diff options
| author | Philipp Schüttlöffel <schuettloeffel@zqs.uni-hannover.de> | 2024-09-24 10:53:31 +0200 |
|---|---|---|
| committer | Philipp Schüttlöffel <schuettloeffel@zqs.uni-hannover.de> | 2024-09-24 10:53:31 +0200 |
| commit | 4459dd7917f4d1c34f40bb68f0e991e9c3d53e4c (patch) | |
| tree | 5c07151ae61276d334e88f6309c30d439a85c12e /app/controllers/admission | |
| parent | da0022e5c1abbf9825ae76debaabdff7e8623bb4 (diff) | |
| parent | 97a188592c679890a25c37ab78463add76a52ff7 (diff) | |
Merge branch 'main' into issue-3911issue-3911
Diffstat (limited to 'app/controllers/admission')
| -rw-r--r-- | app/controllers/admission/courseset.php | 48 |
1 files changed, 29 insertions, 19 deletions
diff --git a/app/controllers/admission/courseset.php b/app/controllers/admission/courseset.php index b39cdfb..65d4247 100644 --- a/app/controllers/admission/courseset.php +++ b/app/controllers/admission/courseset.php @@ -23,18 +23,17 @@ class Admission_CoursesetController extends AuthenticatedController { parent::before_filter($action, $args); - if (!Request::isXhr()) { - PageLayout::setTitle(_('Anmeldesets')); - // Get only own courses if user doesn't have permission to edit institute-wide coursesets. - $this->onlyOwnCourses = true; - if ($GLOBALS['perm']->have_perm('admin') || ($GLOBALS['perm']->have_perm('dozent') && Config::get()->ALLOW_DOZENT_COURSESET_ADMIN)) { - // We have access to institute-wide course sets, so all courses may be assigned. - $this->onlyOwnCourses = false; - Navigation::activateItem('/browse/coursesets/sets'); - } else { - throw new AccessDeniedException(); - } + PageLayout::setTitle(_('Anmeldesets')); + // Get only own courses if user doesn't have permission to edit institute-wide coursesets. + $this->onlyOwnCourses = true; + if ($GLOBALS['perm']->have_perm('admin') || ($GLOBALS['perm']->have_perm('dozent') && Config::get()->ALLOW_DOZENT_COURSESET_ADMIN)) { + // We have access to institute-wide course sets, so all courses may be assigned. + $this->onlyOwnCourses = false; + Navigation::activateItem('/browse/coursesets/sets'); + } else { + throw new AccessDeniedException(); } + PageLayout::addScript('studip-admission.js'); $views = new ActionsWidget(); @@ -44,6 +43,7 @@ class Admission_CoursesetController extends AuthenticatedController Icon::create('add') )->setActive($action === 'configure'); Sidebar::Get()->addWidget($views); + if (!isset($this->instant_course_set_view)) { $this->instant_course_set_view = false; } @@ -327,15 +327,19 @@ class Admission_CoursesetController extends AuthenticatedController * * @param String $coursesetId the course set to delete */ - public function delete_action($coursesetId) { + public function delete_action($coursesetId) + { $this->courseset = new CourseSet($coursesetId); - if (Request::int('really')) { - $this->courseset->delete(); - $this->redirect($this->url_for('admission/courseset')); + + if (!$this->courseset->isUserAllowedToEdit(User::findCurrent()->id)) { + throw new AccessDeniedException(_('Sie dürfen diese Anmelderegel nicht löschen.')); } - if (Request::int('cancel')) { - $this->redirect($this->url_for('admission/courseset')); + + if (Request::bool('really')) { + $this->courseset->delete(); } + + $this->redirect($this->url_for('admission/courseset')); } /** @@ -757,11 +761,17 @@ class Admission_CoursesetController extends AuthenticatedController $ids = Request::optionArray('ids'); if (Request::submitted('delete')) { + $deleted = 0; foreach ($ids as $id) { $courseset = new CourseSet($id); - $courseset->delete(); + if ($courseset->isUserAllowedToEdit(User::findCurrent()->id)) { + $courseset->delete(); + $deleted += 1; + } + } + if ($deleted > 0) { + PageLayout::postSuccess(_('Die Anmeldesets wurden gelöscht.')); } - PageLayout::postSuccess(_('Die Anmeldesets wurden gelöscht.')); } $this->redirect('admission/courseset'); |