Resolve "Forum funktioniert nicht mehr an Einrichtungen"

Closes #5700 Merge request studip/studip!4351
author: Murtaza Sultani <sultani@data-quest.de> 2025-07-14 12:42:13 +0200
committer: Murtaza Sultani <sultani@data-quest.de> 2025-07-14 12:42:13 +0200
commit: 74076ca20b80311c19f3b32870f1c8eba82bc09d (patch)
tree: 80bcb0d7b58269e947c006e6a51cc8b94c1938be /lib/classes
parent: c76e8045a8113b3d5837459c521371921a592279 (diff)
22 files changed, 131 insertions, 100 deletions
diff --git a/lib/classes/JsonApi/RouteMap.php b/lib/classes/JsonApi/RouteMap.php
index 9393776..d85b12d 100644
--- a/lib/classes/JsonApi/RouteMap.php
+++ b/lib/classes/JsonApi/RouteMap.php
@@ -672,7 +672,7 @@ class RouteMap
 
     private function addAuthenticatedForumRoutes(RouteCollectorProxy $group): void
     {
-        $group->group('/courses/{course_id}', function ($forum) {
+        $group->group('/courses/{range_id}', function ($forum) {
             $forum->get('/forum-configs', Routes\Forum\ForumConfigIndex::class);
             $forum->get('/forum-categories', Routes\Forum\ForumCategoryIndex::class);
             $forum->get('/forum-discussions', Routes\Forum\ForumDiscussionIndex::class);
diff --git a/lib/classes/JsonApi/Routes/Courses/Authority.php b/lib/classes/JsonApi/Routes/Courses/Authority.php
index 7abc097..05a3cc8 100644
--- a/lib/classes/JsonApi/Routes/Courses/Authority.php
+++ b/lib/classes/JsonApi/Routes/Courses/Authority.php
@@ -13,7 +13,7 @@ class Authority
     /**
      * @SuppressWarnings(PHPMD.Superglobals)
      */
-    public static function canShowCourse(User $user, Course $course, $scope)
+    public static function canShowCourse(User $user, Course $course, $scope = self::SCOPE_BASIC): bool
     {
         switch ($scope) {
             case self::SCOPE_BASIC:
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumCategoryIndex.php b/lib/classes/JsonApi/Routes/Forum/ForumCategoryIndex.php
index c70df2b..9518736 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumCategoryIndex.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumCategoryIndex.php
@@ -1,10 +1,9 @@
 <?php
 namespace JsonApi\Routes\Forum;
 
-use Course;
 use JsonApi\Errors\AuthorizationFailedException;
 use JsonApi\Errors\RecordNotFoundException;
-use JsonApi\Routes\Courses\Authority as CourseAuthority;
+use JsonApi\Routes\RangeAuthority;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\JsonApiController;
@@ -19,17 +18,17 @@ class ForumCategoryIndex extends JsonApiController
 
     public function __invoke(Request $request, Response $response, $args)
     {
-        $course = Course::find($args['course_id']);
-        if (!$course) {
+        $range = get_object_by_range_id($args['range_id']);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
         $user = $this->getUser($request);
-        if (!CourseAuthority::canShowCourse($user, $course, CourseAuthority::SCOPE_BASIC)) {
+        if (!RangeAuthority::canShowRange($user, $range)) {
             throw new AuthorizationFailedException();
         }
 
-        $categories = ForumCategory::getCourseCategories($course->id);
+        $categories = ForumCategory::getCourseCategories($range->id);
 
         return $this->getPaginatedContentResponse(
             array_slice($categories, ...$this->getOffsetAndLimit()),
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumCategoryShow.php b/lib/classes/JsonApi/Routes/Forum/ForumCategoryShow.php
index e85d49d..f0ee1e1 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumCategoryShow.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumCategoryShow.php
@@ -1,11 +1,10 @@
 <?php
 namespace JsonApi\Routes\Forum;
 
-use Course;
 use Forum\ForumCategory;
 use JsonApi\Errors\AuthorizationFailedException;
 use JsonApi\Errors\RecordNotFoundException;
-use JsonApi\Routes\Courses\Authority as CourseAuthority;
+use JsonApi\Routes\RangeAuthority;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\JsonApiController;
@@ -23,13 +22,13 @@ class ForumCategoryShow extends JsonApiController
             throw new RecordNotFoundException();
         }
 
-        $course = Course::find($category->range_id);
-        if (!$course) {
+        $range = get_object_by_range_id($category->range_id);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
         $user = $this->getUser($request);
-        if (!CourseAuthority::canShowCourse($user, $course, CourseAuthority::SCOPE_BASIC)) {
+        if (!RangeAuthority::canShowRange($user, $range)) {
             throw new AuthorizationFailedException();
         }
 
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumCategoryTopics.php b/lib/classes/JsonApi/Routes/Forum/ForumCategoryTopics.php
index 88a212c..cfa7937 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumCategoryTopics.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumCategoryTopics.php
@@ -1,9 +1,8 @@
 <?php
 namespace JsonApi\Routes\Forum;
 
-use Course;
 use JsonApi\Errors\RecordNotFoundException;
-use JsonApi\Routes\Courses\Authority as CourseAuthority;
+use JsonApi\Routes\RangeAuthority;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\Errors\AuthorizationFailedException;
@@ -24,13 +23,13 @@ class ForumCategoryTopics extends JsonApiController
             throw new RecordNotFoundException();
         }
 
-        $course = Course::find($category->range_id);
-        if (!$course) {
+        $range = get_object_by_range_id($category->range_id);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
         $user = $this->getUser($request);
-        if (!CourseAuthority::canShowCourse($user, $course, CourseAuthority::SCOPE_BASIC)) {
+        if (!RangeAuthority::canShowRange($user, $range)) {
             throw new AuthorizationFailedException();
         }
 
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumCategoryUpdateSort.php b/lib/classes/JsonApi/Routes/Forum/ForumCategoryUpdateSort.php
index b8e41f0..39fbb9d 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumCategoryUpdateSort.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumCategoryUpdateSort.php
@@ -2,7 +2,6 @@
 namespace JsonApi\Routes\Forum;
 
 use CoreForum;
-use Course;
 use JsonApi\Errors\RecordNotFoundException;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
@@ -18,14 +17,14 @@ class ForumCategoryUpdateSort extends JsonApiController
     public function __invoke(Request $request, Response $response, $args)
     {
         $json = $this->validate($request);
-        $course_id = self::arrayGet($json, 'data.relationships.range.data.id');
+        $range_id = self::arrayGet($json, 'data.relationships.range.data.id');
 
-        $course = Course::find($course_id);
-        if (!$course) {
+        $range = get_object_by_range_id($range_id);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
-        if (!CoreForum::isModerator($course->id)) {
+        if (!CoreForum::isModerator($range->id)) {
             throw new AuthorizationFailedException();
         }
 
@@ -36,10 +35,10 @@ class ForumCategoryUpdateSort extends JsonApiController
                 $category->position = (int) array_search($category->category_id, $category_ids);
                 $category->store();
             },
-            "category_id IN (:category_ids) AND range_id = :course_id",
+            "category_id IN (:category_ids) AND range_id = :range_id",
             [
                 "category_ids" => $category_ids,
-                "course_id" => $course->id
+                "range_id" => $range->id
             ]
         );
 
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumConfigIndex.php b/lib/classes/JsonApi/Routes/Forum/ForumConfigIndex.php
index 973dd12..507e2de 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumConfigIndex.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumConfigIndex.php
@@ -2,10 +2,12 @@
 
 namespace JsonApi\Routes\Forum;
 
-use Course;
+use Config;
+use CoreForum;
+use JsonApi\Routes\RangeAuthority;
+use UserConfig;
 use JsonApi\Errors\AuthorizationFailedException;
 use JsonApi\Errors\RecordNotFoundException;
-use JsonApi\Routes\Courses\Authority as CourseAuthority;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\JsonApiController;
@@ -14,21 +16,21 @@ class ForumConfigIndex extends JsonApiController
 {
     public function __invoke(Request $request, Response $response, $args)
     {
-        $course = Course::find($args['course_id']);
-        if (!$course) {
+        $range = get_object_by_range_id($args['range_id']);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
         $user = $this->getUser($request);
-        if (!CourseAuthority::canShowCourse($user, $course, CourseAuthority::SCOPE_BASIC)) {
+        if (!RangeAuthority::canShowRange($user, $range)) {
             throw new AuthorizationFailedException();
         }
 
         return $this->getMetaResponse([
-            'is-admin' => \CoreForum::isAdmin($course->id),
-            'is-moderator' => \CoreForum::isModerator($course->id),
-            'anonymous-post' => (bool) \Config::get()->FORUM_ANONYMOUS_POSTINGS,
-            'tile-layout' => (bool) \UserConfig::get($user->user_id)->FORUM_TILE_LAYOUT
+            'is-admin' => CoreForum::isAdmin($range->id),
+            'is-moderator' => CoreForum::isModerator($range->id),
+            'anonymous-post' => (bool) Config::get()->FORUM_ANONYMOUS_POSTINGS,
+            'tile-layout' => (bool) UserConfig::get($user->user_id)->FORUM_TILE_LAYOUT
         ]);
     }
 }
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumDiscussionIndex.php b/lib/classes/JsonApi/Routes/Forum/ForumDiscussionIndex.php
index a9ef436..d3920a3 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumDiscussionIndex.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumDiscussionIndex.php
@@ -1,10 +1,9 @@
 <?php
 namespace JsonApi\Routes\Forum;
 
-use Course;
 use JsonApi\Errors\AuthorizationFailedException;
 use JsonApi\Errors\RecordNotFoundException;
-use JsonApi\Routes\Courses\Authority as CourseAuthority;
+use JsonApi\Routes\RangeAuthority;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\JsonApiController;
@@ -25,20 +24,20 @@ class ForumDiscussionIndex extends JsonApiController
 
     public function __invoke(Request $request, Response $response, $args)
     {
-        $course = Course::find($args['course_id']);
-        if (!$course) {
+        $range = get_object_by_range_id($args['range_id']);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
         $user = $this->getUser($request);
-        if (!CourseAuthority::canShowCourse($user, $course, CourseAuthority::SCOPE_BASIC)) {
+        if (!RangeAuthority::canShowRange($user, $range)) {
             throw new AuthorizationFailedException();
         }
 
         $filtering = $this->getQueryParameters()->getFilteringParameters() ?: [];
         $last_visit = $filtering['last-visit'] ?? 0;
 
-        $discussions = ForumDiscussion::getCourseDiscussions($course->id, $last_visit);
+        $discussions = ForumDiscussion::getCourseDiscussions($range->id, $last_visit);
 
         return $this->getPaginatedContentResponse(
             array_slice($discussions, ...$this->getOffsetAndLimit()),
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumDiscussionPostings.php b/lib/classes/JsonApi/Routes/Forum/ForumDiscussionPostings.php
index a33c808..2e07c87 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumDiscussionPostings.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumDiscussionPostings.php
@@ -1,15 +1,13 @@
 <?php
 namespace JsonApi\Routes\Forum;
 
-use Course;
 use Forum\ForumDiscussion;
 use JsonApi\Errors\AuthorizationFailedException;
 use JsonApi\Errors\RecordNotFoundException;
-use JsonApi\Routes\Courses\Authority as CourseAuthority;
+use JsonApi\Routes\RangeAuthority;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\JsonApiController;
-use Forum\ForumPosting;
 use Forum\ForumPostingRead;
 
 class ForumDiscussionPostings extends JsonApiController
@@ -31,13 +29,13 @@ class ForumDiscussionPostings extends JsonApiController
             throw new RecordNotFoundException();
         }
 
-        $course = Course::find($discussion->range_id);
-        if (!$course) {
+        $range = get_object_by_range_id($discussion->range_id);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
         $user = $this->getUser($request);
-        if (!CourseAuthority::canShowCourse($user, $course, CourseAuthority::SCOPE_BASIC)) {
+        if (!RangeAuthority::canShowRange($user, $range)) {
             throw new AuthorizationFailedException();
         }
 
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumDiscussionShow.php b/lib/classes/JsonApi/Routes/Forum/ForumDiscussionShow.php
index 077a910..93bc970 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumDiscussionShow.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumDiscussionShow.php
@@ -1,11 +1,10 @@
 <?php
 namespace JsonApi\Routes\Forum;
 
-use Course;
 use Forum\ForumDiscussion;
 use JsonApi\Errors\AuthorizationFailedException;
 use JsonApi\Errors\RecordNotFoundException;
-use JsonApi\Routes\Courses\Authority as CourseAuthority;
+use JsonApi\Routes\RangeAuthority;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\JsonApiController;
@@ -26,13 +25,13 @@ class ForumDiscussionShow extends JsonApiController
             throw new RecordNotFoundException();
         }
 
-        $course = Course::find($discussion->range_id);
-        if (!$course) {
+        $range = get_object_by_range_id($discussion->range_id);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
         $user = $this->getUser($request);
-        if (!CourseAuthority::canShowCourse($user, $course, CourseAuthority::SCOPE_BASIC)) {
+        if (!RangeAuthority::canShowRange($user, $range)) {
             throw new AuthorizationFailedException();
         }
 
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumPostingReactionStore.php b/lib/classes/JsonApi/Routes/Forum/ForumPostingReactionStore.php
index cb8fc85..a913e9b 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumPostingReactionStore.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumPostingReactionStore.php
@@ -1,11 +1,10 @@
 <?php
 namespace JsonApi\Routes\Forum;
 
-use Course;
 use JsonApi\Errors\AuthorizationFailedException;
 use JsonApi\Errors\BadRequestException;
 use JsonApi\Errors\RecordNotFoundException;
-use JsonApi\Routes\Courses\Authority as CourseAuthority;
+use JsonApi\Routes\RangeAuthority;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\JsonApiController;
@@ -31,12 +30,12 @@ class ForumPostingReactionStore extends JsonApiController
             throw new BadRequestException();
         }
 
-        $course = Course::find($posting->range_id);
-        if (!$course) {
+        $range = get_object_by_range_id($posting->range_id);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
-        if (!CourseAuthority::canShowCourse($user, $course, CourseAuthority::SCOPE_BASIC)) {
+        if (!RangeAuthority::canShowRange($user, $range)) {
             throw new AuthorizationFailedException();
         }
 
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumPostingReactions.php b/lib/classes/JsonApi/Routes/Forum/ForumPostingReactions.php
index dfdc0ab..9c6a182 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumPostingReactions.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumPostingReactions.php
@@ -1,11 +1,10 @@
 <?php
 namespace JsonApi\Routes\Forum;
 
-use Course;
 use Forum\ForumPosting;
 use JsonApi\Errors\AuthorizationFailedException;
 use JsonApi\Errors\RecordNotFoundException;
-use JsonApi\Routes\Courses\Authority as CourseAuthority;
+use JsonApi\Routes\RangeAuthority;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\JsonApiController;
@@ -26,13 +25,13 @@ class ForumPostingReactions extends JsonApiController
             throw new RecordNotFoundException();
         }
 
-        $course = Course::find($posting->range_id);
-        if (!$course) {
+        $range = get_object_by_range_id($posting->range_id);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
         $user = $this->getUser($request);
-        if (!CourseAuthority::canShowCourse($user, $course, CourseAuthority::SCOPE_BASIC)) {
+        if (!RangeAuthority::canShowRange($user, $range)) {
             throw new AuthorizationFailedException();
         }
 
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumPostingShow.php b/lib/classes/JsonApi/Routes/Forum/ForumPostingShow.php
index 8d29654..4a810b2 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumPostingShow.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumPostingShow.php
@@ -1,11 +1,10 @@
 <?php
 namespace JsonApi\Routes\Forum;
 
-use Course;
 use Forum\ForumPosting;
 use JsonApi\Errors\AuthorizationFailedException;
 use JsonApi\Errors\RecordNotFoundException;
-use JsonApi\Routes\Courses\Authority as CourseAuthority;
+use JsonApi\Routes\RangeAuthority;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\JsonApiController;
@@ -27,13 +26,13 @@ class ForumPostingShow extends JsonApiController
             throw new RecordNotFoundException();
         }
 
-        $course = Course::find($posting->range_id);
-        if (!$course) {
+        $range = get_object_by_range_id($posting->range_id);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
         $user = $this->getUser($request);
-        if (!CourseAuthority::canShowCourse($user, $course, CourseAuthority::SCOPE_BASIC)) {
+        if (!RangeAuthority::canShowRange($user, $range)) {
             throw new AuthorizationFailedException();
         }
 
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumPostingStore.php b/lib/classes/JsonApi/Routes/Forum/ForumPostingStore.php
index d32d75e..70c5792 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumPostingStore.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumPostingStore.php
@@ -1,9 +1,8 @@
 <?php
 namespace JsonApi\Routes\Forum;
 
-use Course;
 use JsonApi\Errors\RecordNotFoundException;
-use JsonApi\Routes\Courses\Authority as CourseAuthority;
+use JsonApi\Routes\RangeAuthority;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\Errors\AuthorizationFailedException;
@@ -35,14 +34,14 @@ class ForumPostingStore extends JsonApiController
         $user = $this->getUser($request);
 
         $discussion = ForumDiscussion::find(self::arrayGet($json, 'data.relationships.discussion.data.id'));
-        $course = Course::find($discussion->range_id);
+        $range = get_object_by_range_id($discussion->range_id);
 
-        if (!$discussion || !$course) {
+        if (!$discussion || !$range) {
             throw new RecordNotFoundException();
         }
 
         if (
-            !CourseAuthority::canShowCourse($user, $course, CourseAuthority::SCOPE_BASIC) ||
+            !RangeAuthority::canShowRange($user, $range) ||
             $discussion->closed_at
         ) {
             throw new AuthorizationFailedException();
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumSubscriptionIndex.php b/lib/classes/JsonApi/Routes/Forum/ForumSubscriptionIndex.php
index 015f959..8e0cee8 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumSubscriptionIndex.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumSubscriptionIndex.php
@@ -1,10 +1,9 @@
 <?php
 namespace JsonApi\Routes\Forum;
 
-use Course;
 use JsonApi\Errors\AuthorizationFailedException;
 use JsonApi\Errors\RecordNotFoundException;
-use JsonApi\Routes\Courses\Authority as CourseAuthority;
+use JsonApi\Routes\RangeAuthority;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\JsonApiController;
@@ -21,17 +20,17 @@ class ForumSubscriptionIndex extends JsonApiController
 
     public function __invoke(Request $request, Response $response, $args)
     {
-        $course = Course::find($args['course_id']);
-        if (!$course) {
+        $range = get_object_by_range_id($args['range_id']);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
         $user = $this->getUser($request);
-        if (!CourseAuthority::canShowCourse($user, $course, CourseAuthority::SCOPE_BASIC)) {
+        if (!RangeAuthority::canShowRange($user, $range)) {
             throw new AuthorizationFailedException();
         }
 
-        $subscriptions = ForumSubscription::getUserSubscriptions($course->id, $user->user_id);
+        $subscriptions = ForumSubscription::getUserSubscriptions($range->id, $user->user_id);
 
         return $this->getPaginatedContentResponse(
             array_slice($subscriptions, ...$this->getOffsetAndLimit()),
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumTopicDiscussions.php b/lib/classes/JsonApi/Routes/Forum/ForumTopicDiscussions.php
index d2cbb70..935d9e3 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumTopicDiscussions.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumTopicDiscussions.php
@@ -1,10 +1,9 @@
 <?php
 namespace JsonApi\Routes\Forum;
 
-use Course;
 use Forum\ForumTopic;
 use JsonApi\Errors\RecordNotFoundException;
-use JsonApi\Routes\Courses\Authority as CourseAuthority;
+use JsonApi\Routes\RangeAuthority;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\Errors\AuthorizationFailedException;
@@ -28,13 +27,13 @@ class ForumTopicDiscussions extends JsonApiController
             throw new RecordNotFoundException();
         }
 
-        $course = Course::find($topic->range_id);
-        if (!$course) {
+        $range = get_object_by_range_id($topic->range_id);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
         $user = $this->getUser($request);
-        if (!CourseAuthority::canShowCourse($user, $course, CourseAuthority::SCOPE_BASIC)) {
+        if (!RangeAuthority::canShowRange($user, $range)) {
             throw new AuthorizationFailedException();
         }
 
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumTopicIndex.php b/lib/classes/JsonApi/Routes/Forum/ForumTopicIndex.php
index 8be3018..038d0c9 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumTopicIndex.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumTopicIndex.php
@@ -1,10 +1,9 @@
 <?php
 namespace JsonApi\Routes\Forum;
 
-use Course;
 use JsonApi\Errors\AuthorizationFailedException;
 use JsonApi\Errors\RecordNotFoundException;
-use JsonApi\Routes\Courses\Authority as CourseAuthority;
+use JsonApi\Routes\RangeAuthority;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\JsonApiController;
@@ -20,17 +19,17 @@ class ForumTopicIndex extends JsonApiController
 
     public function __invoke(Request $request, Response $response, $args)
     {
-        $course = Course::find($args['course_id']);
-        if (!$course) {
+        $range = get_object_by_range_id($args['range_id']);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
         $user = $this->getUser($request);
-        if (!CourseAuthority::canShowCourse($user, $course, CourseAuthority::SCOPE_BASIC)) {
+        if (!RangeAuthority::canShowRange($user, $range)) {
             throw new AuthorizationFailedException();
         }
 
-        $topics = ForumTopic::getCourseTopics($course->id);
+        $topics = ForumTopic::getCourseTopics($range->id);
 
         return $this->getPaginatedContentResponse(
             array_slice($topics, ...$this->getOffsetAndLimit()),
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumTopicShow.php b/lib/classes/JsonApi/Routes/Forum/ForumTopicShow.php
index 99dd427..32704b7 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumTopicShow.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumTopicShow.php
@@ -1,8 +1,7 @@
 <?php
 namespace JsonApi\Routes\Forum;
 
-use Course;
-use JsonApi\Routes\Courses\Authority as CourseAuthority;
+use JsonApi\Routes\RangeAuthority;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\Errors\AuthorizationFailedException;
@@ -21,13 +20,13 @@ class ForumTopicShow extends JsonApiController
             throw new RecordNotFoundException();
         }
 
-        $course = Course::find($topic->range_id);
-        if (!$course) {
+        $range = get_object_by_range_id($topic->range_id);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
         $user = $this->getUser($request);
-        if (!CourseAuthority::canShowCourse($user, $course, CourseAuthority::SCOPE_BASIC)) {
+        if (!RangeAuthority::canShowRange($user, $range)) {
             throw new AuthorizationFailedException();
         }
 
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumTopicUpdateSort.php b/lib/classes/JsonApi/Routes/Forum/ForumTopicUpdateSort.php
index 8f9e93b..3e77b40 100644
--- a/lib/classes/JsonApi/Routes/Forum/ForumTopicUpdateSort.php
+++ b/lib/classes/JsonApi/Routes/Forum/ForumTopicUpdateSort.php
@@ -2,7 +2,6 @@
 namespace JsonApi\Routes\Forum;
 
 use CoreForum;
-use Course;
 use JsonApi\Errors\RecordNotFoundException;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
@@ -18,14 +17,14 @@ class ForumTopicUpdateSort extends JsonApiController
     public function __invoke(Request $request, Response $response, $args)
     {
         $json = $this->validate($request);
-        $course_id = self::arrayGet($json, 'data.relationships.range.data.id');
+        $range_id = self::arrayGet($json, 'data.relationships.range.data.id');
 
-        $course = Course::find($course_id);
-        if (!$course) {
+        $range = get_object_by_range_id($range_id);
+        if (!$range) {
             throw new RecordNotFoundException();
         }
 
-        if (!CoreForum::isModerator($course->id)) {
+        if (!CoreForum::isModerator($range->id)) {
             throw new AuthorizationFailedException();
         }
 
@@ -39,7 +38,7 @@ class ForumTopicUpdateSort extends JsonApiController
             "topic_id IN (:topic_ids) AND range_id = :course_id",
             [
                 "topic_ids" => $topic_ids,
-                "course_id" => $course->id
+                "course_id" => $range->id
             ]
         );
 
diff --git a/lib/classes/JsonApi/Routes/Institutes/Authority.php b/lib/classes/JsonApi/Routes/Institutes/Authority.php
index c6ee43b..2f35c23 100644
--- a/lib/classes/JsonApi/Routes/Institutes/Authority.php
+++ b/lib/classes/JsonApi/Routes/Institutes/Authority.php
@@ -7,6 +7,11 @@ use User;
 
 class Authority
 {
+    public static function canShowInstitute(User $user, Institute $institute): bool
+    {
+        return $GLOBALS['perm']->have_studip_perm('user', $institute->id, $user->id);
+    }
+
     /**
      * @SuppressWarnings(PHPMD.Superglobals)
      */
diff --git a/lib/classes/JsonApi/Routes/RangeAuthority.php b/lib/classes/JsonApi/Routes/RangeAuthority.php
new file mode 100644
index 0000000..447ae60
--- /dev/null
+++ b/lib/classes/JsonApi/Routes/RangeAuthority.php
@@ -0,0 +1,41 @@
+<?php
+
+namespace JsonApi\Routes;
+
+use Course;
+use Institute;
+use Range;
+use User;
+use JsonApi\Routes\Courses\Authority as CourseAuthority;
+use JsonApi\Routes\Institutes\Authority as InstituteAuthority;
+
+class RangeAuthority
+{
+    const SCOPE_BASIC = 'basic';
+
+    public static function canShowRange(User $user, Range $range, $scope = self::SCOPE_BASIC): bool
+    {
+        if ($range instanceof Course) {
+            return CourseAuthority::canShowCourse($user, $range, $scope);
+        }
+
+        if ($range instanceof Institute) {
+            return InstituteAuthority::canShowInstitute($user, $range);
+        }
+
+        return false;
+    }
+
+    public static function canEditRange(User $user, Range $range): bool
+    {
+        if ($range instanceof Course) {
+            return CourseAuthority::canEditCourse($user, $range);
+        }
+
+        if ($range instanceof Institute) {
+            return InstituteAuthority::canEditInstitute($user, $range);
+        }
+
+        return false;
+    }
+}
diff --git a/lib/classes/JsonApi/Schemas/Forum/ForumSubscription.php b/lib/classes/JsonApi/Schemas/Forum/ForumSubscription.php
index ecfb699..6cc82e0 100644
--- a/lib/classes/JsonApi/Schemas/Forum/ForumSubscription.php
+++ b/lib/classes/JsonApi/Schemas/Forum/ForumSubscription.php
@@ -39,8 +39,8 @@ class ForumSubscription extends SchemaProvider
         $relationships = [];
         if ($isPrimary) {
             $relationships = $this->addUserRelationship($relationships, $subscription, $includeList);
-            $relationships = $this->addRangeRelationship($relationships, $subscription, $includeList);
             $relationships = $this->addSubjectRelationship($relationships, $subscription, $includeList);
+            $relationships = $this->addRangeRelationship($relationships, $subscription, $includeList);
         }
 
         return $relationships;
author	Murtaza Sultani <sultani@data-quest.de>	2025-07-14 12:42:13 +0200
committer	Murtaza Sultani <sultani@data-quest.de>	2025-07-14 12:42:13 +0200
commit	74076ca20b80311c19f3b32870f1c8eba82bc09d (patch)
tree	80bcb0d7b58269e947c006e6a51cc8b94c1938be /lib/classes
parent	c76e8045a8113b3d5837459c521371921a592279 (diff)