Resolve "Forum in freien Veranstaltungen sind nicht aufrufbar"issue-5760

Closes #5699

Merge request studip/studip!4371

9 files changed, 133 insertions, 27 deletions

diff --git a/lib/classes/Forum/BaseController.php b/lib/classes/Forum/BaseController.php
new file mode 100644
index 0000000..aa1bfd2
--- /dev/null
+++ b/lib/classes/Forum/BaseController.php
@@ -0,0 +1,72 @@
+<?php
+namespace Forum;
+
+use ActionsWidget;
+use Context;
+use CoreForum;
+use Icon;
+use Request;
+use SearchWidget;
+use Sidebar;
+use StudipController;
+use User;
+
+abstract class BaseController extends StudipController
+{
+    protected $with_session = true;
+    protected $is_admin = false;
+    protected $is_moderator = false;
+
+    public function before_filter(&$action, &$args)
+    {
+        object_set_visit_module('forum');
+
+        $this->range_id = Context::getId();
+        $this->user_id = User::findCurrent()?->user_id;
+
+        if ($this->user_id) {
+            $this->is_admin = CoreForum::isAdmin($this->range_id);
+            $this->is_moderator = CoreForum::isModerator($this->range_id);
+        }
+
+        $this->buildSidebar();
+        parent::before_filter($action, $args);
+    }
+
+    protected function buildSidebar(): void
+    {
+        $actions = new ActionsWidget();
+
+        if ($this->user_id) {
+            $actions->addLink(
+                _('Neue Diskussion starten'),
+                $this->url_for('course/forum/discussions/edit'),
+                Icon::create('add', Icon::ROLE_CLICKABLE, ['title' => _('Neue Diskussion starten')])
+            )->asDialog('width=900;height=750');
+        }
+
+        if ($this->is_admin) {
+            $actions->addLink(
+                _('Forum verwalten'),
+                $this->url_for('course/forum/configs/edit'),
+                Icon::create('admin', Icon::ROLE_CLICKABLE, ['title' => _('Forum verwalten')]),
+                ['data-dialog' => 'width=500;height=300']
+            );
+        }
+
+        Sidebar::Get()->addWidget($actions);
+
+        $search = new SearchWidget($this->url_for('course/forum/search', [
+            'begin' => Request::int('begin'),
+            'end' => Request::int('end')
+        ]));
+
+        $search->addNeedle(
+            _('Suche nach Diskussionen oder Beiträge'),
+            'q',
+            true
+        );
+
+        Sidebar::Get()->addWidget($search, 'forum_search');
+    }
+}
diff --git a/lib/classes/JsonApi/RouteMap.php b/lib/classes/JsonApi/RouteMap.php
index 235f4b6..47bd666 100644
--- a/lib/classes/JsonApi/RouteMap.php
+++ b/lib/classes/JsonApi/RouteMap.php
@@ -169,6 +169,7 @@ class RouteMap
         }
 
         $this->addUnauthenticatedTreeRoutes($group);
+        $this->addUnAuthenticatedForumRoutes($group);
     }
 
     private function getAuthenticator(): callable
@@ -675,44 +676,31 @@ class RouteMap
     {
         $group->group('/courses/{range_id}', function ($forum) {
             $forum->get('/forum-configs', Routes\Forum\ConfigIndex::class);
-            $forum->get('/forum-categories', Routes\Forum\CategoryIndex::class);
-            $forum->get('/forum-discussions', Routes\Forum\DiscussionIndex::class);
-            $forum->get('/forum-topics', Routes\Forum\TopicIndex::class);
             $forum->get('/forum-subscriptions', Routes\Forum\SubscriptionIndex::class);
         });
 
-        $group->group('/forum-subscriptions', function ($forum) {
-            $forum->post('', Routes\Forum\SubscriptionStore::class);
-            $forum->get('/{subscription_id}', Routes\Forum\SubscriptionShow::class);
-            $forum->delete('/{subscription_id}', Routes\Forum\SubscriptionDelete::class);
-        });
-
         $group->group('/forum-topics', function ($forum) {
-            $forum->get('/{topic_id}', Routes\Forum\TopicShow::class);
-            $forum->get('/{topic_id}/discussions', Routes\Forum\TopicDiscussions::class);
             $forum->patch('/sort', Routes\Forum\TopicUpdateSort::class);
         });
 
         $group->group('/forum-categories', function ($forum) {
-            $forum->get('/{category_id}', Routes\Forum\CategoryShow::class);
-            $forum->get('/{category_id}/topics', Routes\Forum\CategoryTopics::class);
             $forum->patch('/sort', Routes\Forum\CategoryUpdateSort::class);
         });
 
+        $group->group('/forum-subscriptions', function ($forum) {
+            $forum->post('', Routes\Forum\SubscriptionStore::class);
+            $forum->get('/{subscription_id}', Routes\Forum\SubscriptionShow::class);
+            $forum->delete('/{subscription_id}', Routes\Forum\SubscriptionDelete::class);
+        });
+
         $group->group('/forum-discussion-types', function ($forum) {
             $forum->get('', Routes\Forum\DiscussionTypeIndex::class);
             $forum->get('/{type_id}', Routes\Forum\DiscussionTypeShow::class);
         });
 
-        $group->group('/forum-discussions', function ($forum) {
-            $forum->get('/{discussion_id}', Routes\Forum\DiscussionShow::class);
-            $forum->get('/{discussion_id}/postings', Routes\Forum\DiscussionPostings::class);
-        });
-
         $group->group('/forum-postings', function ($forum) {
             $forum->post('', Routes\Forum\PostingStore::class);
             $forum->get('/{posting_id}', Routes\Forum\PostingShow::class);
-            $forum->get('/{posting_id}/reactions', Routes\Forum\PostingReactions::class);
             $forum->patch('/{posting_id}', Routes\Forum\PostingUpdate::class);
             $forum->delete('/{posting_id}', Routes\Forum\PostingDelete::class);
         });
@@ -724,6 +712,34 @@ class RouteMap
         });
     }
 
+    private function addUnAuthenticatedForumRoutes(RouteCollectorProxy $group): void
+    {
+        $group->group('/courses/{range_id}', function ($forum) {
+            $forum->get('/forum-categories', Routes\Forum\CategoryIndex::class);
+            $forum->get('/forum-discussions', Routes\Forum\DiscussionIndex::class);
+            $forum->get('/forum-topics', Routes\Forum\TopicIndex::class);
+        });
+
+        $group->group('/forum-topics', function ($forum) {
+            $forum->get('/{topic_id}', Routes\Forum\TopicShow::class);
+            $forum->get('/{topic_id}/discussions', Routes\Forum\TopicDiscussions::class);
+        });
+
+        $group->group('/forum-categories', function ($forum) {
+            $forum->get('/{category_id}', Routes\Forum\CategoryShow::class);
+            $forum->get('/{category_id}/topics', Routes\Forum\CategoryTopics::class);
+        });
+
+        $group->group('/forum-discussions', function ($forum) {
+            $forum->get('/{discussion_id}', Routes\Forum\DiscussionShow::class);
+            $forum->get('/{discussion_id}/postings', Routes\Forum\DiscussionPostings::class);
+        });
+
+        $group->group('/forum-postings', function ($forum) {
+            $forum->get('/{posting_id}/reactions', Routes\Forum\PostingReactions::class);
+        });
+    }
+
     private function addAuthenticatedStockImagesRoutes(RouteCollectorProxy $group): void
     {
         $group->get('/stock-images', Routes\StockImages\StockImagesIndex::class);
diff --git a/lib/classes/JsonApi/Routes/Forum/DiscussionPostings.php b/lib/classes/JsonApi/Routes/Forum/DiscussionPostings.php
index 8b64021..b40e4c4 100644
--- a/lib/classes/JsonApi/Routes/Forum/DiscussionPostings.php
+++ b/lib/classes/JsonApi/Routes/Forum/DiscussionPostings.php
@@ -40,7 +40,9 @@ class DiscussionPostings extends JsonApiController
 
         $postings = $discussion->postings ?? \SimpleORMapCollection::createFromArray([]);
 
-        PostingRead::updateUserReadPoint($user->user_id, $discussion->discussion_id, count($postings));
+        if ($user) {
+            PostingRead::updateUserReadPoint($user->user_id, $discussion->discussion_id, count($postings));
+        }
 
         return $this->getPaginatedContentResponse(
             $postings->limit(...$this->getOffsetAndLimit()),
diff --git a/lib/classes/JsonApi/Routes/Forum/ForumAuthority.php b/lib/classes/JsonApi/Routes/Forum/ForumAuthority.php
new file mode 100644
index 0000000..0a0017f
--- /dev/null
+++ b/lib/classes/JsonApi/Routes/Forum/ForumAuthority.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace JsonApi\Routes\Forum;
+
+use Range;
+use User;
+
+class ForumAuthority
+{
+    public static function canShowForum(Range $range, ?User $user = null): bool
+    {
+        return $range->isAccessibleToUser($user?->id);
+    }
+}
diff --git a/lib/classes/JsonApi/Routes/Forum/PostingShow.php b/lib/classes/JsonApi/Routes/Forum/PostingShow.php
index c062169..730dc4f 100644
--- a/lib/classes/JsonApi/Routes/Forum/PostingShow.php
+++ b/lib/classes/JsonApi/Routes/Forum/PostingShow.php
@@ -12,6 +12,7 @@ class PostingShow extends JsonApiController
 {
     protected $allowedIncludePaths = [
         \JsonApi\Schemas\Forum\Posting::REL_DISCUSSION,
+        \JsonApi\Schemas\Forum\Posting::REL_AUTHOR,
         \JsonApi\Schemas\Forum\Posting::REL_POSTING,
         \JsonApi\Schemas\Forum\Posting::REL_OPENGRAPH_URLS,
         \JsonApi\Schemas\Forum\Posting::REL_REACTIONS,
diff --git a/lib/classes/JsonApi/Schemas/Forum/PostingReaction.php b/lib/classes/JsonApi/Schemas/Forum/PostingReaction.php
index 9441b63..4104e01 100644
--- a/lib/classes/JsonApi/Schemas/Forum/PostingReaction.php
+++ b/lib/classes/JsonApi/Schemas/Forum/PostingReaction.php
@@ -55,14 +55,15 @@ class PostingReaction extends SchemaProvider
         return $relationships;
     }
 
-    private function addUserRelationship(array $relationships, $discussion, bool $withUser = false)
+    private function addUserRelationship(array $relationships, $postingReaction, bool $withUser = false)
     {
-        if ($withUser) {
+        $user = $postingReaction->user;
+        if ($withUser && $user) {
             $relationships[self::REL_USER] = [
                 self::RELATIONSHIP_LINKS => [
-                    Link::RELATED => $this->createLinkToResource($discussion->user)
+                    Link::RELATED => $this->createLinkToResource($user)
                 ],
-                self::RELATIONSHIP_DATA => $discussion->user
+                self::RELATIONSHIP_DATA => $user
             ];
         }
 
diff --git a/lib/models/Forum/Category.php b/lib/models/Forum/Category.php
index 73c96e1..6ee52c8 100644
--- a/lib/models/Forum/Category.php
+++ b/lib/models/Forum/Category.php
@@ -80,7 +80,7 @@ class Category extends \SimpleORMap
                     WHERE `forum_topics`.`category_id` = :category_id",
             [
                 'category_id' => $this->category_id,
-                'user_id' => User::findCurrent()->user_id
+                'user_id' => User::findCurrent()?->user_id
             ]
         );
     }
diff --git a/lib/models/Forum/Discussion.php b/lib/models/Forum/Discussion.php
index 96bd85a..de82422 100644
--- a/lib/models/Forum/Discussion.php
+++ b/lib/models/Forum/Discussion.php
@@ -242,7 +242,7 @@ class Discussion extends SimpleORMap
 
     public function getMetaData(int $last_visit = 0): array
     {
-        $user_id = \User::findCurrent()->user_id;
+        $user_id = User::findCurrent()?->user_id;
 
         if (!$last_visit) {
             $plugin_id = \PluginEngine::getPlugin(\CoreForum::class)->getPluginId();
diff --git a/lib/models/Forum/Topic.php b/lib/models/Forum/Topic.php
index a6b298f..4ea8361 100644
--- a/lib/models/Forum/Topic.php
+++ b/lib/models/Forum/Topic.php
@@ -141,7 +141,7 @@ class Topic extends SimpleORMap
                     WHERE `forum_discussions`.`topic_id` = :topic_id",
             [
                 'topic_id' => $this->topic_id,
-                'user_id' => User::findCurrent()->user_id
+                'user_id' => User::findCurrent()?->user_id
             ]
         );
     }