From 89bc5a5d9dbeb01f562e8a6c583bcfeffea6cab3 Mon Sep 17 00:00:00 2001
From: SimonGschnell <simongschnell@gmail.com>
Date: Thu, 8 Feb 2024 11:48:14 +0100
Subject: [PATCH] Assistenten koennen nur Profil Aenderungen von Studenten
 ansehen deren Organisationseinheit in den Berechtigung des Assistenten
 vorhanden sind (und kleiner sessionStorage fix der einen String zu Boolean
 converted)

---
 .../models/person/Profil_update_model.php     | 24 ++++++++++++--
 public/js/apps/Cis/ProfilUpdateRequests.js    | 33 +++++++++++--------
 2 files changed, 41 insertions(+), 16 deletions(-)

diff --git a/application/models/person/Profil_update_model.php b/application/models/person/Profil_update_model.php
index c71aa5b98..2fbecb27c 100755
--- a/application/models/person/Profil_update_model.php
+++ b/application/models/person/Profil_update_model.php
@@ -58,11 +58,30 @@ class Profil_update_model extends DB_Model
 		
 		$studentBerechtigung = $this->permissionlib->isBerechtigt('student/stammdaten','s');
 		$mitarbeiterBerechtigung = $this->permissionlib->isBerechtigt('mitarbeiter/stammdaten','s');
+		$oe_berechtigung = $this->permissionlib->getOE_isEntitledFor('student/stammdaten');
 		
 		$res =[];
+		
 		if($studentBerechtigung) {
-			$this->addJoin('tbl_student','tbl_student.student_uid=tbl_profil_update.uid');
-			$studentRequests = $this->loadWhere($whereClause);
+			//? Nur wenn der/die AssistentIn auch die Berechtigung in der gleichen Organisationseinheit des Studenten hat
+			$parameters = [];
+			$query="
+			SELECT * FROM public.tbl_profil_update 
+			JOIN public.tbl_student ON public.tbl_student.student_uid=public.tbl_profil_update.uid
+			JOIN public.tbl_prestudent ON public.tbl_prestudent.prestudent_id=public.tbl_student.prestudent_id
+			JOIN public.tbl_studiengang ON public.tbl_studiengang.studiengang_kz=public.tbl_prestudent.studiengang_kz
+			JOIN public.tbl_organisationseinheit ON public.tbl_organisationseinheit.oe_kurzbz=public.tbl_studiengang.oe_kurzbz
+			Where public.tbl_studiengang.oe_kurzbz IN ? ";
+			$parameters[]=$oe_berechtigung;
+			if($whereClause){
+				foreach($whereClause as $key=>$value){
+					$parameters[] = $value;
+					$query .=  " AND ".$key." = ?";
+				} 
+			}
+			
+			$studentRequests =$this->execReadOnlyQuery($query,$parameters);
+			
 			if(isError($studentRequests)) return error("db error: ". getData($studentRequests));
 			$studentRequests = getData($studentRequests)?:[]; 
 			foreach($studentRequests as $request){
@@ -70,6 +89,7 @@ class Profil_update_model extends DB_Model
 			}
 		}
 		if($mitarbeiterBerechtigung) {
+			
 			$this->addJoin('tbl_mitarbeiter','tbl_mitarbeiter.mitarbeiter_uid=tbl_profil_update.uid');
 			$mitarbeiterRequests = $this->loadWhere($whereClause);
 			if(isError($mitarbeiterRequests)) return error("db error: ". getData($mitarbeiterRequests));
diff --git a/public/js/apps/Cis/ProfilUpdateRequests.js b/public/js/apps/Cis/ProfilUpdateRequests.js
index 43c7257d5..188406e84 100755
--- a/public/js/apps/Cis/ProfilUpdateRequests.js
+++ b/public/js/apps/Cis/ProfilUpdateRequests.js
@@ -29,7 +29,22 @@ const app = Vue.createApp({
   data() {
     return {
       showAll: false,
+      
       profil_updates_table_options: {
+        ajaxURL:
+          FHC_JS_DATA_STORAGE_OBJECT.app_root +
+          FHC_JS_DATA_STORAGE_OBJECT.ci_router +
+          `/Cis/ProfilUpdate/`,
+
+        ajaxURLGenerator: (url, config, params) => {
+          //? this function needs to be an array function in order to access the this properties of the Vue component
+          console.log("showAll printed here:", this.showAll);
+          if (this.showAll) {
+            return url + "getProfilUpdates";
+          } else {
+            return url + "getProfilUpdates/pending";
+          }
+        },
         ajaxResponse: function (url, params, response) {
           //url - the URL of the request
           //params - the parameters passed with the request
@@ -118,19 +133,7 @@ const app = Vue.createApp({
           }
           return menu;
         },
-        ajaxURL:
-          FHC_JS_DATA_STORAGE_OBJECT.app_root +
-          FHC_JS_DATA_STORAGE_OBJECT.ci_router +
-          `/Cis/ProfilUpdate/`,
-
-        ajaxURLGenerator: (url, config, params) => {
-          //? this function needs to be an array function in order to access the this properties of the Vue component
-          if (this.showAll) {
-            return url + "getProfilUpdates";
-          } else {
-            return url + "getProfilUpdates/pending";
-          }
-        },
+        
         height: 600,
         layout: "fitColumns",
 
@@ -241,7 +244,9 @@ const app = Vue.createApp({
   },
   mounted() {
     if (!(sessionStorage.getItem("showAll") === null)) {
-      this.showAll = JSON.parse(sessionStorage.getItem("showAll"));
+      //? converting string into a boolean: https://sentry.io/answers/how-can-i-convert-a-string-to-a-boolean-in-javascript/
+      this.showAll = sessionStorage.getItem("showAll")==="true";
+      
     }
   },
   template: `