Resolve "Forum in freien Veranstaltungen sind nicht aufrufbar"issue-5760

Closes #5699

Merge request studip/studip!4371

5 files changed, 58 insertions, 24 deletions

diff --git a/lib/classes/JsonApi/RouteMap.php b/lib/classes/JsonApi/RouteMap.php
index 235f4b6..47bd666 100644
--- a/lib/classes/JsonApi/RouteMap.php
+++ b/lib/classes/JsonApi/RouteMap.php
@@ -169,6 +169,7 @@ class RouteMap
         }
 
         $this->addUnauthenticatedTreeRoutes($group);
+        $this->addUnAuthenticatedForumRoutes($group);
     }
 
     private function getAuthenticator(): callable
@@ -675,44 +676,31 @@ class RouteMap
     {
         $group->group('/courses/{range_id}', function ($forum) {
             $forum->get('/forum-configs', Routes\Forum\ConfigIndex::class);
-            $forum->get('/forum-categories', Routes\Forum\CategoryIndex::class);
-            $forum->get('/forum-discussions', Routes\Forum\DiscussionIndex::class);
-            $forum->get('/forum-topics', Routes\Forum\TopicIndex::class);
             $forum->get('/forum-subscriptions', Routes\Forum\SubscriptionIndex::class);
         });
 
-        $group->group('/forum-subscriptions', function ($forum) {
-            $forum->post('', Routes\Forum\SubscriptionStore::class);
-            $forum->get('/{subscription_id}', Routes\Forum\SubscriptionShow::class);
-            $forum->delete('/{subscription_id}', Routes\Forum\SubscriptionDelete::class);
-        });
-
         $group->group('/forum-topics', function ($forum) {
-            $forum->get('/{topic_id}', Routes\Forum\TopicShow::class);
-            $forum->get('/{topic_id}/discussions', Routes\Forum\TopicDiscussions::class);
             $forum->patch('/sort', Routes\Forum\TopicUpdateSort::class);
         });
 
         $group->group('/forum-categories', function ($forum) {
-            $forum->get('/{category_id}', Routes\Forum\CategoryShow::class);
-            $forum->get('/{category_id}/topics', Routes\Forum\CategoryTopics::class);
             $forum->patch('/sort', Routes\Forum\CategoryUpdateSort::class);
         });
 
+        $group->group('/forum-subscriptions', function ($forum) {
+            $forum->post('', Routes\Forum\SubscriptionStore::class);
+            $forum->get('/{subscription_id}', Routes\Forum\SubscriptionShow::class);
+            $forum->delete('/{subscription_id}', Routes\Forum\SubscriptionDelete::class);
+        });
+
         $group->group('/forum-discussion-types', function ($forum) {
             $forum->get('', Routes\Forum\DiscussionTypeIndex::class);
             $forum->get('/{type_id}', Routes\Forum\DiscussionTypeShow::class);
         });
 
-        $group->group('/forum-discussions', function ($forum) {
-            $forum->get('/{discussion_id}', Routes\Forum\DiscussionShow::class);
-            $forum->get('/{discussion_id}/postings', Routes\Forum\DiscussionPostings::class);
-        });
-
         $group->group('/forum-postings', function ($forum) {
             $forum->post('', Routes\Forum\PostingStore::class);
             $forum->get('/{posting_id}', Routes\Forum\PostingShow::class);
-            $forum->get('/{posting_id}/reactions', Routes\Forum\PostingReactions::class);
             $forum->patch('/{posting_id}', Routes\Forum\PostingUpdate::class);
             $forum->delete('/{posting_id}', Routes\Forum\PostingDelete::class);
         });
@@ -724,6 +712,34 @@ class RouteMap
         });
     }
 
+    private function addUnAuthenticatedForumRoutes(RouteCollectorProxy $group): void
+    {
+        $group->group('/courses/{range_id}', function ($forum) {
+            $forum->get('/forum-categories', Routes\Forum\CategoryIndex::class);
+            $forum->get('/forum-discussions', Routes\Forum\DiscussionIndex::class);
+            $forum->get('/forum-topics', Routes\Forum\TopicIndex::class);
+        });
+
+        $group->group('/forum-topics', function ($forum) {
+            $forum->get('/{topic_id}', Routes\Forum\TopicShow::class);
+            $forum->get('/{topic_id}/discussions', Routes\Forum\TopicDiscussions::class);
+        });
+
+        $group->group('/forum-categories', function ($forum) {
+            $forum->get('/{category_id}', Routes\Forum\CategoryShow::class);
+            $forum->get('/{category_id}/topics', Routes\Forum\CategoryTopics::class);
+        });
+
+        $group->group('/forum-discussions', function ($forum) {
+            $forum->get('/{discussion_id}', Routes\Forum\DiscussionShow::class);
+            $forum->get('/{discussion_id}/postings', Routes\Forum\DiscussionPostings::class);
+        });
+
+        $group->group('/forum-postings', function ($forum) {
+            $forum->get('/{posting_id}/reactions', Routes\Forum\PostingReactions::class);
+        });
+    }
+
     private function addAuthenticatedStockImagesRoutes(RouteCollectorProxy $group): void
     {
         $group->get('/stock-images', Routes\StockImages\StockImagesIndex::class);
diff --git a/lib/classes/JsonApi/Routes/Forum/DiscussionPostings.php b/lib/classes/JsonApi/Routes/Forum/DiscussionPostings.php
index 8b64021..b40e4c4 100644
--- a/lib/classes/JsonApi/Routes/Forum/DiscussionPostings.php
+++ b/lib/classes/JsonApi/Routes/Forum/DiscussionPostings.php
@@ -40,7 +40,9 @@ class DiscussionPostings extends JsonApiController
 
         $postings = $discussion->postings ?? \SimpleORMapCollection::createFromArray([]);
 
-        PostingRead::updateUserReadPoint($user->user_id, $discussion->discussion_id, count($postings));
+        if ($user) {
+            PostingRead::updateUserReadPoint($user->user_id, $discussion->discussion_id, count($postings));
+        }
 
         return $this->getPaginatedContentResponse(
             $postings->limit(...$this->getOffsetAndLimit()),
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumAuthority.php b/lib/classes/JsonApi/Routes/Forum/ForumAuthority.php
new file mode 100644
index 0000000..0a0017f
--- /dev/null
+++ b/lib/classes/JsonApi/Routes/Forum/ForumAuthority.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace JsonApi\Routes\Forum;
+
+use Range;
+use User;
+
+class ForumAuthority
+{
+    public static function canShowForum(Range $range, ?User $user = null): bool
+    {
+        return $range->isAccessibleToUser($user?->id);
+    }
+}
diff --git a/lib/classes/JsonApi/Routes/Forum/PostingShow.php b/lib/classes/JsonApi/Routes/Forum/PostingShow.php
index c062169..730dc4f 100644
--- a/lib/classes/JsonApi/Routes/Forum/PostingShow.php
+++ b/lib/classes/JsonApi/Routes/Forum/PostingShow.php
@@ -12,6 +12,7 @@ class PostingShow extends JsonApiController
 {
     protected $allowedIncludePaths = [
         \JsonApi\Schemas\Forum\Posting::REL_DISCUSSION,
+        \JsonApi\Schemas\Forum\Posting::REL_AUTHOR,
         \JsonApi\Schemas\Forum\Posting::REL_POSTING,
         \JsonApi\Schemas\Forum\Posting::REL_OPENGRAPH_URLS,
         \JsonApi\Schemas\Forum\Posting::REL_REACTIONS,
diff --git a/lib/classes/JsonApi/Schemas/Forum/PostingReaction.php b/lib/classes/JsonApi/Schemas/Forum/PostingReaction.php
index 9441b63..4104e01 100644
--- a/lib/classes/JsonApi/Schemas/Forum/PostingReaction.php
+++ b/lib/classes/JsonApi/Schemas/Forum/PostingReaction.php
@@ -55,14 +55,15 @@ class PostingReaction extends SchemaProvider
         return $relationships;
     }
 
-    private function addUserRelationship(array $relationships, $discussion, bool $withUser = false)
+    private function addUserRelationship(array $relationships, $postingReaction, bool $withUser = false)
     {
-        if ($withUser) {
+        $user = $postingReaction->user;
+        if ($withUser && $user) {
             $relationships[self::REL_USER] = [
                 self::RELATIONSHIP_LINKS => [
-                    Link::RELATED => $this->createLinkToResource($discussion->user)
+                    Link::RELATED => $this->createLinkToResource($user)
                 ],
-                self::RELATIONSHIP_DATA => $discussion->user
+                self::RELATIONSHIP_DATA => $user
             ];
         }