blackicedbear/FHC-Core
1
0
Fork 0
mirror of https://github.com/FH-Complete/FHC-Core.git synced 2026-06-24 23:49:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Berechtigungscheck Verbandstree

Browse Source
This commit is contained in:
cgfhtw
2024-08-13 08:51:01 +02:00
parent 9ac9ab6818
commit d025359f72
1 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
application/controllers/api/frontend/v1/stv/Verband.php
+13 -4
View File
@@ -27,10 +27,9 @@ class Verband extends FHCAPI_Controller
{
public function __construct()
{
// TODO(chris): permissions
$permissions = [];
$router = load_class('Router');
$permissions[$router->method] = self::PERM_LOGGED;
$permissions[$router->method] = ['admin:r', 'assistenz:r'];
parent::__construct($permissions);
// Load Models
@@ -57,6 +56,13 @@ class Verband extends FHCAPI_Controller
if ($method == '' || $method == 'index')
return $this->getBase();
// NOTE(chris): Test if access is allowed ($method is the Studiengang)
if (!$this->permissionlib->isBerechtigt('assistenz', 's', $method)
&& !$this->permissionlib->isBerechtigt('admin', 's', $method)
) {
return $this->_outputAuthError([$method => ['admin:r', 'assistenz:r']]);
}
$count = count($params);
if (!$count)
return $this->getStudiengang($method);
@@ -104,8 +110,11 @@ class Verband extends FHCAPI_Controller
$stgs = $this->permissionlib->getSTG_isEntitledFor('admin') ?: [];
$stgs = array_merge($stgs, $this->permissionlib->getSTG_isEntitledFor('assistenz') ?: []);
if ($stgs)
$this->StudiengangModel->db->where_in('studiengang_kz', $stgs);
if (!$stgs)
$this->terminateWithSuccess([]);
$this->StudiengangModel->db->where_in('studiengang_kz', $stgs);
$result = $this->StudiengangModel->loadWhere(['v.aktiv' => true]);