From a756881a48974367df9551ee1d7b15caed2d5900 Mon Sep 17 00:00:00 2001
From: ma0068 <ma0068@technikum-wien.at>
Date: Wed, 28 May 2025 09:14:49 +0200
Subject: [PATCH 1/2] refactor delete refactor validation backend add
 permission check for studiengang backend

---
 .../api/frontend/v1/stv/Mobility.php          | 137 ++++++++++++------
 public/js/api/factory/stv/mobility.js         |   7 +-
 .../Details/Mobility/Mobility.js              |  34 +++--
 system/phrasesupdate.php                      |  22 ++-
 4 files changed, 137 insertions(+), 63 deletions(-)

diff --git a/application/controllers/api/frontend/v1/stv/Mobility.php b/application/controllers/api/frontend/v1/stv/Mobility.php
index 2ab0ac682..58b71f008 100644
--- a/application/controllers/api/frontend/v1/stv/Mobility.php
+++ b/application/controllers/api/frontend/v1/stv/Mobility.php
@@ -40,13 +40,54 @@ class Mobility extends FHCAPI_Controller
 
 		// Load models
 		$this->load->model('codex/Bisio_model', 'BisioModel');
+
+		//Permission checks for Studiengangsarray
+		$allowedStgs = $this->permissionlib->getSTG_isEntitledFor('assistenz') ?: [];
+
+		if ($this->router->method == 'insertMobility' || $this->router->method == 'updateMobility')
+		{
+			$student_uid = $this->input->post('uid');
+			if(!$student_uid)
+			{
+				return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Student UID']), self::ERROR_TYPE_GENERAL);
+			}
+			$this->_checkAllowedStgsFromUid($student_uid, $allowedStgs);
+		}
+
+		if ($this->router->method == 'deleteMobility') {
+			$bisio_id = $this->input->post('bisio_id');
+			if(!$bisio_id)
+			{
+				return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Bisio ID']), self::ERROR_TYPE_GENERAL);
+			}
+			$result = $this->BisioModel->load(
+				array('bisio_id' => $bisio_id)
+			);
+			$data = $this->getDataOrTerminateWithError($result);
+			$student_uid = current($data)->student_uid;
+
+			$this->_checkAllowedStgsFromUid($student_uid, $allowedStgs);
+		}
+	}
+
+	private function _checkAllowedStgsFromUid($student_uid, $allowedStgs)
+	{
+		$this->load->model('crm/Student_model', 'StudentModel');
+		$result = $this->StudentModel->loadWhere(['student_uid' => $student_uid]);
+		$data = $this->getDataOrTerminateWithError($result);
+		$studiengang_kz = current($data)->studiengang_kz;
+
+		if (!in_array($studiengang_kz, $allowedStgs))
+		{
+			return $this->terminateWithError($this->p->t('ui', 'error_keineBerechtigungStg'), self::ERROR_TYPE_GENERAL);
+		}
 	}
 
 	public function getMobilitaeten($student_uid)
 	{
 		$this->BisioModel->addSelect("*");
 		$this->BisioModel->addJoin('bis.tbl_mobilitaetsprogramm mp', 'ON (mp.mobilitaetsprogramm_code = bis.tbl_bisio.mobilitaetsprogramm_code)', 'LEFT');
-		$this->BisioModel->addJoin('lehre.tbl_lehreinheit le', 'ON (le.lehreinheit_id = bis.tbl_bisio.lehreinheit_id)','LEFT');
+		$this->BisioModel->addJoin('lehre.tbl_lehreinheit le', 'ON (le.lehreinheit_id = bis.tbl_bisio.lehreinheit_id)', 'LEFT');
 		$this->BisioModel->addOrder('von', 'DESC');
 		$this->BisioModel->addOrder('bis', 'DESC');
 		$this->BisioModel->addOrder('bisio_id', 'DESC');
@@ -83,14 +124,20 @@ class Mobility extends FHCAPI_Controller
 
 		$formData = $this->input->post('formData');
 
-		$_POST['von'] =	(isset($formData['von']) && !empty($formData['von'])) ? $formData['von'] : null;
-		$_POST['bis'] =	(isset($formData['bis']) && !empty($formData['bis'])) ? $formData['bis'] : null;
-		$_POST['nation_code'] =	(isset($formData['nation_code']) && !empty($formData['nation_code'])) ? $formData['nation_code'] : 'A';
-		$_POST['mobilitaetsprogramm_code'] = (isset($formData['mobilitaetsprogramm_code']) && !empty($formData['mobilitaetsprogramm_code'])) ? $formData['mobilitaetsprogramm_code'] : null;
-		$_POST['herkunftsland_code'] = (isset($formData['herkunftsland_code']) && !empty($formData['herkunftsland_code'])) ? $formData['herkunftsland_code'] : 'A';
-		$_POST['ects_erworben'] = (isset($formData['ects_erworben']) && !empty($formData['ects_erworben'])) ? $formData['ects_erworben'] : null;
-		$_POST['ects_angerechnet'] = (isset($formData['ects_angerechnet']) && !empty($formData['ects_angerechnet'])) ? $formData['ects_angerechnet'] : null;
-		$_POST['lehreinheit_id'] = (isset($formData['lehreinheit_id']) && !empty($formData['lehreinheit_id'])) ? $formData['lehreinheit_id'] : null;
+		$von = $formData['von'] ?? null;
+		$bis = $formData['bis'] ?? null;
+		$nation_code = $formData['nation_code'] ?? null;
+		$mobilitaetsprogramm_code = $formData['mobilitaetsprogramm_code'] ?? null;
+		$herkunftsland_code = $formData['herkunftsland_code'] ?? null;
+		$ects_erworben = $formData['ects_erworben'] ?? null;
+		$ects_angerechnet = $formData['ects_angerechnet'] ?? null;
+		$lehreinheit_id = $formData['lehreinheit_id'] ?? null;
+		$ort = $formData['ort'] ?? null;
+		$universitaet = $formData['universitaet'] ?? null;
+		$localPurposes = $formData['localPurposes'] ?? null;
+		$localSupports = $formData['localSupports'] ?? null;
+
+		$this->form_validation->set_data($formData);
 
 		$this->form_validation->set_rules('nation_code', 'Nation_code', 'required', [
 			'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'Nation_code'])
@@ -126,23 +173,18 @@ class Mobility extends FHCAPI_Controller
 			$this->terminateWithValidationErrors($this->form_validation->error_array());
 		}
 
-		$ort =	(isset($formData['ort']) && !empty($formData['ort'])) ? $formData['ort'] : null;
-		$universitaet =	(isset($formData['universitaet']) && !empty($formData['universitaet'])) ? $formData['universitaet'] : null;
-		$localPurposes = (isset($formData['localPurposes']) && !empty($formData['localPurposes'])) ? $formData['localPurposes'] : null;
-		$localSupports = (isset($formData['localSupports']) && !empty($formData['localSupports'])) ? $formData['localSupports'] : null;
-
 		$result = $this->BisioModel->insert([
 			'student_uid' => $student_uid,
-			'von' => $_POST['von'],
-			'bis' => $_POST['bis'],
-			'mobilitaetsprogramm_code' => $_POST['mobilitaetsprogramm_code'],
-			'nation_code' => $_POST['nation_code'],
-			'herkunftsland_code' => $_POST['herkunftsland_code'],
-			'lehreinheit_id' => $_POST['lehreinheit_id'],
+			'von' => $von,
+			'bis' => $bis,
+			'mobilitaetsprogramm_code' => $mobilitaetsprogramm_code,
+			'nation_code' => $nation_code,
+			'herkunftsland_code' => $herkunftsland_code,
+			'lehreinheit_id' => $lehreinheit_id,
 			'ort' => $ort,
 			'universitaet' => $universitaet,
-			'ects_erworben' => $_POST['ects_erworben'] ,
-			'ects_angerechnet' => $_POST['ects_angerechnet'],
+			'ects_erworben' => $ects_erworben ,
+			'ects_angerechnet' => $ects_angerechnet,
 			'insertamum' => date('c'),
 			'insertvon' => $authUID,
 		]);
@@ -171,7 +213,7 @@ class Mobility extends FHCAPI_Controller
 	{
 		$this->BisioModel->addSelect("*");
 		$this->BisioModel->addJoin('bis.tbl_mobilitaetsprogramm mp', 'ON (mp.mobilitaetsprogramm_code = bis.tbl_bisio.mobilitaetsprogramm_code)', 'LEFT');
-		$this->BisioModel->addJoin('lehre.tbl_lehreinheit le', 'ON (le.lehreinheit_id = bis.tbl_bisio.lehreinheit_id)','LEFT');
+		$this->BisioModel->addJoin('lehre.tbl_lehreinheit le', 'ON (le.lehreinheit_id = bis.tbl_bisio.lehreinheit_id)', 'LEFT');
 		$result = $this->BisioModel->loadWhere(
 			array('bisio_id' => $bisio_id)
 		);
@@ -194,14 +236,18 @@ class Mobility extends FHCAPI_Controller
 		}
 		$formData = $this->input->post('formData');
 
-		$_POST['von'] =	(isset($formData['von']) && !empty($formData['von'])) ? $formData['von'] : null;
-		$_POST['bis'] =	(isset($formData['bis']) && !empty($formData['bis'])) ? $formData['bis'] : null;
-		$_POST['nation_code'] =	(isset($formData['nation_code']) && !empty($formData['nation_code'])) ? $formData['nation_code'] : 'A';
-		$_POST['mobilitaetsprogramm_code'] = (isset($formData['mobilitaetsprogramm_code']) && !empty($formData['mobilitaetsprogramm_code'])) ? $formData['mobilitaetsprogramm_code'] : null;
-		$_POST['herkunftsland_code'] = (isset($formData['herkunftsland_code']) && !empty($formData['herkunftsland_code'])) ? $formData['herkunftsland_code'] : 'A';
-		$_POST['ects_erworben']  = (isset($formData['ects_erworben']) && !empty($formData['ects_erworben'])) ? $formData['ects_erworben'] : null;
-		$_POST['ects_angerechnet'] = (isset($formData['ects_angerechnet']) && !empty($formData['ects_angerechnet'])) ? $formData['ects_angerechnet'] : null;
-		$_POST['lehreinheit_id'] = (isset($formData['lehreinheit_id']) && !empty($formData['lehreinheit_id'])) ? $formData['lehreinheit_id'] : null;
+		$von = $formData['von'] ?? null;
+		$bis = $formData['bis'] ?? null;
+		$nation_code = $formData['nation_code'] ?? null;
+		$mobilitaetsprogramm_code = $formData['mobilitaetsprogramm_code'] ?? null;
+		$herkunftsland_code = $formData['herkunftsland_code'] ?? null;
+		$ects_erworben = $formData['ects_erworben'] ?? null;
+		$ects_angerechnet = $formData['ects_angerechnet'] ?? null;
+		$lehreinheit_id = $formData['lehreinheit_id'] ?? null;
+		$ort = $formData['ort'] ?? null;
+		$universitaet = $formData['universitaet'] ?? null;
+
+		$this->form_validation->set_data($formData);
 
 		$this->form_validation->set_rules('nation_code', 'Nation_code', 'required', [
 			'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'Nation_code'])
@@ -209,6 +255,7 @@ class Mobility extends FHCAPI_Controller
 		$this->form_validation->set_rules('herkunftsland_code', 'Herkunftsland_code', 'required', [
 			'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'Herkunftsland_code'])
 		]);
+
 		$this->form_validation->set_rules('mobilitaetsprogramm_code', 'Mobilitaetsprogramm_code', 'required', [
 			'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'Mobilitaetsprogramm_code'])
 		]);
@@ -243,16 +290,17 @@ class Mobility extends FHCAPI_Controller
 			],
 			[
 				'student_uid' => $student_uid,
-				'von' => $_POST['von'],
-				'bis' => $_POST['bis'],
-				'mobilitaetsprogramm_code' => $_POST['mobilitaetsprogramm_code'],
-				'nation_code' => $_POST['nation_code'],
-				'herkunftsland_code' => $_POST['herkunftsland_code'],
-				'lehreinheit_id' => $_POST['lehreinheit_id'],
-				'ort' => $formData['ort'],
-				'universitaet' => $formData['universitaet'],
-				'ects_erworben' => $_POST['ects_erworben'] ,
-				'ects_angerechnet' => $_POST['ects_angerechnet'],
+
+				'von' => $von,
+				'bis' => $bis,
+				'mobilitaetsprogramm_code' => $mobilitaetsprogramm_code,
+				'nation_code' => $nation_code,
+				'herkunftsland_code' => $herkunftsland_code,
+				'lehreinheit_id' => $lehreinheit_id,
+				'ort' => $ort,
+				'universitaet' => $universitaet,
+				'ects_erworben' => $ects_erworben ,
+				'ects_angerechnet' => $ects_angerechnet,
 				'updateamum' => date('c'),
 				'updatevon' => $authUID,
 			]
@@ -263,12 +311,14 @@ class Mobility extends FHCAPI_Controller
 		$this->terminateWithSuccess(current($data));
 	}
 
-	public function deleteMobility($bisio_id)
+	public function deleteMobility()
 	{
-		//check if extension table exists
+		$bisio_id = $this->input->post('bisio_id');
+
 		$result =  $this->BisioModel->tableExists('extension', 'tbl_mo_bisioidzuordnung');
 		$data = $this->getDataOrTerminateWithError($result);
 
+
 		//if table exists check if existing entry
 		if(!empty($data))
 		{
@@ -475,7 +525,6 @@ class Mobility extends FHCAPI_Controller
 		if($local_support){
 			$aufenthaltfoerderung_code = $local_support;
 		}
-
 		$this->load->model('codex/Bisioaufenthaltfoerderung_model', 'BisioaufenthaltfoerderungModel');
 
 		if(!$local_support)
diff --git a/public/js/api/factory/stv/mobility.js b/public/js/api/factory/stv/mobility.js
index 262dbcf55..fc4fd17b4 100644
--- a/public/js/api/factory/stv/mobility.js
+++ b/public/js/api/factory/stv/mobility.js
@@ -51,7 +51,8 @@ export default {
 	deleteMobility(bisio_id) {
 		return {
 			method: 'post',
-			url: 'api/frontend/v1/stv/mobility/deleteMobility/' + bisio_id
+			url: 'api/frontend/v1/stv/mobility/deleteMobility/',
+			params: { bisio_id }
 		};
 	},
 	getLVList(studiengang_kz) {
@@ -100,7 +101,7 @@ export default {
 	deleteMobilityPurpose(params) {
 		return {
 			method: 'post',
-			url: 'api/frontend/v1/stv/mobility/deleteMobilityPurpose/' + params.bisio_id,
+			url: 'api/frontend/v1/stv/mobility/deleteMobilityPurpose/',
 			params
 		};
 	},
@@ -108,7 +109,7 @@ export default {
 		return {
 			method: 'post',
 			url: 'api/frontend/v1/stv/mobility/addMobilityPurpose/' + params.bisio_id,
-			params
+			params: params
 		};
 	},
 	deleteMobilitySupport(params) {
diff --git a/public/js/components/Stv/Studentenverwaltung/Details/Mobility/Mobility.js b/public/js/components/Stv/Studentenverwaltung/Details/Mobility/Mobility.js
index a56987318..44f6b72fb 100644
--- a/public/js/components/Stv/Studentenverwaltung/Details/Mobility/Mobility.js
+++ b/public/js/components/Stv/Studentenverwaltung/Details/Mobility/Mobility.js
@@ -27,6 +27,10 @@ export default {
 		currentSemester: {
 			from: 'currentSemester',
 		},
+		hasAssistenzPermissionForStgs: {
+			from: 'hasAssistenzPermissionForStgs',
+			default: false
+		},
 	},
 	props: {
 		student: Object
@@ -160,8 +164,8 @@ export default {
 				bisio_id: null,
 				localPurposes: [],
 				localSupports: [],
-				lehrveranstaltung_id: '',
-				lehreinheit_id: ''
+				lehrveranstaltung_id: null,
+				lehreinheit_id: null
 			},
 			statusNew: true,
 			programsMobility: [],
@@ -184,6 +188,10 @@ export default {
 		lv_teile(){
 			return this.listLvsAndLes.filter(lv => lv.lehreinheit_id == this.formData.lehreinheit_id);
 		},
+		isBerechtigtForStudiengang(){
+			const currentKz = this.student.studiengang_kz.toString();
+			return this.hasAssistenzPermissionForStgs.includes(currentKz);
+		}
 	},
 	methods: {
 		actionNewMobility() {
@@ -239,7 +247,7 @@ export default {
 			this.loadItems();
 		},
 		resetLehreinheit(){
-			this.formData.lehreinheit_id = '';
+			this.formData.lehreinheit_id = null;
 		},
 		getLehreinheiten(lv_id, studiensemester_kurzbz) {
 			const data = {
@@ -264,12 +272,7 @@ export default {
 				.call(ApiStvMobility.loadMobility(bisio_id))
 				.then(result => {
 					this.formData = result.data;
-					if(this.formData.lehrveranstaltung_id === null) {
-						this.formData.lehrveranstaltung_id = '';
-					}
-					if(this.formData.lehreinheit_id === null) {
-						this.formData.lehreinheit_id = '';
-					}
+
 					if(this.formData.lehrveranstaltung_id > 0 ) {
 						this.loadItems();
 					}
@@ -291,6 +294,8 @@ export default {
 				.catch(this.$fhcAlert.handleSystemError)
 				.finally(() => {
 					this.reload();
+					this.$refs.purposes.resetLocalData();
+					this.$refs.supports.resetLocalData();
 				});
 		},
 		deleteMobility(bisio_id) {
@@ -314,8 +319,8 @@ export default {
 			this.formData.bisio_id = null;
 			this.formData.localPurposes = [];
 			this.formData.localSupports = [];
-			this.formData.lehrveranstaltung_id = '',
-			this.formData.lehreinheit_id = '',
+			this.formData.lehrveranstaltung_id = null,
+			this.formData.lehreinheit_id = null,
 			this.statusNew = true;
 			this.listLes = [];
 		},
@@ -444,14 +449,13 @@ export default {
 				<p v-else class="fw-bold mt-3">{{$p.t('mobility', 'mobility_bearbeiten')}}</p>
 			</template>
 
-
 			<form-form v-if="!this.student.length" ref="formMobility" @submit.prevent>
 
 				<div class="row my-3">
 					<legend class="col-6">BIS</legend>
 					<legend class="col-6">Outgoing</legend>
 				</div>
-				
+
 				<div class="row mb-3">
 					<form-input
 						container-class="col-6 stv-details-mobility-von"
@@ -474,7 +478,7 @@ export default {
 						name="lehrveranstaltung_id"
 						@change="handleLVchanged"
 						>
-						<option value=""> -- {{ $p.t('fehlermonitoring', 'keineAuswahl') }} --</option>
+						<option value=null> -- {{ $p.t('fehlermonitoring', 'keineAuswahl') }} --</option>
 						<option
 							v-for="lv in listLvs"
 							:key="lv.lehrveranstaltung_id"
@@ -507,7 +511,7 @@ export default {
 						name="lehreinheit_id"
 						:disabled="listLes.length > 0 ? false : true"
 						>
-						<option value=""> -- {{ $p.t('fehlermonitoring', 'keineAuswahl') }} --</option>
+						<option value=null> -- {{ $p.t('fehlermonitoring', 'keineAuswahl') }} --</option>
 						<option
 							v-for="le in listLes"
 							:key="le.lehreinheit_id"
diff --git a/system/phrasesupdate.php b/system/phrasesupdate.php
index 0203b3c2f..4e8bde26f 100644
--- a/system/phrasesupdate.php
+++ b/system/phrasesupdate.php
@@ -41873,8 +41873,28 @@ and represent the current state of research on the topic. The prescribed citatio
 				'insertvon' => 'system'
 			)
 		)
-	)
+	),
 	// PROJEKTARBEITSBEURTEILUNG SS2025 ENDE ---------------------------------------------------------------------------
+	array(
+		'app' => 'core',
+		'category' => 'ui',
+		'phrase' => 'error_keineBerechtigungStg',
+		'insertvon' => 'system',
+		'phrases' => array(
+			array(
+				'sprache' => 'German',
+				'text' => 'Sie haben keine Berechtigung, für diesen Studiengang Daten zu ändern',
+				'description' => '',
+				'insertvon' => 'system'
+			),
+			array(
+				'sprache' => 'English',
+				'text' => 'You do not have permission to change data for this study program',
+				'description' => '',
+				'insertvon' => 'system'
+			)
+		)
+	),
 );
 
 

From 96fcff3adef93e6c82f30b2e24049b171e610bc3 Mon Sep 17 00:00:00 2001
From: ma0068 <ma0068@technikum-wien.at>
Date: Mon, 2 Jun 2025 13:47:49 +0200
Subject: [PATCH 2/2] add Event mobility_delete

---
 .../api/frontend/v1/stv/Mobility.php          | 26 +++----------------
 application/models/codex/Bisio_model.php      | 23 ----------------
 2 files changed, 4 insertions(+), 45 deletions(-)

diff --git a/application/controllers/api/frontend/v1/stv/Mobility.php b/application/controllers/api/frontend/v1/stv/Mobility.php
index 58b71f008..f61816086 100644
--- a/application/controllers/api/frontend/v1/stv/Mobility.php
+++ b/application/controllers/api/frontend/v1/stv/Mobility.php
@@ -3,6 +3,7 @@
 if (! defined('BASEPATH')) exit('No direct script access allowed');
 
 use \DateTime as DateTime;
+use CI3_Events as Events;
 
 class Mobility extends FHCAPI_Controller
 {
@@ -315,28 +316,8 @@ class Mobility extends FHCAPI_Controller
 	{
 		$bisio_id = $this->input->post('bisio_id');
 
-		$result =  $this->BisioModel->tableExists('extension', 'tbl_mo_bisioidzuordnung');
-		$data = $this->getDataOrTerminateWithError($result);
-
-
-		//if table exists check if existing entry
-		if(!empty($data))
-		{
-			$this->BisioModel->addSelect("count(*)");
-			$this->BisioModel->addJoin('extension.tbl_mo_bisioidzuordnung mo', 'ON (mo.bisio_id = bis.tbl_bisio.bisio_id)', 'LEFT');
-
-			$resultCheckMo = $this->BisioModel->loadWhere(
-				array('mo.bisio_id' => $bisio_id)
-			);
-
-			$resultCheckMo = $this->getDataOrTerminateWithError($resultCheckMo);
-			$count = current($resultCheckMo)->count;
-
-			$existsInExtension = $count > 0 ? true : false;
-
-			if($existsInExtension)
-				$this->terminateWithError($this->p->t('mobility', 'error_existingEntryInExtension'), self::ERROR_TYPE_GENERAL);
-		}
+		//check if entry in MobilityOnline extension exists
+		Events::trigger('mobility_delete', $bisio_id);
 
 		$result = $this->BisioModel->delete(
 			array('bisio_id' => $bisio_id)
@@ -344,6 +325,7 @@ class Mobility extends FHCAPI_Controller
 
 		$data = $this->getDataOrTerminateWithError($result);
 		$this->terminateWithSuccess($data);
+
 	}
 
 	public function getLVList($studiengang_kz)
diff --git a/application/models/codex/Bisio_model.php b/application/models/codex/Bisio_model.php
index 5ecd4bb51..1cff1dc54 100644
--- a/application/models/codex/Bisio_model.php
+++ b/application/models/codex/Bisio_model.php
@@ -44,27 +44,4 @@ class Bisio_model extends DB_Model
 		else
 			return success("Bisio not found");
 	}
-
-	/**
-	 * checks, if an (extension) table exists to avoid later errors
-	 * @param String $schema like 'extension'
-	 * @param String $table like 'tbl_mo_bisiozuordnung'
-	 * @return boolean
-	 */
-	public function tableExists($schema, $table)
-	{
-		$params = array($schema, $table);
-
-		$qry = "SELECT
-				  1
-				FROM
-				  information_schema.role_table_grants
-				WHERE
-				    table_schema = ?
-				AND table_name = ?";
-
-		$result =  $this->execQuery($qry, $params);
-
-		return $result;
-	}
 }