rework aux lock rules, use sorm model, deprecate old class and let name and description be translatable, fixes #1791

Closes #1791

Merge request studip/studip!1177

6 files changed, 96 insertions, 80 deletions

diff --git a/app/controllers/admin/courses.php b/app/controllers/admin/courses.php
index e832628..7e78aae 100644
--- a/app/controllers/admin/courses.php
+++ b/app/controllers/admin/courses.php
@@ -372,13 +372,7 @@ class Admin_CoursesController extends AuthenticatedController
             ]],
             LockRule::findAllByType('sem')
         ));
-        $this->aux_lock_rules = array_merge(
-            [[
-                'name'    => '--' . _("keine Zusatzangaben") . '--',
-                'lock_id' => 'none'
-            ]],
-            AuxLockRules::getAllLockRules()
-        );
+        $this->aux_lock_rules = AuxLockRule::findBySQL('1 ORDER BY name');
 
 
         //build the sidebar:
diff --git a/app/controllers/admin/specification.php b/app/controllers/admin/specification.php
index 977ec18..819d59b 100644
--- a/app/controllers/admin/specification.php
+++ b/app/controllers/admin/specification.php
@@ -17,6 +17,8 @@
  */
 class Admin_SpecificationController extends AuthenticatedController
 {
+    protected $_autobind = true;
+
     /**
      * Common tasks for all actions.
      */
@@ -41,25 +43,39 @@ class Admin_SpecificationController extends AuthenticatedController
      */
     public function index_action()
     {
-        $this->allrules = AuxLockRules::getAllLockRules();
+        $this->rules = AuxLockRule::findBySQL('1 ORDER BY name');
+
+        Sidebar::Get()->addWidget(new ActionsWidget())->addLink(
+            _('Neue Regel anlegen'),
+            $this->editURL(),
+            Icon::create('add')
+        );
     }
 
     /**
      * Edit or create a rule
-     *
-     * @param string $edit_id
+     * @property AuxLockRule $rule
      */
-    public function edit_action($id = null)
+    public function edit_action(AuxLockRule $rule = null)
     {
-        //get data
-        $user_field            = 'user';
-        $semdata_field         = 'usersemdata';
-        $this->semFields       = AuxLockRules::getSemFields();
-        $this->entries_user    = DataField::getDataFields($user_field);
-        $this->entries_semdata = DataField::getDataFields($semdata_field);
-        $this->rule            = is_null($id) ? false : AuxLockRules::getLockRuleByID($id);
-
-        if ($GLOBALS['perm']->have_perm('root') && count($this->entries_semdata) == 0) {
+        $rule->name = Request::i18n('name', $rule->name);
+        $rule->description = Request::i18n('description', $rule->description);
+        $rule->attributes = Request::optionArray('fields') ?: $rule->attributes;
+        $rule->sorting = Request::getArray('order') ?: $rule->sorting;
+
+        if ($GLOBALS['perm']->have_perm('root')) {
+            Sidebar::Get()->addWidget(new ActionsWidget())->addLink(
+                _('Datenfelder bearbeiten'),
+                URLHelper::getURL('dispatch.php/admin/datafields'),
+                Icon::create('edit')
+            );
+        }
+
+        $this->semFields       = $this->getSemFields();
+        $this->entries_user    = DataField::getDataFields('user');
+        $this->entries_semdata = DataField::getDataFields('usersemdata');
+
+        if ($GLOBALS['perm']->have_perm('root') && count($this->entries_semdata) === 0) {
             PageLayout::postWarning(sprintf(
                 _('Sie müssen zuerst im Bereich %sDatenfelder%s in der Kategorie '
                 . '<em>Datenfelder für Personenzusatzangaben in Veranstaltungen</em> '
@@ -74,51 +90,63 @@ class Admin_SpecificationController extends AuthenticatedController
      * Store or edit Rule
      * @param string $id
      */
-    public function store_action($id = '')
+    public function store_action(AuxLockRule $rule = null)
     {
-        CSRFProtection::verifyRequest();
+        CSRFProtection::verifyUnsafeRequest();
 
         $errors = [];
-        if (!Request::get('rulename')) {
+        if (!trim(Request::get('name'))) {
             $errors[] = _('Bitte geben Sie der Regel mindestens einen Namen!');
         }
-        if (!AuxLockRules::checkLockRule(Request::getArray('fields'))) {
+
+        if (!AuxLockRule::validateFields(Request::optionArray('fields'))) {
             $errors[] = _('Bitte wählen Sie mindestens ein Feld aus der Kategorie "Zusatzinformationen" aus!');
         }
 
-        if (empty($errors)) {
-            if (!$id) {
-                //new
-                AuxLockRules::createLockRule(Request::get('rulename'), Request::get('description'), Request::getArray('fields'), Request::getArray('order'));
-            } else {
-                //edit
-                AuxLockRules::updateLockRule($id, Request::get('rulename'), Request::get('description'), Request::getArray('fields'), Request::getArray('order'));
-            }
-            PageLayout::postSuccess(sprintf(
-                _('Die Regel "%s" wurde erfolgreich gespeichert!'),
-                htmlReady(Request::get('rulename'))
-            ));
-        } else {
+        if ($errors) {
             PageLayout::postError(_('Ihre Eingaben sind ungültig.'), $errors);
-        }
+            $this->keepRequest();
+            $this->redirect($this->editURL($rule));
+        } else {
+            $rule->name = Request::i18n('name');
+            $rule->description = Studip\Markup::purifyHtml(Request::i18n('description'));
+            $rule->attributes = Request::optionArray('fields') ?? [];
+            $rule->sorting = Request::getArray('order') ?? [];
 
-        $this->redirect('admin/specification');
+            if ($rule->store()) {
+                PageLayout::postSuccess(sprintf(
+                    _('Die Regel "%s" wurde erfolgreich gespeichert!'),
+                    htmlReady($rule->name)
+                ));
+            }
+            $this->redirect('admin/specification');
+        }
     }
 
     /**
      * Delete a rule, using a modal dialog
-     *
-     * @param string $rule_id
      */
-    public function delete_action($rule_id)
+    public function delete_action(AuxLockRule $rule)
     {
         CSRFProtection::verifyUnsafeRequest();
-        if (AuxLockRules::deleteLockRule($rule_id)) {
-            PageLayout::postSuccess(_('Die Regel wurde erfolgreich gelöscht!'));
-        } else {
+
+        $result = $rule->delete();
+        if ($result === false) {
             PageLayout::postError(_('Es können nur nicht verwendete Regeln gelöscht werden!'));
+        } elseif ($result > 0) {
+            PageLayout::postSuccess(_('Die Regel wurde erfolgreich gelöscht!'));
         }
 
-        $this->redirect('admin/specification');
+        $this->redirect($this->indexURL());
+    }
+
+    private function getSemFields(): array
+    {
+        return [
+            'vasemester' => _('Semester'),
+            'vanr'       => _('Veranstaltungsnummer'),
+            'vatitle'    => _('Veranstaltungstitel'),
+            'vadozent'   => _('Dozent'),
+        ];
     }
 }
diff --git a/app/controllers/authenticated_controller.php b/app/controllers/authenticated_controller.php
index f50d478..e051ffa 100644
--- a/app/controllers/authenticated_controller.php
+++ b/app/controllers/authenticated_controller.php
@@ -1,8 +1,4 @@
 <?php
-# Lifter007: TODO
-# Lifter003: TODO
-# Lifter010: TODO
-
 /*
  * Copyright (C) 2009 - Marcus Lunzenauer <mlunzena@uos.de>
  *
@@ -16,4 +12,21 @@ class AuthenticatedController extends StudipController
 {
     protected $with_session = true;  //we do need to have a session for this controller
     protected $allow_nobody = false; //nobody is not allowed and always gets a login-screen
+
+    public function before_filter(&$action, &$args)
+    {
+        parent::before_filter($action, $args);
+
+        // Restore request if present
+        if (isset($this->flash['request'])) {
+            foreach ($this->flash['request'] as $key => $value) {
+                Request::set($key, $value);
+            }
+        }
+    }
+
+    protected function keepRequest()
+    {
+        $this->flash['request'] = Request::getInstance()->getIterator()->getArrayCopy();
+    }
 }
diff --git a/app/controllers/consultation/consultation_controller.php b/app/controllers/consultation/consultation_controller.php
index eba81ff..dc7fd6e 100644
--- a/app/controllers/consultation/consultation_controller.php
+++ b/app/controllers/consultation/consultation_controller.php
@@ -26,13 +26,6 @@ abstract class ConsultationController extends AuthenticatedController
             URLHelper::addLinkParam('cid', $this->range->id);
         }
 
-        // Restore request if present
-        if (isset($this->flash['request'])) {
-            foreach ($this->flash['request'] as $key => $value) {
-                Request::set($key, $value);
-            }
-        }
-
         // This defines the function to display a note. Not really a partial,
         // not a controller method. This has no real place...
         $this->displayNote = function ($what, $length = 40, $position = 'above') {
@@ -72,11 +65,6 @@ abstract class ConsultationController extends AuthenticatedController
         return $this->range->getConfiguration()->CONSULTATION_TAB_TITLE;
     }
 
-    protected function keepRequest()
-    {
-        $this->flash['request'] = Request::getInstance()->getIterator()->getArrayCopy();
-    }
-
     /**
      * @param $block_id
      *
diff --git a/app/controllers/course/members.php b/app/controllers/course/members.php
index 16c59a3..ad7d6da 100644
--- a/app/controllers/course/members.php
+++ b/app/controllers/course/members.php
@@ -1330,6 +1330,9 @@ class Course_MembersController extends AuthenticatedController
         $course = Course::findCurrent();
         $member = $course->members->findOneBy('user_id', $GLOBALS['user']->id);
         $this->datafields = $member ? $course->aux->getMemberData($member) : [];
+
+        $this->editable = false;
+
         // We need aux data in the view
         $this->aux = $course->aux;
 
diff --git a/app/controllers/course/overview.php b/app/controllers/course/overview.php
index 0994d54..96e7f5a 100644
--- a/app/controllers/course/overview.php
+++ b/app/controllers/course/overview.php
@@ -87,24 +87,14 @@ class Course_OverviewController extends AuthenticatedController
             $this->show_dozenten = $show_dozenten;
 
             // Check lock rules
-            if (!$GLOBALS["perm"]->have_studip_perm('dozent', $this->course_id)) {
-                $rule = AuxLockRules::getLockRuleBySemId($this->course_id);
-                if (isset($rule)) {
-                    $show = false;
-                    foreach ((array) $rule['attributes'] as $val) {
-                        if ($val == 1) {
-                            // Es gibt also Zusatzangaben. Nun noch überprüfen ob der Nutzer diese Angaben schon gemacht hat...
-                            $count = DataField::countBySql("LEFT JOIN datafields_entries USING (datafield_id) WHERE object_type = ? AND sec_range_id = ? AND range_id = ?",
-                                ['usersemdata', $this->course_id, $GLOBALS['user']->id]
-                            );
-                            if (!$count) {
-                                $show = true;
-                            }
-                            break;
-                        }
-                    }
-
-                    if ($show) {
+            if (!$GLOBALS['perm']->have_studip_perm('dozent', $this->course_id)) {
+                $rule = AuxLockRule::findOneByCourse($this->course);
+                if ($rule && count($rule->attributes) > 0) {
+                    $count = DataField::countBySql("LEFT JOIN datafields_entries USING (datafield_id) WHERE object_type = ? AND sec_range_id = ? AND range_id = ?",
+                        ['usersemdata', $this->course_id, $GLOBALS['user']->id]
+                    );
+
+                    if ($count === 0) {
                         PageLayout::postInfo(
                             _("Sie haben noch nicht die für diese Veranstaltung benötigten Zusatzinformationen eingetragen."),
                             [