diff options
| author | Moritz Strohm <strohm@data-quest.de> | 2025-09-22 10:48:50 +0000 |
|---|---|---|
| committer | Moritz Strohm <strohm@data-quest.de> | 2025-09-22 10:48:50 +0000 |
| commit | a95d1763d2170867e35ebf80870d6c77c88acfa8 (patch) | |
| tree | 1b2bd23a0d0561062f0ca29c2d42d47e59ace8d7 | |
| parent | ff187a1c0244c6f3f1703799a7a69f9145856333 (diff) | |
made requests visible in anonymous form for everyone, closes #5801
Closes #5801
Merge request studip/studip!4425
| -rw-r--r-- | app/controllers/resources/ajax.php | 6 | ||||
| -rw-r--r-- | app/controllers/resources/room_planning.php | 25 | ||||
| -rw-r--r-- | lib/models/resources/ResourceRequest.php | 7 |
3 files changed, 6 insertions, 32 deletions
diff --git a/app/controllers/resources/ajax.php b/app/controllers/resources/ajax.php index ebe0e10..18b3b4d 100644 --- a/app/controllers/resources/ajax.php +++ b/app/controllers/resources/ajax.php @@ -328,16 +328,10 @@ class Resources_AjaxController extends AuthenticatedController throw new AccessDeniedException(); } } - $user_is_resource_user = $current_user && $resource->userHasPermission($current_user); $display_requests = $current_user && Request::bool('display_requests'); $display_all_requests = Request::bool('display_all_requests'); - if ($display_all_requests && !$user_is_resource_user) { - //The user is not allowed to see all requests. - throw new AccessDeniedException(); - } - $begin_date = Request::get('start'); $end_date = Request::get('end'); if (!$begin_date || !$end_date) { diff --git a/app/controllers/resources/room_planning.php b/app/controllers/resources/room_planning.php index d90aa4a..b06e166 100644 --- a/app/controllers/resources/room_planning.php +++ b/app/controllers/resources/room_planning.php @@ -142,10 +142,7 @@ class Resources_RoomPlanningController extends AuthenticatedController if ($this->resource->requestable) { $this->display_all_requests = Request::bool( 'display_all_requests', - $this->resource->userHasPermission( - $this->user, - 'autor' - ) + Config::get()->RESOURCES_ALLOW_ROOM_REQUESTS ); } else { $this->display_all_requests = false; @@ -161,23 +158,12 @@ class Resources_RoomPlanningController extends AuthenticatedController ResourceBooking::TYPE_RESERVATION, ResourceBooking::TYPE_LOCK, ]; + $plan_is_visible = $this->resource->bookingPlanVisibleForUser($this->user); if ($this->user instanceof User) { - if ($this->display_all_requests) { - $plan_is_visible = $this->resource->userHasPermission( - $this->user, - 'autor' - ); - } else { - $plan_is_visible = $this->resource->bookingPlanVisibleForUser($this->user); - } $this->anonymous_view = false; if ($this->resource->userHasPermission($this->user, 'admin')) { $this->booking_types[] = ResourceBooking::TYPE_PLANNED; } - } else { - //If the plan visibility cannot be determined by the user, - //we can still check if the plan is visible to the public: - $plan_is_visible = $this->resource->bookingPlanVisibleForUser($this->user); } if (!$plan_is_visible) { throw new AccessDeniedException( @@ -192,13 +178,6 @@ class Resources_RoomPlanningController extends AuthenticatedController $this->user_has_booking_permissions = $this->resource->userHasBookingRights($this->user); } - if (!$this->user_has_booking_permissions && $this->display_all_requests) { - throw new AccessDeniedException( - _('Sie sind nicht dazu berechtigt, alle Anfragen im Belegungsplan zu sehen!') - ); - } - - $week_timestamp = Request::int('timestamp'); $default_date = Request::get('defaultDate'); $this->date = new DateTime(); diff --git a/lib/models/resources/ResourceRequest.php b/lib/models/resources/ResourceRequest.php index 7cdf18c..2d08ee7 100644 --- a/lib/models/resources/ResourceRequest.php +++ b/lib/models/resources/ResourceRequest.php @@ -2294,6 +2294,7 @@ class ResourceRequest extends SimpleORMap implements PrivacyObject, Studip\Calen $booking_plan_preparation_fg = ColourValue::find('Resources.BookingPlan.PreparationTime.Fg'); $user_is_resource_autor = false; + $user_is_resource_user = $this->resource->userHasPermission($user); if ($this->resource_id && $this->resource instanceof Resource) { $user_is_resource_autor = $this->resource->userHasPermission( $user, @@ -2348,7 +2349,7 @@ class ResourceRequest extends SimpleORMap implements PrivacyObject, Studip\Calen $events[] = new Studip\Calendar\EventData( $begin, $end, - _('Rüstzeit'), + $user_is_resource_user ? _('Rüstzeit') : '', ['preparation-time'], $booking_plan_preparation_fg->__toString(), $booking_plan_preparation_bg->__toString(), @@ -2372,7 +2373,7 @@ class ResourceRequest extends SimpleORMap implements PrivacyObject, Studip\Calen $events[] = new Studip\Calendar\EventData( $begin, $end, - _('Rüstzeit'), + $user_is_resource_user ? _('Rüstzeit') : '', ['preparation-time'], $booking_plan_preparation_fg->__toString(), $booking_plan_preparation_bg->__toString(), @@ -2396,7 +2397,7 @@ class ResourceRequest extends SimpleORMap implements PrivacyObject, Studip\Calen $events[] = new Studip\Calendar\EventData( $begin, $end, - $this->getRangeName(), + $user_is_resource_user ? $this->getRangeName() : '', ['resource-request'], $booking_plan_request_fg->__toString(), $booking_plan_request_bg->__toString(), |