From cb45e11a1407a9b3a98dc43c1094ba13dfcb3fd2 Mon Sep 17 00:00:00 2001
From: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>
Date: Wed, 17 Nov 2021 14:22:11 +0100
Subject: [PATCH] fix SORM usage in
 https://develop.studip.de/trac/changeset/60202, fixes #346

---
 app/controllers/course/basicdata.php | 12 ++++++------
 app/controllers/course/members.php   |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/app/controllers/course/basicdata.php b/app/controllers/course/basicdata.php
index 1df3a203343..bc20ed5fe38 100644
--- a/app/controllers/course/basicdata.php
+++ b/app/controllers/course/basicdata.php
@@ -621,7 +621,7 @@ class Course_BasicdataController extends AuthenticatedController
                 if ($deputies_enabled) {
                     // Check whether chosen person is set as deputy
                     // -> delete deputy entry.
-                    $deputy = Deputy::find([$dozent, $course_id]);
+                    $deputy = Deputy::find([$course_id, $dozent]);
                     if ($deputy) {
                         $deputy->delete();
                     }
@@ -702,12 +702,12 @@ class Course_BasicdataController extends AuthenticatedController
             PageLayout::postError(_('Sie dürfen sich nicht selbst aus der Veranstaltung austragen.'));
         } else {
             $sem = Seminar::getInstance($course_id);
-            $deputy = Deputy::find([$deputy_id, $course_id]);
+            $deputy = Deputy::find([$course_id, $deputy_id]);
             if ($deputy && $deputy->delete()) {
                 // Remove user from subcourses as well.
-                if($sem->children) {
+                if (count($sem->children)) {
                     $children_ids = $sem->children->pluck('seminar_id');
-                    Deputy::deleteBySQL('user_id = ? AND range_id IN (?)', [$children_ids]);
+                    Deputy::deleteBySQL('user_id = ? AND range_id IN (?)', [$deputy_id, $children_ids]);
                 }
 
                 PageLayout::postSuccess(sprintf(
@@ -850,8 +850,8 @@ class Course_BasicdataController extends AuthenticatedController
                 $dozent->status = 'dozent';
                 $dozent->comment = '';
                 if ($dozent->store()) {
-                    $deputy = Deputy::find([$GLOBALS['user']->id, $course_id]);
-                    if($deputy) {
+                    $deputy = Deputy::find([$course_id, $GLOBALS['user']->id]);
+                    if ($deputy) {
                         $deputy->delete();
                     }
                     PageLayout::postSuccess(sprintf(_('Sie wurden als %s eingetragen.'),
diff --git a/app/controllers/course/members.php b/app/controllers/course/members.php
index 08562c0970f..eddf2246696 100644
--- a/app/controllers/course/members.php
+++ b/app/controllers/course/members.php
@@ -379,7 +379,7 @@ class Course_MembersController extends AuthenticatedController
             if (Config::get()->DEPUTIES_ENABLE) {
                 // Check whether chosen person is set as deputy
                 // -> delete deputy entry.
-                $deputy = Deputy::find([$dozent, $this->course_id]);
+                $deputy = Deputy::find([$this->course_id, $dozent]);
                 if ($deputy) {
                     $deputy->delete();
                 }
-- 
GitLab