aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMurtaza Sultani <sultani@data-quest.de>2025-07-24 17:14:57 +0200
committerMurtaza Sultani <sultani@data-quest.de>2025-07-24 17:14:57 +0200
commit1d51d3baf430da6b4573b42aae5f0db9cea838c1 (patch)
tree757c30a01113cf4117f5c365b1d28278c4fbc4a9
parent64262b9a67af6888251999b9bc47b2c10463bec5 (diff)
Resolve "Wiki verwendet falsche Rechteabfragen in der JSON-API"
Closes #5756 Merge request studip/studip!4390
Diffstat
-rw-r--r--lib/classes/JsonApi/Routes/Institutes/Authority.php2
-rw-r--r--lib/classes/JsonApi/Routes/Wiki/Authority.php4
2 files changed, 3 insertions, 3 deletions
diff --git a/lib/classes/JsonApi/Routes/Institutes/Authority.php b/lib/classes/JsonApi/Routes/Institutes/Authority.php
index 2f35c23..2bd68a5 100644
--- a/lib/classes/JsonApi/Routes/Institutes/Authority.php
+++ b/lib/classes/JsonApi/Routes/Institutes/Authority.php
@@ -9,7 +9,7 @@ class Authority
{
public static function canShowInstitute(User $user, Institute $institute): bool
{
- return $GLOBALS['perm']->have_studip_perm('user', $institute->id, $user->id);
+ return $institute->isAccessibleToUser($user->id);
}
/**
diff --git a/lib/classes/JsonApi/Routes/Wiki/Authority.php b/lib/classes/JsonApi/Routes/Wiki/Authority.php
index c9ac7bb..e3a8b8b 100644
--- a/lib/classes/JsonApi/Routes/Wiki/Authority.php
+++ b/lib/classes/JsonApi/Routes/Wiki/Authority.php
@@ -7,13 +7,13 @@ class Authority
/**
* @SuppressWarnings(PHPMD.Superglobals)
*/
- public static function canIndexWiki(\User $user, $range)
+ public static function canIndexWiki(\User $user, \Range $range)
{
if (!($range instanceof \Course || $range instanceof \Institute)) {
return false;
}
- return $GLOBALS['perm']->have_studip_perm('user', $range->id, $user->id);
+ return $range->isAccessibleToUser($user->id);
}
/**
generated by cgit v1.0 at 2026-05-27 06:31:56 +0000