',
];
- public static function find($id)
- {
- $type = get_object_type($id, ['sem', 'user', 'inst', 'fak']);
+ /**
+ * Finds a Range for a given id or false if there is no Range with the id.
+ * @param string $id Range id
+ * @param array $search_types array can have values of 'sem', 'user', 'inst' and/or 'fak'
+ * @return Range|false
+ */
+ public static function find(
+ string $id,
+ array $search_types = ['sem', 'user', 'inst', 'fak']
+ ) {
+ $type = get_object_type($id, $search_types);
if ($type === false) {
return false;
}
@@ -30,12 +38,10 @@ final class RangeFactory
*
* @param string $type Range type
* @param mixed $id Range id
- * @return mixed any of the supported range types
+ * @return Range any of the supported range types
* @throws Exception when an invalid range type was given
- *
- * @todo Should this be more dynamic in case any more ranges are added?
*/
- public static function createRange($type, $id)
+ public static function createRange(string $type, string $id): Range
{
if ($type === 'user') {
return new User($id);
diff --git a/lib/models/WikiPage.php b/lib/models/WikiPage.php
index 6cb4c8a2cf9..57b9c891ccf 100644
--- a/lib/models/WikiPage.php
+++ b/lib/models/WikiPage.php
@@ -191,6 +191,15 @@ class WikiPage extends SimpleORMap implements PrivacyObject
return false;
}
+ // Check create permission if page is new
+ if ($this->isNew()) {
+ $range = RangeFactory::find($this->range_id, ['sem', 'inst']);
+ $permission = $range->getConfiguration()->getValue('WIKI_CREATE_PERMISSION');
+ return $permission === 'all'
+ || $GLOBALS['perm']->have_studip_perm($permission, $this->range_id, $user_id);
+ }
+
+ // Otherwise check write permissions
if ($this->write_permission === 'all') {
return true;
}
--
GitLab