Resolve #5008 "PHPLib - Öffentliche Belegungspläne gehen nicht"

Closes #5008 Merge request studip/studip!3799
author: André Noack <noack@data-quest.de> 2025-01-03 09:23:36 +0000
committer: André Noack <noack@data-quest.de> 2025-01-03 09:23:36 +0000
commit: 373b28b6dc7fd66fb42cc050f733d8b95ca856a7 (patch)
tree: ab35c972b6729158a3765fe8ccd0fdeb839255ae /app
parent: 1b7714d21faf23d83cd458fa5eff9939470e3a65 (diff)
2 files changed, 11 insertions, 8 deletions
diff --git a/app/controllers/resources/room_planning.php b/app/controllers/resources/room_planning.php
index 37e9193..6d6c922 100644
--- a/app/controllers/resources/room_planning.php
+++ b/app/controllers/resources/room_planning.php
@@ -22,11 +22,13 @@
  */
 class Resources_RoomPlanningController extends AuthenticatedController
 {
+    protected $allow_nobody = true;
+
     public function before_filter(&$action, &$args)
     {
         $anonymous_actions = ['booking_plan', 'anonymous_booking_plan_data'];
-        if (in_array($action, $anonymous_actions)) {
-            $this->allow_nobody = true;
+        if (!in_array($action, $anonymous_actions) && $GLOBALS['user']->id === 'nobody') {
+            throw new AccessDeniedException();
         }
         parent::before_filter($action, $args);
     }
diff --git a/app/controllers/room_management/overview.php b/app/controllers/room_management/overview.php
index e9bae53..de50457 100644
--- a/app/controllers/room_management/overview.php
+++ b/app/controllers/room_management/overview.php
@@ -26,14 +26,12 @@
  */
 class RoomManagement_OverviewController extends AuthenticatedController
 {
+    protected $allow_nobody = true;
+
     public function before_filter(&$action, &$args)
     {
-        if ($action === 'public_booking_plans') {
-            if (Config::get()->RESOURCES_SHOW_PUBLIC_ROOM_PLANS) {
-                $this->allow_nobody = true;
-            } else {
-                throw new AccessDeniedException();
-            }
+        if ($action !== 'public_booking_plans' && $GLOBALS['user']->id === 'nobody') {
+            throw new AccessDeniedException();
         }
         parent::before_filter($action, $args);
 
@@ -434,6 +432,9 @@ class RoomManagement_OverviewController extends AuthenticatedController
      */
     public function public_booking_plans_action()
     {
+        if (!Config::get()->RESOURCES_SHOW_PUBLIC_ROOM_PLANS) {
+            throw new AccessDeniedException();
+        }
         if (Navigation::hasItem('/resources/overview/public_booking_plans')) {
             Navigation::activateItem('/resources/overview/public_booking_plans');
         }
author	André Noack <noack@data-quest.de>	2025-01-03 09:23:36 +0000
committer	André Noack <noack@data-quest.de>	2025-01-03 09:23:36 +0000
commit	373b28b6dc7fd66fb42cc050f733d8b95ca856a7 (patch)
tree	ab35c972b6729158a3765fe8ccd0fdeb839255ae /app
parent	1b7714d21faf23d83cd458fa5eff9939470e3a65 (diff)