From fe2f210e9e86150d540541a7b6b8985c0a01b7de Mon Sep 17 00:00:00 2001
From: Rasmus Fuhse <fuhse@data-quest.de>
Date: Mon, 10 Jul 2023 10:28:57 +0000
Subject: [PATCH] Resolve "OER Campus: Bei Entwurf: Zugriff verweigert"

Closes #2527

Merge request studip/studip!1913
---
 app/controllers/oer/endpoints.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/controllers/oer/endpoints.php b/app/controllers/oer/endpoints.php
index 30c97160f57..8eb286fad1c 100644
--- a/app/controllers/oer/endpoints.php
+++ b/app/controllers/oer/endpoints.php
@@ -3,6 +3,8 @@
 class Oer_EndpointsController extends StudipController
 {
 
+    protected $with_session = true;  //we do need to have a session for this controller
+
     public function index_action()
     {
         $this->controllerreflection = new ReflectionClass($this);
@@ -297,7 +299,7 @@ class Oer_EndpointsController extends StudipController
     public function download_action($material_id, $disposition = "inline")
     {
         $this->material = new OERMaterial($material_id);
-        if ($this->material['draft']) {
+        if ($this->material['draft'] && !$this->material->isMine()) {
             throw new AccessDeniedException();
         }
 
-- 
GitLab