diff options
| author | André Noack <noack@data-quest.de> | 2025-01-03 09:23:36 +0000 |
|---|---|---|
| committer | André Noack <noack@data-quest.de> | 2025-01-03 09:23:36 +0000 |
| commit | 373b28b6dc7fd66fb42cc050f733d8b95ca856a7 (patch) | |
| tree | ab35c972b6729158a3765fe8ccd0fdeb839255ae /app/controllers/resources | |
| parent | 1b7714d21faf23d83cd458fa5eff9939470e3a65 (diff) | |
Resolve #5008 "PHPLib - Öffentliche Belegungspläne gehen nicht"
Closes #5008
Merge request studip/studip!3799
Diffstat (limited to 'app/controllers/resources')
| -rw-r--r-- | app/controllers/resources/room_planning.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/app/controllers/resources/room_planning.php b/app/controllers/resources/room_planning.php index 37e9193..6d6c922 100644 --- a/app/controllers/resources/room_planning.php +++ b/app/controllers/resources/room_planning.php @@ -22,11 +22,13 @@ */ class Resources_RoomPlanningController extends AuthenticatedController { + protected $allow_nobody = true; + public function before_filter(&$action, &$args) { $anonymous_actions = ['booking_plan', 'anonymous_booking_plan_data']; - if (in_array($action, $anonymous_actions)) { - $this->allow_nobody = true; + if (!in_array($action, $anonymous_actions) && $GLOBALS['user']->id === 'nobody') { + throw new AccessDeniedException(); } parent::before_filter($action, $args); } |