Resolve #5090 "Übrig gebliebene Verwendung von $GLOBALS['auth'] entfernen"

Closes #5090

Merge request studip/studip!3804

9 files changed, 29 insertions, 15 deletions

diff --git a/app/controllers/api/oauth2/authorize.php b/app/controllers/api/oauth2/authorize.php
index 6387937..fe33682 100644
--- a/app/controllers/api/oauth2/authorize.php
+++ b/app/controllers/api/oauth2/authorize.php
@@ -24,7 +24,9 @@ class Api_Oauth2_AuthorizeController extends OAuth2Controller
         $method = $this->getMethod();
 
         if (Request::submitted('auth_token')) {
-            $GLOBALS['auth']->login_if('nobody' === $GLOBALS['user']->id);
+            if ('nobody' === $GLOBALS['user']->id) {
+                throw new LoginException();
+            }
             CSRFProtection::verifyUnsafeRequest();
 
             switch ($method) {
@@ -59,7 +61,9 @@ class Api_Oauth2_AuthorizeController extends OAuth2Controller
 
             return;
         } else {
-            $GLOBALS['auth']->login_if('nobody' === $GLOBALS['user']->id);
+            if ('nobody' === $GLOBALS['user']->id) {
+                throw new LoginException();
+            }
         }
 
         $this->client = $client;
diff --git a/app/controllers/course/forum/index.php b/app/controllers/course/forum/index.php
index 9be214e..6eafcd5 100644
--- a/app/controllers/course/forum/index.php
+++ b/app/controllers/course/forum/index.php
@@ -832,7 +832,7 @@ class Course_Forum_IndexController extends ForumController
     public function rescue($exception)
     {
         if ($exception instanceof AccessDeniedException) {
-            $GLOBALS['auth']->login_if($GLOBALS['user']->id === 'nobody');
+            throw new LoginException();
         }
 
         return parent::rescue($exception);
diff --git a/app/controllers/course/ilias_interface.php b/app/controllers/course/ilias_interface.php
index 4f45397..492ae80 100644
--- a/app/controllers/course/ilias_interface.php
+++ b/app/controllers/course/ilias_interface.php
@@ -47,7 +47,7 @@ class Course_IliasInterfaceController extends AuthenticatedController
         $this->seminar_id = Context::getId();
         $this->edit_permission = $GLOBALS['perm']->have_studip_perm('tutor', $this->seminar_id);
         $this->author_permission = false;
-        $this->change_course_permission = $GLOBALS['auth']->auth["perm"] == "root" || ($GLOBALS['perm']->have_studip_perm('tutor', $this->seminar_id) && !empty($this->ilias_interface_config['allow_change_course']));
+        $this->change_course_permission = $GLOBALS['perm']->have_perm('root') || ($GLOBALS['perm']->have_studip_perm('tutor', $this->seminar_id) && !empty($this->ilias_interface_config['allow_change_course']));
         $this->add_own_course_permission = $GLOBALS['perm']->have_studip_perm('tutor', $this->seminar_id) && !empty($this->ilias_interface_config['allow_add_own_course']);
         $this->course_permission = $GLOBALS['perm']->have_studip_perm('tutor', $this->seminar_id);
 
diff --git a/app/controllers/new_password.php b/app/controllers/new_password.php
index 956bc5c..baa9e62 100644
--- a/app/controllers/new_password.php
+++ b/app/controllers/new_password.php
@@ -19,7 +19,7 @@ class NewPasswordController extends StudipController
             return;
         }
 
-        if ($GLOBALS['auth'] && $GLOBALS['auth']->auth["uid"] != "nobody") {
+        if (User::findCurrent()) {
             PageLayout::postError(_("Sie können kein neues Passwort anfordern, wenn Sie bereits eingeloggt sind."));
             $this->redirect('start');
             return;
diff --git a/app/controllers/news.php b/app/controllers/news.php
index 4b9eb60..29472c2 100644
--- a/app/controllers/news.php
+++ b/app/controllers/news.php
@@ -436,9 +436,6 @@ class NewsController extends StudipController
     public function admin_news_action($area_type = '')
     {
         // check permission
-        if (!$GLOBALS['auth']->is_authenticated() || $GLOBALS['user']->id === 'nobody') {
-            throw new AccessDeniedException();
-        }
         $GLOBALS['perm']->check('user');
 
         // initialize
diff --git a/lib/classes/Context.php b/lib/classes/Context.php
index e7b2e01..1bc2623 100644
--- a/lib/classes/Context.php
+++ b/lib/classes/Context.php
@@ -200,11 +200,11 @@ class Context
      *
      * @param string $id
      *
-     * @throws AccessDeniedException
+     * @throws AccessDeniedException|LoginException
      */
     public static function set($id)
     {
-        global $perm, $auth;
+        global $perm;
 
         self::close();
         self::loadContext($id);
@@ -226,7 +226,9 @@ class Context
             if (!$perm->get_studip_perm($course['Seminar_id'])) {
                 if ($course['lesezugriff'] > 0 || !Config::get()->ENABLE_FREE_ACCESS) {
                     // redirect to login page if user is not logged in
-                    $auth->login_if($auth->auth['uid'] === 'nobody');
+                    if (!User::findCurrent()) {
+                        throw new LoginException();
+                    }
 
                     if (!$perm->get_studip_perm($course['Seminar_id'])) {
                         throw new AccessDeniedException();
@@ -257,7 +259,9 @@ class Context
                        && !$perm->have_perm('user');
             if ($no_access) {
                 // redirect to login page if user is not logged in
-                $auth->login_if($auth->auth['uid'] === 'nobody');
+                if (!User::findCurrent()) {
+                    throw new LoginException();
+                }
 
                 if (!$perm->have_perm('user')) {
                     throw new AccessDeniedException();
diff --git a/lib/functions.php b/lib/functions.php
index 29264fb..d03c266 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -1123,7 +1123,10 @@ function studip_default_exception_handler($exception) {
         $status = 403;
         $template = 'check_object_exception';
     } elseif ($exception instanceof LoginException) {
-
+        $_SESSION['redirect_after_login'] = Request::url();
+        sess()->save();
+        header('Location: ' . URLHelper::getScriptURL('dispatch.php/login'));
+        exit;
     } else {
         if ($exception instanceOf Trails\Exception) {
             $status = $exception->getCode();
diff --git a/lib/middleware/SeminarOpenMiddleware.php b/lib/middleware/SeminarOpenMiddleware.php
index 20d7f9e..13c4f5f 100644
--- a/lib/middleware/SeminarOpenMiddleware.php
+++ b/lib/middleware/SeminarOpenMiddleware.php
@@ -154,7 +154,13 @@ final class SeminarOpenMiddleware implements MiddlewareInterface
         // This also binds Context::getId()
         // to the URL parameter 'cid' for all generated links.
         if (isset($course_id)) {
-            \Context::set($course_id);
+            try {
+                \Context::set($course_id);
+            } catch (\LoginException $e) {
+                $response = $this->response_factory->createResponse(302);
+                $_SESSION['redirect_after_login'] = \Request::url();
+                return $response->withHeader('Location', \URLHelper::getURL('dispatch.php/login'));
+            }
             unset($course_id);
         }
 
diff --git a/lib/showNews.inc.php b/lib/showNews.inc.php
index 1a52d63..a63529a 100644
--- a/lib/showNews.inc.php
+++ b/lib/showNews.inc.php
@@ -56,7 +56,7 @@ function delete_news($delete_news_array)
                         _('Ankündigung "%s" wurde gelöscht.'),
                         htmlReady((string) $delete_news->topic)
                     ));
-                    if ($delete_news->getValue('user_id') != $GLOBALS['auth']->auth['uid']) {
+                    if ($delete_news->getValue('user_id') !== $GLOBALS['user']->id) {
                         setTempLanguage($delete_news->getValue('user_id'));
                         $msg = sprintf(
                                 _('Ihre Ankündigung "%s" wurde von der Administration gelöscht!.'),