EvaluationHelper; template access check

author: Finn Schneider <schneider@data-quest.de> 2026-02-23 16:25:01 +0100
committer: Finn Schneider <schneider@data-quest.de> 2026-03-13 17:25:01 +0000
commit: d553fa9ecd91eb8e07846bbb73a2d8dbe0b45f9a (patch)
tree: 453d6d8c0caa56ec9b5c288f229fe09be4bc484a
parent: 270280accaf5d54cccafabe03096a8ab8051c051 (diff)
7 files changed, 25 insertions, 26 deletions
diff --git a/app/controllers/evaluation/archive.php b/app/controllers/evaluation/archive.php
index 025c5bc..1028fc6 100644
--- a/app/controllers/evaluation/archive.php
+++ b/app/controllers/evaluation/archive.php
@@ -4,10 +4,7 @@ class Evaluation_ArchiveController extends AuthenticatedController
     public function before_filter(&$action, &$args)
     {
         parent::before_filter($action, $args);
-        $current_user = User::findCurrent();
-        if (!(($current_user->hasPermissionLevel('root') ||
-                $current_user->hasRole('Zentraler Evaluationsadmin')) &&
-            PluginManager::getInstance()->getPlugin(CoreEvaluation::class))) {
+        if (!EvaluationHelper::isPermittedEvaluationAccess()) {
             throw new AccessDeniedException();
         }
     }
diff --git a/app/controllers/evaluation/pool.php b/app/controllers/evaluation/pool.php
index 2cdf6eb..45da072 100644
--- a/app/controllers/evaluation/pool.php
+++ b/app/controllers/evaluation/pool.php
@@ -4,10 +4,7 @@ class Evaluation_PoolController extends AuthenticatedController
     public function before_filter(&$action, &$args)
     {
         parent::before_filter($action, $args);
-        $current_user = User::findCurrent();
-        if (!(($current_user->hasPermissionLevel('root') ||
-                $current_user->hasRole('Zentraler Evaluationsadmin')) &&
-            PluginManager::getInstance()->getPlugin(CoreEvaluation::class))) {
+        if (!EvaluationHelper::isPermittedEvaluationAccess()) {
             throw new AccessDeniedException();
         }
     }
diff --git a/app/controllers/evaluation/profiles.php b/app/controllers/evaluation/profiles.php
index a240ef6..e79e61d 100644
--- a/app/controllers/evaluation/profiles.php
+++ b/app/controllers/evaluation/profiles.php
@@ -4,10 +4,7 @@ class Evaluation_ProfilesController extends AuthenticatedController
     public function before_filter(&$action, &$args)
     {
         parent::before_filter($action, $args);
-        $current_user = User::findCurrent();
-        if (!(($current_user->hasPermissionLevel('root') ||
-            $current_user->hasRole('Zentraler Evaluationsadmin')) &&
-            PluginManager::getInstance()->getPlugin(CoreEvaluation::class))) {
+        if (!EvaluationHelper::isPermittedEvaluationAccess()) {
             throw new AccessDeniedException();
         }
     }
diff --git a/app/controllers/questionnaire.php b/app/controllers/questionnaire.php
index 019e22f..40cc119 100644
--- a/app/controllers/questionnaire.php
+++ b/app/controllers/questionnaire.php
@@ -173,8 +173,11 @@ class QuestionnaireController extends AuthenticatedController
             ? $questionnaire_data['stopdate']
             : null;
         $this->questionnaire['is_template'] = $questionnaire_data['is_template'] ?? 0;
-        if(!$this->questionnaire->template_is_enabled && $this->questionnaire->is_template) {
-            $this->questionnaire['template_is_enabled'] = 0;
+        if ($this->questionnaire->is_template) {
+            if (!EvaluationHelper::isPermittedEvaluationAccess()) {
+                throw new Exception(_('Sie haben keine Berechtigung, Vorlagen anzulegen.'));
+            }
+            if (!$this->questionnaire->template_is_enabled) $this->questionnaire['template_is_enabled'] = 0;
         }
 
         $this->questionnaire['user_id'] = User::findCurrent()->id;
diff --git a/lib/classes/EvaluationHelper.php b/lib/classes/EvaluationHelper.php
new file mode 100644
index 0000000..d6f060b
--- /dev/null
+++ b/lib/classes/EvaluationHelper.php
@@ -0,0 +1,14 @@
+<?php
+
+class EvaluationHelper
+{
+    public static function isPermittedEvaluationAccess(): bool
+    {
+        $user = User::findCurrent();
+        return
+            PluginManager::getInstance()->getPlugin(CoreEvaluation::class) &&
+            isset($user) &&
+            ($user->hasPermissionLevel('root') ||
+                $user->hasRole('Zentraler Evaluationsadmin'));
+    }
+}
diff --git a/lib/models/Questionnaire.php b/lib/models/Questionnaire.php
index 8c0a4ad..14478ca 100644
--- a/lib/models/Questionnaire.php
+++ b/lib/models/Questionnaire.php
@@ -156,13 +156,8 @@ class Questionnaire extends SimpleORMap implements PrivacyObject
 
     public function isEditable()
     {
-        $current_user = User::findCurrent();
         if($this->is_template) {
-            if(PluginManager::getInstance()->getPlugin(CoreEvaluation::class) &&
-                isset($current_user) &&
-                ($current_user->hasPermissionLevel('root') ||
-                    $current_user->hasRole('Zentraler Evaluationsadmin'))) {
-
+            if(EvaluationHelper::isPermittedEvaluationAccess()) {
                     return !count(QuestionnaireEvalAssignment::findBySQL("
                         `startdate` <= UNIX_TIMESTAMP() AND `template_id` = ?
                     ", [$this->id]));
@@ -199,8 +194,7 @@ class Questionnaire extends SimpleORMap implements PrivacyObject
     public function isCopyable()
     {
         if ($this->is_template) {
-            return User::findCurrent()->hasPermissionLevel('root') ||
-                User::findCurrent()->hasRole('Zentraler Evaluationsadmin');
+            return EvaluationHelper::isPermittedEvaluationAccess();
         }
         return ($this->copyable && $GLOBALS['perm']->have_perm('autor') && $this->isViewable()) || $this->isEditable();
     }
diff --git a/lib/navigation/StudipNavigation.php b/lib/navigation/StudipNavigation.php
index 5f23a01..43961f1 100644
--- a/lib/navigation/StudipNavigation.php
+++ b/lib/navigation/StudipNavigation.php
@@ -152,10 +152,7 @@ class StudipNavigation extends Navigation
         $this->addSubNavigation('login', new LoginNavigation(_('Login')));
 
         // evaluation page
-        if (PluginManager::getInstance()->getPlugin(CoreEvaluation::class) &&
-            isset($current_user) &&
-            ($current_user->hasPermissionLevel('root') ||
-                $current_user->hasRole('Zentraler Evaluationsadmin'))) {
+        if (EvaluationHelper::isPermittedEvaluationAccess()) {
             $this->addSubNavigation('evaluation', new EvaluationNavigation());
         }
     }
author	Finn Schneider <schneider@data-quest.de>	2026-02-23 16:25:01 +0100
committer	Finn Schneider <schneider@data-quest.de>	2026-03-13 17:25:01 +0000
commit	d553fa9ecd91eb8e07846bbb73a2d8dbe0b45f9a (patch)
tree	453d6d8c0caa56ec9b5c288f229fe09be4bc484a
parent	270280accaf5d54cccafabe03096a8ab8051c051 (diff)