diff options
| author | Jan-Hendrik Willms <tleilax+studip@gmail.com> | 2026-03-20 13:18:46 +0100 |
|---|---|---|
| committer | Jan-Hendrik Willms <tleilax+studip@gmail.com> | 2026-03-20 13:18:46 +0100 |
| commit | dda96cbbdf9237d90297ed1559f0a4d27713b2ec (patch) | |
| tree | 1b7a06c49019c914c784e66d6232ccfd344777ae | |
| parent | e5799a831d716a0bc242d26e9ea45c1f17716a1b (diff) | |
set allow_nobody on resources' ajax controller for get_booking_plan action, fixes #6269
Closes #6269
Merge request studip/studip!4739
| -rw-r--r-- | app/controllers/resources/ajax.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/app/controllers/resources/ajax.php b/app/controllers/resources/ajax.php index 8b771b3..a594b11 100644 --- a/app/controllers/resources/ajax.php +++ b/app/controllers/resources/ajax.php @@ -14,6 +14,17 @@ class Resources_AjaxController extends AuthenticatedController { + protected $allow_nobody = true; + + public function before_filter(&$action, &$args) + { + if ($action !== 'get_booking_plan') { + throw new LoginException(); + } + + parent::before_filter($action, $args); + } + public function toggle_marked_action($request_id) { $request = ResourceRequest::find($request_id); |