blackicedbear/FHC-Core
1
0
Fork 0
mirror of https://github.com/FH-Complete/FHC-Core.git synced 2026-06-02 04:39:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

permission check bug fixed

Browse Source
This commit is contained in:
ma0048
2025-07-23 14:14:03 +02:00
parent 9fa23a1471
commit 96cb546b68
5 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
application/controllers/api/frontend/v1/lv/Lehreinheit.php
+3 -1
View File
@@ -414,7 +414,9 @@ class Lehreinheit extends FHCAPI_Controller
if (isError($result))
$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
$oe_array = $result;
$oe_array = [];
if (hasData($result))
$oe_array = getData($result);
if (!$this->_ci->permissionlib->isBerechtigtMultipleOe('admin', $oe_array, 'suid') &&
!$this->_ci->permissionlib->isBerechtigtMultipleOe('assistenz', $oe_array, 'suid') &&
application/controllers/api/frontend/v1/lv/Lektor.php
+3 -1
View File
@@ -284,7 +284,9 @@ class Lektor extends FHCAPI_Controller
if (isError($result))
$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
$oe_array = $result;
$oe_array = [];
if (hasData($result))
$oe_array = getData($result);
return $this->checkPermissionGenerel($permissions, $oe_array);
}
application/models/ressource/Stundenplandev_model.php
+3 -2
View File
@@ -223,13 +223,14 @@ class Stundenplandev_model extends DB_Model
public function deleteLektorPlanning($lehreinheit_id, $mitarbeiter_uid)
{
$this->addDistinct('mitarbeiter_uid');
//TODO (david) prüfen ob der check notwendig ist
/*$this->addDistinct('mitarbeiter_uid');
$this->addSelect('mitarbeiter_uid');
$stundenplan_result = $this->loadWhere(array('lehreinheit_id' => $lehreinheit_id));
$stundenplan_array = hasData($stundenplan_result) ? (getData($stundenplan_result)) : array();
if (sizeof($stundenplan_array) <= 1)
return error('Diese/r LektorIn kann nicht aus dem LVPlan entfernt werden da dies der/die letzte verplante LektorIn ist');
return error('Diese/r LektorIn kann nicht aus dem LVPlan entfernt werden da dies der/die letzte verplante LektorIn ist');*/
$this->addJoin('lehre.tbl_stundenplan_betriebsmittel', 'stundenplandev_id');
$betriebsmittel_result = $this->loadWhere(array('lehreinheit_id' => $lehreinheit_id, 'tbl_stundenplandev.mitarbeiter_uid' => $mitarbeiter_uid));
public/js/api/lehrveranstaltung/gruppe.js
+1 -1
View File
@@ -30,7 +30,7 @@ export default {
{
return {
method: 'post',
url: '/api/frontend/v1/lv/gruppe/deleteLVPlan/',
url: '/api/frontend/v1/lv/gruppe/deleteFromLVPlan/',
params: deleteData
};
},
public/js/components/LVVerwaltung/Lektor/Daten.js
+1
View File
@@ -253,6 +253,7 @@ export default{
<form-input
:label="$p.t('lehre', 'gesamtkosten')"
type="number"
name="gesamtkosten"
container-class="col-3"
readonly
v-model="berechneteGesamtkosten"