From 061c7b238eb62875e2c13794d5732adb2d362fca Mon Sep 17 00:00:00 2001
From: Manfred <kindlm@technikum-wien.at>
Date: Wed, 23 Mar 2022 17:31:57 +0100
Subject: [PATCH] =?UTF-8?q?Login=20f=C3=BCr=20Admin=20mittels=20uid=20als?=
 =?UTF-8?q?=20GET-Param?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cis/private/profile/freebusy.php | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/cis/private/profile/freebusy.php b/cis/private/profile/freebusy.php
index d5e093da2..d2e4f9bba 100644
--- a/cis/private/profile/freebusy.php
+++ b/cis/private/profile/freebusy.php
@@ -28,17 +28,29 @@ require_once('../../../include/basis_db.class.php');
 require_once('../../../include/functions.inc.php');
 require_once('../../../include/freebusy.class.php');
 require_once('../../../include/phrasen.class.php');
+require_once('../../../include/benutzerberechtigung.class.php');
 
 if (!$db = new basis_db())
 	die('Fehler beim Oeffnen der Datenbankverbindung');
   
-$user=get_uid();
+$user = get_uid();
 $sprache = getSprache();
 $p = new phrasen($sprache);
 
 $action = (isset($_REQUEST['action'])?$_REQUEST['action']:'');
 $id = (isset($_REQUEST['id'])?$_REQUEST['id']:'');
 
+// Administratoren duerfen die UID als Parameter uebergeben um die Umfragen von anderen Personen anzuzeigen
+if(isset($_GET['uid']))
+{
+	$rechte = new benutzerberechtigung();
+	$rechte->getBerechtigungen($user);
+	if($rechte->isBerechtigt('admin'))
+	{
+		$user = $_GET['uid'];
+	}
+}
+
 echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
         "http://www.w3.org/TR/html4/strict.dtd">
 <html>
@@ -49,11 +61,11 @@ echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
 	<link rel="stylesheet" href="../../../skin/style.css.php" type="text/css">
 	<title>'.$p->t('freebusy/titel').'</title>
 	
-	<link rel="stylesheet" type="text/css" href="../../../skin/jquery-ui-1.9.2.custom.min.css">
-<script type="text/javascript" src="../../../vendor/jquery/jqueryV1/jquery-1.12.4.min.js"></script>
-<script type="text/javascript" src="../../../vendor/christianbach/tablesorter/jquery.tablesorter.min.js"></script>
-<script type="text/javascript" src="../../../vendor/components/jqueryui/jquery-ui.min.js"></script>
-<script type="text/javascript" src="../../../include/js/jquery.ui.datepicker.translation.js"></script>
+	<link rel="stylesheet" type="text/css" href="../../../skin/jquery-ui-1.9.2.custom.min.css">
+<script type="text/javascript" src="../../../vendor/jquery/jqueryV1/jquery-1.12.4.min.js"></script>
+<script type="text/javascript" src="../../../vendor/christianbach/tablesorter/jquery.tablesorter.min.js"></script>
+<script type="text/javascript" src="../../../vendor/components/jqueryui/jquery-ui.min.js"></script>
+<script type="text/javascript" src="../../../include/js/jquery.ui.datepicker.translation.js"></script>
 <script type="text/javascript" src="../../../vendor/jquery/sizzle/sizzle.js"></script> 
 	<script type="text/javascript">
 	$(document).ready(function()