add checkBerechtigungen for Notes person_id and notes prestudent_id

This commit is contained in:
ma0068
2025-10-10 14:15:40 +02:00
parent 204ae1a469
commit c7f2b145bf
4 changed files with 174 additions and 15 deletions
@@ -20,6 +20,66 @@ class NotizPerson extends Notiz_Controller
'isBerechtigt' => ['admin:r', 'assistenz:r'],
'getCountNotes' => ['admin:r', 'assistenz:r'],
]);
//Load Models
$this->load->model('person/Benutzer_model', 'BenutzerModel');
$this->load->model('crm/Student_model', 'StudentModel');
//Permission checks for allowed Oes
if ($this->router->method == 'addNewNotiz')
{
$json = $this->input->post('data');
$post_data = json_decode($json, true);
$person_id = $post_data['id'];
$allowedStgs = $this->permissionlib->getSTG_isEntitledFor('assistenz') ?: [];
if(!$person_id)
{
return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Person ID']), self::ERROR_TYPE_GENERAL);
}
$this->_checkIfBerechtigungForOneUidExists($person_id, $allowedStgs);
}
if ( $this->router->method == 'updateNotiz')
{
$json = $this->input->post('data');
$post_data = json_decode($json, true);
$notiz_id = $post_data['notiz_id'];
if(!$notiz_id)
{
return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Notiz ID']), self::ERROR_TYPE_GENERAL);
}
//get person_id
$result = $this->NotizzuordnungModel->loadWhere(['notiz_id' => $notiz_id]);
$data = $this->getDataOrTerminateWithError($result);
$person_id = current($data)->person_id;
$allowedStgs = $this->permissionlib->getSTG_isEntitledFor('assistenz') ?: [];
$this->_checkIfBerechtigungForOneUidExists($person_id, $allowedStgs);
}
if ($this->router->method == 'deleteNotiz' )
{
$notiz_id = $this->input->post('notiz_id');
$person_id = $this->input->post('id');
if(!$notiz_id)
{
return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Notiz ID']), self::ERROR_TYPE_GENERAL);
}
if(!$person_id)
{
return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'person ID']), self::ERROR_TYPE_GENERAL);
}
$allowedStgs = $this->permissionlib->getSTG_isEntitledFor('assistenz') ?: [];
$this->_checkIfBerechtigungForOneUidExists($person_id, $allowedStgs);
}
}
public function isBerechtigt($id, $typeId)
@@ -29,7 +89,6 @@ class NotizPerson extends Notiz_Controller
$this->terminateWithError($this->p->t('ui', 'error_typeNotizIdIncorrect'), self::ERROR_TYPE_GENERAL);
}
//TODO define permission
if (!$this->permissionlib->isBerechtigt('admin', 'suid') && !$this->permissionlib->isBerechtigt('assistenz', 'suid'))
{
$result = $this->p->t('lehre', 'error_keineSchreibrechte');
@@ -39,13 +98,45 @@ class NotizPerson extends Notiz_Controller
$this->terminateWithSuccess("berechtigt in überschreibender Funktion");
}
public function loadDokumente()
//stv: if person has permission of one studiengang of person -> permission to add/update/delete Note
private function _checkIfBerechtigungForOneUidExists($person_id, $allowedStgs)
{
$notiz_id = $this->input->post('notiz_id');
//get all studentUids of person_id
$result = $this->BenutzerModel->loadWhere(['person_id' => $person_id]);
$data = $this->getDataOrTerminateWithError($result);
// TODO(chris): make CI variant of endpoint
$this->NotizModel->addSelect($this->NotizModel->escape(base_url('content/notizdokdownload.php?id=')) . ' || campus.tbl_dms_version.dms_id AS preview');
return parent::loadDokumente();
$checkarray = [];
foreach ($data as $item)
{
//check if isStudent
$result = $this->StudentModel->isStudent($item->uid);
$isStudent = $this->getDataOrTerminateWithError($result);
if($isStudent)
{
$checkarray[] = $this->_checkAllowedStgsFromUid($item->uid, $allowedStgs);
}
}
if (!in_array(1, $checkarray))
return $this->terminateWithError($this->p->t('ui', 'error_keineBerechtigungStg'), self::ERROR_TYPE_GENERAL);
}
private function _checkAllowedStgsFromUid($student_uid, $allowedStgs)
{
$this->load->model('crm/Student_model', 'StudentModel');
$result = $this->StudentModel->loadWhere(['student_uid' => $student_uid]);
$data = $this->getDataOrTerminateWithError($result);
$studiengang_kz = current($data)->studiengang_kz;
if (!in_array($studiengang_kz, $allowedStgs))
{
return 0;
}
else
{
return 1;
}
}
}
@@ -15,6 +15,7 @@ class NotizPrestudent extends Notiz_Controller
//Load Models
$this->load->model('person/Notiz_model', 'NotizModel');
$this->load->model('person/Notizzuordnung_model', 'NotizzuordnungModel');
$this->load->model('crm/Student_model', 'StudentModel');
// Load Libraries
$this->load->library('VariableLib', ['uid' => getAuthUID()]);
@@ -23,6 +24,63 @@ class NotizPrestudent extends Notiz_Controller
$this->loadPhrases([
'ui'
]);
//Permission checks for Studiengangsarray
$allowedStgs = $this->permissionlib->getSTG_isEntitledFor('assistenz') ?: [];
if ($this->router->method == 'addNewNotiz')
{
$json = $this->input->post('data');
$post_data = json_decode($json, true);
$prestudent_id = $post_data['id'];
if(!$prestudent_id)
{
return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Lehreinheit ID']), self::ERROR_TYPE_GENERAL);
}
$this->_checkAllowedOesFromPrestudent($prestudent_id, $allowedStgs);
}
if ($this->router->method == 'updateNotiz')
{
$json = $this->input->post('data');
$post_data = json_decode($json, true);
$notiz_id = $post_data['notiz_id'];
if(!$notiz_id)
{
return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Notiz ID']), self::ERROR_TYPE_GENERAL);
}
//get prestudent_id
$result = $this->NotizzuordnungModel->loadWhere(['notiz_id' => $notiz_id]);
$data = $this->getDataOrTerminateWithError($result);
$prestudent_id = current($data)->prestudent_id;
if(!$prestudent_id)
{
return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Prestudent ID']), self::ERROR_TYPE_GENERAL);
}
$this->_checkAllowedOesFromPrestudent($prestudent_id, $allowedStgs);
}
if ($this->router->method == 'deleteNotiz')
{
$notiz_id = $this->input->post('notiz_id');
$prestudent_id = $this->input->post('id');
if(!$notiz_id)
{
return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Notiz ID']), self::ERROR_TYPE_GENERAL);
}
if(!$prestudent_id)
{
return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Prestudent ID']), self::ERROR_TYPE_GENERAL);
}
$this->_checkAllowedOesFromPrestudent($prestudent_id, $allowedStgs);
}
}
public function isBerechtigt($id, $typeId)
@@ -32,7 +90,6 @@ class NotizPrestudent extends Notiz_Controller
$this->terminateWithError($this->p->t('ui','error_typeNotizIdIncorrect'), self::ERROR_TYPE_GENERAL);
}
//TODO define permission
if(!$this->permissionlib->isBerechtigt('admin', 'suid') && !$this->permissionlib->isBerechtigt('assistenz', 'suid'))
{
$result = $this->p->t('lehre','error_keineSchreibrechte');
@@ -41,4 +98,20 @@ class NotizPrestudent extends Notiz_Controller
}
$this->terminateWithSuccess("berechtigt in überschreibender Funktion");
}
private function _checkAllowedOesFromPrestudent($prestudent_id, $allowedStgs)
{
$student_uid = $this->StudentModel->getUID($prestudent_id);
$result = $this->StudentModel->loadWhere(['student_uid' => $student_uid]);
$data = $this->getDataOrTerminateWithError($result);
$studiengang_kz = current($data)->studiengang_kz;
if (!in_array($studiengang_kz, $allowedStgs))
{
return $this->terminateWithError($this->p->t('ui', 'error_keineBerechtigungStg'), self::ERROR_TYPE_GENERAL);
}
}
}
@@ -517,7 +517,7 @@ class Students extends FHCAPI_Controller
$this->terminateWithSuccess($data);
}
/**
* @param string $prestudent_id
*
@@ -15,10 +15,7 @@ class Tags extends Tag_Controller
'addTag' => self::BERECHTIGUNG_KURZBZ,
'updateTag' => self::BERECHTIGUNG_KURZBZ,
'doneTag' => self::BERECHTIGUNG_KURZBZ,
'deleteTag' => self::BERECHTIGUNG_KURZBZ,
/* 'updateLehre' => self::BERECHTIGUNG_KURZBZ,
'doneLehre' => self::BERECHTIGUNG_KURZBZ,
'deleteLehre' => self::BERECHTIGUNG_KURZBZ,*/
'deleteTag' => self::BERECHTIGUNG_KURZBZ
]);
$this->config->load('stv');
@@ -26,12 +23,10 @@ class Tags extends Tag_Controller
public function getTag($readonly_tags = null)
{
// console.log("in this endpoint. getTags");
parent::getTag($this->config->item('stv_prestudent_tags'));
}
public function getTags($tags = null)
{
// $this->terminateWithError(" IN TAGS.PHP ", self::ERROR_TYPE_GENERAL);
parent::getTags($this->config->item('stv_prestudent_tags'));
}
public function addTag($withZuordnung = true, $updatable_tags = null)