diff options
| author | Moritz Strohm <strohm@data-quest.de> | 2026-02-18 16:23:13 +0100 |
|---|---|---|
| committer | Moritz Strohm <strohm@data-quest.de> | 2026-03-23 10:20:42 +0000 |
| commit | 82b65965e45390d06394ce8f9dbdc8f3b20cfad6 (patch) | |
| tree | 60a986a5e92c361476ebf43a538bf9c50222d08b /app | |
| parent | dda96cbbdf9237d90297ed1559f0a4d27713b2ec (diff) | |
resources/messages/index: check clipboard room permissions before adding their IDs to the list of room-IDsbiest-06274
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/resources/messages.php | 38 |
1 files changed, 26 insertions, 12 deletions
diff --git a/app/controllers/resources/messages.php b/app/controllers/resources/messages.php index ae966e0..f0ba8c9 100644 --- a/app/controllers/resources/messages.php +++ b/app/controllers/resources/messages.php @@ -90,7 +90,14 @@ class Resources_MessagesController extends AuthenticatedController //First validation: - if (empty($this->room_ids)) { + if (!in_array($this->room_selection, ['search', 'clipboard'])) { + PageLayout::postError( + _('Die Raumauswahl ist ungültig!') + ); + return; + } + + if ($this->room_selection === 'search' && empty($this->room_ids)) { if (empty($old_room_id_list)) { PageLayout::postError(_('Sie haben keinen Raum ausgewählt.')); } else { @@ -99,13 +106,6 @@ class Resources_MessagesController extends AuthenticatedController return; } - if (!in_array($this->room_selection, ['search', 'clipboard'])) { - PageLayout::postError( - _('Die Raumauswahl ist ungültig!') - ); - return; - } - if (!in_array($this->recipient_selection, ['permission', 'booking'])) { PageLayout::postError( _('Der Empfängerkreis ist ungültig!') @@ -172,19 +172,33 @@ class Resources_MessagesController extends AuthenticatedController //First we collect all room-IDs, if they are not already there //from the search selection method: + $permission_error = false; if ($this->room_selection == 'clipboard') { $selected_clipboard = Clipboard::find($this->clipboard_id); if ($selected_clipboard) { - $this->room_ids = $selected_clipboard->getAllRangeIds('Room'); + $clipboard_room_ids = $selected_clipboard->getAllRangeIds('Room'); + $this->room_ids = []; + foreach ($clipboard_room_ids as $clipboard_room_id) { + $clipboard_room = Room::find($clipboard_room_id); + if ($clipboard_room && $clipboard_room->userHasPermission($this->current_user)) { + $this->room_ids[] = $clipboard_room_id; + } else { + $permission_error = true; + } + } } } //If we haven't found any rooms here we must stop: if (!$this->room_ids) { - PageLayout::postError( - _('Es konnte keine Raumliste erstellt werden!') - ); + if ($permission_error) { + PageLayout::postError(_('Sie haben an den ausgewählten Räumen nicht die erforderlichen Berechtigungen, um eine Rundmail zu senden.')); + } else { + PageLayout::postError( + _('Es konnte keine Raumliste erstellt werden!') + ); + } return; } |