diff options
| author | Jan-Hendrik Willms <tleilax+studip@gmail.com> | 2026-03-20 13:18:46 +0100 |
|---|---|---|
| committer | Jan-Hendrik Willms <tleilax+studip@gmail.com> | 2026-03-20 13:19:16 +0100 |
| commit | 096fb2b02b7fb9b5341377d9b1233439cc11d986 (patch) | |
| tree | 1f7d0bddcabea6beed54655c7ba33c43bbd04512 | |
| parent | 9aa43969da3c4b6909b887adffcba5beba9789f3 (diff) | |
set allow_nobody on resources' ajax controller for get_booking_plan action, fixes #6269
Closes #6269
Merge request studip/studip!4739
| -rw-r--r-- | app/controllers/resources/ajax.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/app/controllers/resources/ajax.php b/app/controllers/resources/ajax.php index 53e7ec9..d5d2888 100644 --- a/app/controllers/resources/ajax.php +++ b/app/controllers/resources/ajax.php @@ -14,6 +14,17 @@ class Resources_AjaxController extends AuthenticatedController { + protected $allow_nobody = true; + + public function before_filter(&$action, &$args) + { + if ($action !== 'get_booking_plan') { + throw new LoginException(); + } + + parent::before_filter($action, $args); + } + public function toggle_marked_action($request_id) { $request = ResourceRequest::find($request_id); |