diff options
| author | Moritz Strohm <strohm@data-quest.de> | 2024-11-13 11:52:39 +0000 |
|---|---|---|
| committer | Moritz Strohm <strohm@data-quest.de> | 2024-11-13 11:52:39 +0000 |
| commit | 9fd14abeaf7a3d2996540ffa7144b81e019624a2 (patch) | |
| tree | 9522d63f5f4e634834c0cc9f1e82d64141dd341e /lib | |
| parent | 1066b5800b43b8ce9a012dccad85723ae4cdfb09 (diff) | |
neither show the dialog for confidential dates of other users nor be able to drag such dates, fixes #4706
Closes #4706
Merge request studip/studip!3636
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/models/calendar/CalendarDate.php | 8 | ||||
| -rw-r--r-- | lib/models/calendar/CalendarDateAssignment.php | 29 |
2 files changed, 22 insertions, 15 deletions
diff --git a/lib/models/calendar/CalendarDate.php b/lib/models/calendar/CalendarDate.php index 1d49ff5..ebfb20e 100644 --- a/lib/models/calendar/CalendarDate.php +++ b/lib/models/calendar/CalendarDate.php @@ -177,13 +177,15 @@ class CalendarDate extends SimpleORMap implements PrivacyObject } } elseif ($assignment->user instanceof User) { if ($assignment->user->isCalendarReadable($range_id)) { - return true; + //The date is only readable if it isn't confidential: + return $this->access !== 'CONFIDENTIAL'; } } } - //In case the date is not in a calendar of the user or a course - //where the user has access to, it is only visible when it is public. + //In case the date is not in a calendar of a user or a course + //where the user has read access to, the date is only visible + //when it is public. return $this->access === 'PUBLIC'; } diff --git a/lib/models/calendar/CalendarDateAssignment.php b/lib/models/calendar/CalendarDateAssignment.php index 43c0080..05fafec 100644 --- a/lib/models/calendar/CalendarDateAssignment.php +++ b/lib/models/calendar/CalendarDateAssignment.php @@ -652,32 +652,37 @@ class CalendarDateAssignment extends SimpleORMap implements Event } } - $show_url_params = []; - if ($this->calendar_date->repetition_type) { - $show_url_params['selected_date'] = $begin->format('Y-m-d'); + $studip_urls = []; + $action_urls = []; + if (!$hide_confidential_data) { + $show_url_params = []; + if ($this->calendar_date->repetition_type !== CalendarDate::REPETITION_SINGLE) { + $show_url_params['selected_date'] = $begin->format('Y-m-d'); + } + $studip_urls['show'] = URLHelper::getURL('dispatch.php/calendar/date/index/' . $this->calendar_date_id, $show_url_params); + + if ($this->isWritable($user_id)) { + $action_urls['resize_dialog'] = URLHelper::getURL('dispatch.php/calendar/date/move/' . $this->calendar_date_id); + $action_urls['move_dialog'] = URLHelper::getURL('dispatch.php/calendar/date/move/' . $this->calendar_date_id, ['original_date' => $begin->format('Y-m-d')]); + } } return new \Studip\Calendar\EventData( $begin, $end, - !$hide_confidential_data ? $this->getTitle() : '', + !$hide_confidential_data ? $this->getTitle() : _('Vertraulich'), $event_classes, $text_colour, $background_colour, - $this->isWritable($user_id), + $this->isWritable($user_id) && $this->calendar_date->isVisible($user_id), CalendarDateAssignment::class, $this->id, CalendarDate::class, $this->calendar_date_id, 'user', $this->range_id ?? '', - [ - 'show' => URLHelper::getURL('dispatch.php/calendar/date/index/' . $this->calendar_date_id, $show_url_params) - ], - [ - 'resize_dialog' => URLHelper::getURL('dispatch.php/calendar/date/move/' . $this->calendar_date_id), - 'move_dialog' => URLHelper::getURL('dispatch.php/calendar/date/move/' . $this->calendar_date_id, ['original_date' => $begin->format('Y-m-d')]) - ], + $studip_urls, + $action_urls, $this->participation === 'DECLINED' ? 'decline-circle-full' : '', $border_colour, $all_day, |