diff --git a/application/controllers/api/frontend/v1/notiz/NotizPerson.php b/application/controllers/api/frontend/v1/notiz/NotizPerson.php index 8fd63b83c..7f0645bc6 100644 --- a/application/controllers/api/frontend/v1/notiz/NotizPerson.php +++ b/application/controllers/api/frontend/v1/notiz/NotizPerson.php @@ -20,6 +20,66 @@ class NotizPerson extends Notiz_Controller 'isBerechtigt' => ['admin:r', 'assistenz:r'], 'getCountNotes' => ['admin:r', 'assistenz:r'], ]); + + //Load Models + $this->load->model('person/Benutzer_model', 'BenutzerModel'); + $this->load->model('crm/Student_model', 'StudentModel'); + + //Permission checks for allowed Oes + if ($this->router->method == 'addNewNotiz') + { + $json = $this->input->post('data'); + $post_data = json_decode($json, true); + $person_id = $post_data['id']; + + $allowedStgs = $this->permissionlib->getSTG_isEntitledFor('assistenz') ?: []; + + if(!$person_id) + { + return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Person ID']), self::ERROR_TYPE_GENERAL); + } + $this->_checkIfBerechtigungForOneUidExists($person_id, $allowedStgs); + } + + if ( $this->router->method == 'updateNotiz') + { + $json = $this->input->post('data'); + $post_data = json_decode($json, true); + $notiz_id = $post_data['notiz_id']; + + if(!$notiz_id) + { + return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Notiz ID']), self::ERROR_TYPE_GENERAL); + } + + //get person_id + $result = $this->NotizzuordnungModel->loadWhere(['notiz_id' => $notiz_id]); + + $data = $this->getDataOrTerminateWithError($result); + $person_id = current($data)->person_id; + + $allowedStgs = $this->permissionlib->getSTG_isEntitledFor('assistenz') ?: []; + $this->_checkIfBerechtigungForOneUidExists($person_id, $allowedStgs); + } + + if ($this->router->method == 'deleteNotiz' ) + { + $notiz_id = $this->input->post('notiz_id'); + $person_id = $this->input->post('id'); + + if(!$notiz_id) + { + return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Notiz ID']), self::ERROR_TYPE_GENERAL); + } + + if(!$person_id) + { + return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'person ID']), self::ERROR_TYPE_GENERAL); + } + + $allowedStgs = $this->permissionlib->getSTG_isEntitledFor('assistenz') ?: []; + $this->_checkIfBerechtigungForOneUidExists($person_id, $allowedStgs); + } } public function isBerechtigt($id, $typeId) @@ -29,7 +89,6 @@ class NotizPerson extends Notiz_Controller $this->terminateWithError($this->p->t('ui', 'error_typeNotizIdIncorrect'), self::ERROR_TYPE_GENERAL); } - //TODO define permission if (!$this->permissionlib->isBerechtigt('admin', 'suid') && !$this->permissionlib->isBerechtigt('assistenz', 'suid')) { $result = $this->p->t('lehre', 'error_keineSchreibrechte'); @@ -39,13 +98,45 @@ class NotizPerson extends Notiz_Controller $this->terminateWithSuccess("berechtigt in überschreibender Funktion"); } - public function loadDokumente() + //stv: if person has permission of one studiengang of person -> permission to add/update/delete Note + private function _checkIfBerechtigungForOneUidExists($person_id, $allowedStgs) { - $notiz_id = $this->input->post('notiz_id'); + //get all studentUids of person_id + $result = $this->BenutzerModel->loadWhere(['person_id' => $person_id]); + $data = $this->getDataOrTerminateWithError($result); - // TODO(chris): make CI variant of endpoint - $this->NotizModel->addSelect($this->NotizModel->escape(base_url('content/notizdokdownload.php?id=')) . ' || campus.tbl_dms_version.dms_id AS preview'); - - return parent::loadDokumente(); + $checkarray = []; + foreach ($data as $item) + { + //check if isStudent + $result = $this->StudentModel->isStudent($item->uid); + + $isStudent = $this->getDataOrTerminateWithError($result); + if($isStudent) + { + $checkarray[] = $this->_checkAllowedStgsFromUid($item->uid, $allowedStgs); + } + + } + if (!in_array(1, $checkarray)) + return $this->terminateWithError($this->p->t('ui', 'error_keineBerechtigungStg'), self::ERROR_TYPE_GENERAL); + } + + private function _checkAllowedStgsFromUid($student_uid, $allowedStgs) + { + $this->load->model('crm/Student_model', 'StudentModel'); + $result = $this->StudentModel->loadWhere(['student_uid' => $student_uid]); + + $data = $this->getDataOrTerminateWithError($result); + $studiengang_kz = current($data)->studiengang_kz; + + if (!in_array($studiengang_kz, $allowedStgs)) + { + return 0; + } + else + { + return 1; + } } } diff --git a/application/controllers/api/frontend/v1/notiz/NotizPrestudent.php b/application/controllers/api/frontend/v1/notiz/NotizPrestudent.php index fc601770d..5e6cd747c 100644 --- a/application/controllers/api/frontend/v1/notiz/NotizPrestudent.php +++ b/application/controllers/api/frontend/v1/notiz/NotizPrestudent.php @@ -15,6 +15,7 @@ class NotizPrestudent extends Notiz_Controller //Load Models $this->load->model('person/Notiz_model', 'NotizModel'); $this->load->model('person/Notizzuordnung_model', 'NotizzuordnungModel'); + $this->load->model('crm/Student_model', 'StudentModel'); // Load Libraries $this->load->library('VariableLib', ['uid' => getAuthUID()]); @@ -23,6 +24,63 @@ class NotizPrestudent extends Notiz_Controller $this->loadPhrases([ 'ui' ]); + + //Permission checks for Studiengangsarray + $allowedStgs = $this->permissionlib->getSTG_isEntitledFor('assistenz') ?: []; + + if ($this->router->method == 'addNewNotiz') + { + $json = $this->input->post('data'); + $post_data = json_decode($json, true); + $prestudent_id = $post_data['id']; + + if(!$prestudent_id) + { + return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Lehreinheit ID']), self::ERROR_TYPE_GENERAL); + } + $this->_checkAllowedOesFromPrestudent($prestudent_id, $allowedStgs); + } + + if ($this->router->method == 'updateNotiz') + { + $json = $this->input->post('data'); + $post_data = json_decode($json, true); + $notiz_id = $post_data['notiz_id']; + + if(!$notiz_id) + { + return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Notiz ID']), self::ERROR_TYPE_GENERAL); + } + + //get prestudent_id + $result = $this->NotizzuordnungModel->loadWhere(['notiz_id' => $notiz_id]); + + $data = $this->getDataOrTerminateWithError($result); + $prestudent_id = current($data)->prestudent_id; + + if(!$prestudent_id) + { + return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Prestudent ID']), self::ERROR_TYPE_GENERAL); + } + $this->_checkAllowedOesFromPrestudent($prestudent_id, $allowedStgs); + } + + if ($this->router->method == 'deleteNotiz') + { + $notiz_id = $this->input->post('notiz_id'); + $prestudent_id = $this->input->post('id'); + + if(!$notiz_id) + { + return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Notiz ID']), self::ERROR_TYPE_GENERAL); + } + + if(!$prestudent_id) + { + return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Prestudent ID']), self::ERROR_TYPE_GENERAL); + } + $this->_checkAllowedOesFromPrestudent($prestudent_id, $allowedStgs); + } } public function isBerechtigt($id, $typeId) @@ -32,7 +90,6 @@ class NotizPrestudent extends Notiz_Controller $this->terminateWithError($this->p->t('ui','error_typeNotizIdIncorrect'), self::ERROR_TYPE_GENERAL); } - //TODO define permission if(!$this->permissionlib->isBerechtigt('admin', 'suid') && !$this->permissionlib->isBerechtigt('assistenz', 'suid')) { $result = $this->p->t('lehre','error_keineSchreibrechte'); @@ -41,4 +98,20 @@ class NotizPrestudent extends Notiz_Controller } $this->terminateWithSuccess("berechtigt in überschreibender Funktion"); } + + private function _checkAllowedOesFromPrestudent($prestudent_id, $allowedStgs) + { + $student_uid = $this->StudentModel->getUID($prestudent_id); + + $result = $this->StudentModel->loadWhere(['student_uid' => $student_uid]); + + $data = $this->getDataOrTerminateWithError($result); + $studiengang_kz = current($data)->studiengang_kz; + + if (!in_array($studiengang_kz, $allowedStgs)) + { + return $this->terminateWithError($this->p->t('ui', 'error_keineBerechtigungStg'), self::ERROR_TYPE_GENERAL); + } + } + } \ No newline at end of file diff --git a/application/controllers/api/frontend/v1/stv/Students.php b/application/controllers/api/frontend/v1/stv/Students.php index 06dc91083..2ede61350 100644 --- a/application/controllers/api/frontend/v1/stv/Students.php +++ b/application/controllers/api/frontend/v1/stv/Students.php @@ -517,7 +517,7 @@ class Students extends FHCAPI_Controller $this->terminateWithSuccess($data); } - + /** * @param string $prestudent_id * diff --git a/application/controllers/api/frontend/v1/stv/Tags.php b/application/controllers/api/frontend/v1/stv/Tags.php index 154e57ba7..3004a1f3b 100644 --- a/application/controllers/api/frontend/v1/stv/Tags.php +++ b/application/controllers/api/frontend/v1/stv/Tags.php @@ -15,10 +15,7 @@ class Tags extends Tag_Controller 'addTag' => self::BERECHTIGUNG_KURZBZ, 'updateTag' => self::BERECHTIGUNG_KURZBZ, 'doneTag' => self::BERECHTIGUNG_KURZBZ, - 'deleteTag' => self::BERECHTIGUNG_KURZBZ, -/* 'updateLehre' => self::BERECHTIGUNG_KURZBZ, - 'doneLehre' => self::BERECHTIGUNG_KURZBZ, - 'deleteLehre' => self::BERECHTIGUNG_KURZBZ,*/ + 'deleteTag' => self::BERECHTIGUNG_KURZBZ ]); $this->config->load('stv'); @@ -26,12 +23,10 @@ class Tags extends Tag_Controller public function getTag($readonly_tags = null) { - // console.log("in this endpoint. getTags"); parent::getTag($this->config->item('stv_prestudent_tags')); } public function getTags($tags = null) { - // $this->terminateWithError(" IN TAGS.PHP ", self::ERROR_TYPE_GENERAL); parent::getTags($this->config->item('stv_prestudent_tags')); } public function addTag($withZuordnung = true, $updatable_tags = null)