diff options
| -rw-r--r-- | app/controllers/lti/tool.php | 14 | ||||
| -rw-r--r-- | app/views/lti/_tool_form_fields.php | 6 |
2 files changed, 10 insertions, 10 deletions
diff --git a/app/controllers/lti/tool.php b/app/controllers/lti/tool.php index 0d771fc..aa3c072 100644 --- a/app/controllers/lti/tool.php +++ b/app/controllers/lti/tool.php @@ -10,14 +10,14 @@ class Lti_ToolController extends AuthenticatedController $this->deployment = null; $this->tool_id = ''; $this->range_id = ''; + $this->user_may_edit_tool = false; if (in_array($action, ['index', 'add', 'edit', 'delete'])) { $this->range_id = $args[0]; $this->tool_id = $args[1] ?? ''; - if (!$this->range_id || ($this->range_id === 'global' && !$GLOBALS['perm']->have_perm('root'))) { - throw new AccessDeniedException(); - } - if ($this->range_id !== 'global' && !$GLOBALS['perm']->have_studip_perm('tutor', $this->range_id)) { + $this->user_may_edit_tool = ($this->range_id === 'global' && $GLOBALS['perm']->have_perm('root')) + || ($this->range_id !== 'global' && $GLOBALS['perm']->have_studip_perm('tutor', $this->range_id)); + if (!$this->user_may_edit_tool) { throw new AccessDeniedException(); } if ($action === 'add' && !$this->tool_id) { @@ -49,16 +49,16 @@ class Lti_ToolController extends AuthenticatedController public function add_action($range_id, $tool_id = '') { //NOTE: The parameters are checked and processed in the before_filter. - $this->addEditHandler('add'); + $this->addEditHandler(); } public function edit_action($range_id, $tool_id) { //NOTE: The parameters are checked and processed in the before_filter. - $this->addEditHandler('edit'); + $this->addEditHandler(); } - protected function addEditHandler($mode) + protected function addEditHandler() { if (!$this->tool) { return; diff --git a/app/views/lti/_tool_form_fields.php b/app/views/lti/_tool_form_fields.php index 4e954f9..e44921d 100644 --- a/app/views/lti/_tool_form_fields.php +++ b/app/views/lti/_tool_form_fields.php @@ -23,7 +23,7 @@ placeholder="<?= _('Bitte machen Sie Angaben zu dem angebundenen Werkzeug, soweit sie ihnen bekannt sind. Wie ist der Name, wer bietet es an, wozu wird es eingesetzt und welche Daten werden übertragen? (Beispiel: „Tool XY wird zur Durchführung von Sprachtests genutzt und Testergebnisse und ggf. Noten gespeichert. Zur Anmeldung werden Name und Nutzerkennung übertragen.“)') ?>"><?= wysiwygReady($deployment->data_protection_notes) ?></textarea> </label> <? endif ?> - <? if (!$tool->is_global) : ?> + <? if ($user_may_edit_tool) : ?> <label> <?= _('URL zu den Nutzungsbedingungen des LTI-Tools (falls verfügbar)') ?> <input type="url" name="terms_of_use_url" value="<?= htmlReady($tool->terms_of_use_url) ?>"> @@ -36,7 +36,7 @@ </fieldset> <fieldset> <legend><?= _('Konfiguration des LTI-Tools') ?></legend> - <? if (!$tool->is_global) : ?> + <? if ($user_may_edit_tool) : ?> <label class="studiprequired"> <span class="textlabel"><?= _('LTI-Version') ?></span> <span class="asterisk">*</span> @@ -64,7 +64,7 @@ ) ?>"> </label> - <? if (!$tool->is_global) : ?> + <? if ($user_may_edit_tool) : ?> <div class="lti13a-field"> <label> <?= _('OIDC Login-URL') ?> |