diff options
| author | Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de> | 2025-07-11 13:09:33 +0200 |
|---|---|---|
| committer | Jan-Hendrik Willms <tleilax+studip@gmail.com> | 2025-07-16 08:31:37 +0200 |
| commit | 478662cd4a1466cb016d4032aeef39752b90da11 (patch) | |
| tree | e80836651dcec7253bc132018b425a669ef4cf38 | |
| parent | 8ace7b8f8823b0c4e7cfd48f826b3637a4428438 (diff) | |
only display to inst admins requests they have permissions for, fixes #432
Closes #432
Merge request studip/studip!4346
| -rw-r--r-- | app/controllers/resources/room_request.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/resources/room_request.php b/app/controllers/resources/room_request.php index eb174e3..cab9ad4 100644 --- a/app/controllers/resources/room_request.php +++ b/app/controllers/resources/room_request.php @@ -210,6 +210,10 @@ class Resources_RoomRequestController extends AuthenticatedController ); $sql_params['institute_ids'] = $institute_ids; } + } else if (!ResourceManager::userHasGlobalPermission($this->current_user, 'admin')) { + // inst admins only get requests for their rooms or courses of their institutes + $sql .= " AND (resource_id != '' OR course_id IN (SELECT seminar_id FROM seminare WHERE institut_id IN (:institute_ids)))"; + $sql_params['institute_ids'] = array_column(Institute::getMyInstitutes(), 'Institut_id'); } if ( @@ -1145,6 +1149,7 @@ class Resources_RoomRequestController extends AuthenticatedController ) ); } else { + $user_has_permission = $GLOBALS['perm']->have_studip_perm('tutor', $this->request->course_id); PageLayout::setTitle( _('Anfrage auflösen') ); |