From b7dff7d2c327dc71489030d538f8a780d57e3d69 Mon Sep 17 00:00:00 2001
From: cgfhtw <christopher.gerbrich@technikum-wien.at>
Date: Tue, 11 Jun 2024 10:22:52 +0200
Subject: [PATCH 1/2] Permission-Filter Verband

---
 .../api/frontend/v1/stv/Verband.php           | 64 +++++++++++--------
 .../organisation/Studiensemester_model.php    | 27 ++++++++
 2 files changed, 64 insertions(+), 27 deletions(-)

diff --git a/application/controllers/api/frontend/v1/stv/Verband.php b/application/controllers/api/frontend/v1/stv/Verband.php
index 8600a1bf0..9abf99a32 100644
--- a/application/controllers/api/frontend/v1/stv/Verband.php
+++ b/application/controllers/api/frontend/v1/stv/Verband.php
@@ -36,6 +36,7 @@ class Verband extends FHCAPI_Controller
 		// Load Models
 		$this->load->model('organisation/Studiengang_model', 'StudiengangModel');
 	}
+	
 	/**
 	 * Remap calls:
 	 * /
@@ -87,7 +88,10 @@ class Verband extends FHCAPI_Controller
 		
 		$this->StudiengangModel->addDistinct();
 		$this->StudiengangModel->addSelect("v.studiengang_kz AS link");
-		$this->StudiengangModel->addSelect("CONCAT(kurzbzlang, ' (', UPPER(CONCAT(typ, kurzbz)), ') - ', tbl_studiengang.bezeichnung) AS name", false);
+		$this->StudiengangModel->addSelect(
+			"CONCAT(kurzbzlang, ' (', UPPER(CONCAT(typ, kurzbz)), ') - ', tbl_studiengang.bezeichnung) AS name",
+			false
+		);
 		$this->StudiengangModel->addSelect('erhalter_kz');
 		$this->StudiengangModel->addSelect('typ');
 		$this->StudiengangModel->addSelect('kurzbz');
@@ -98,31 +102,37 @@ class Verband extends FHCAPI_Controller
 		$this->StudiengangModel->addOrder('typ');
 		$this->StudiengangModel->addOrder('kurzbz');
 
+		$stgs = $this->permissionlib->getSTG_isEntitledFor('admin') ?: [];
+		$stgs = array_merge($stgs, $this->permissionlib->getSTG_isEntitledFor('assistenz') ?: []);
+		if ($stgs)
+			$this->StudiengangModel->db->where_in('studiengang_kz', $stgs);
+
 		$result = $this->StudiengangModel->loadWhere(['v.aktiv' => true]);
 
 		$list = $this->getDataOrTerminateWithError($result);
 
-		$list[] = [
-			'name' => 'International',
-			'link' => 'inout',
-			'children' => [
-				[
-					'name' => 'Incoming',
-					'link' => 'inout/incoming',
-					'leaf' => true
-				],
-				[
-					'name' => 'Outgoing',
-					'link' => 'inout/outgoing',
-					'leaf' => true
-				],
-				[
-					'name' => 'Gemeinsame Studien',
-					'link' => 'inout/gemeinsamestudien',
-					'leaf' => true
+		if ($this->permissionlib->isBerechtigt('inout/uebersicht'))
+			$list[] = [
+				'name' => 'International',
+				'link' => 'inout',
+				'children' => [
+					[
+						'name' => 'Incoming',
+						'link' => 'inout/incoming',
+						'leaf' => true
+					],
+					[
+						'name' => 'Outgoing',
+						'link' => 'inout/outgoing',
+						'leaf' => true
+					],
+					[
+						'name' => 'Gemeinsame Studien',
+						'link' => 'inout/gemeinsamestudien',
+						'leaf' => true
+					]
 				]
-			]
-		];
+			];
 		$this->terminateWithSuccess($list);
 	}
 
@@ -331,13 +341,13 @@ class Verband extends FHCAPI_Controller
 	{
 		$this->load->model('organisation/Studiensemester_model', 'StudiensemesterModel');
 
-		$this->StudiensemesterModel->addOrder('start');
+		$this->load->model('system/Variable_model', 'VariableModel');
+		$result = $this->VariableModel->getVariables(getAuthUID(), ['number_displayed_past_studiensemester']);
+		$data = $this->getDataOrTerminateWithError($result);
+		$number_displayed_past_studiensemester = $data['number_displayed_past_studiensemester'] ?? null;
 
-		/**
-		 * TODO(chris): filter with variable:
-		 * - $number_displayed_past_studiensemester from Variable
-		 * - then: $stsem_obj->getPlusMinus(NULL, $number_displayed_past_studiensemester, 'ende ASC');
-		 */
+		$this->StudiensemesterModel->addPlusMinus(null, $number_displayed_past_studiensemester);
+		$this->StudiensemesterModel->addOrder('ende');
 		$result = $this->StudiensemesterModel->load();
 
 		$studiensemester = $this->getDataOrTerminateWithError($result);
diff --git a/application/models/organisation/Studiensemester_model.php b/application/models/organisation/Studiensemester_model.php
index 45a4eac7c..caa385128 100644
--- a/application/models/organisation/Studiensemester_model.php
+++ b/application/models/organisation/Studiensemester_model.php
@@ -214,4 +214,31 @@ class Studiensemester_model extends DB_Model
 					
 		return $this->execQuery($query);
 	}
+
+	/**
+	 * Liefert ausgehend von heutigen Datum $plus studiensemester in die Zukunft und $minus Studiensemester in die Vergangenheit
+	 *
+	 * @param integer $plus Optional. Wieviele Studiensemester in die Zukunft sollen ausgegeben werden. Wenn NULL werden alle zukuenftigen geliefert.
+	 * @param integer $minus Optional. Wieviele Studiensemester in die Vergangenheit sollen ausgegeben werden. Wenn NULL werden alle vergangenen geliefert.
+	 *
+	 * @return stdClass
+	 */
+	public function addPlusMinus($plus = null, $minus = null)
+	{
+		$this->addSelect($this->pk);
+		$this->addOrder('ende');
+		if ($plus)
+			$this->addLimit($plus);
+		$this->db->where('start >= NOW()', null, false);
+		$plus = $this->db->get_compiled_select($this->dbTable);
+
+		$this->addSelect($this->pk);
+		$this->addOrder('start', 'DESC');
+		if ($minus)
+			$this->addLimit($minus);
+		$this->db->where('start <= NOW()', null, false);
+		$minus = $this->db->get_compiled_select($this->dbTable);
+		
+		$this->db->where_in($this->pk, '(' . $plus . ') UNION (' . $minus . ')', false);
+	}
 }

From 5b193e89c0168d09bc1eff3b1ef1b7fb3bf2710e Mon Sep 17 00:00:00 2001
From: cgfhtw <christopher.gerbrich@technikum-wien.at>
Date: Tue, 11 Jun 2024 10:23:09 +0200
Subject: [PATCH 2/2] Cleanup

---
 .../controllers/components/stv/Favorites.php  | 61 -------------------
 1 file changed, 61 deletions(-)
 delete mode 100644 application/controllers/components/stv/Favorites.php

diff --git a/application/controllers/components/stv/Favorites.php b/application/controllers/components/stv/Favorites.php
deleted file mode 100644
index e0e7bbf7e..000000000
--- a/application/controllers/components/stv/Favorites.php
+++ /dev/null
@@ -1,61 +0,0 @@
-<?php
-
-if (! defined('BASEPATH')) exit('No direct script access allowed');
-
-class Favorites extends FHC_Controller
-{
-	public function __construct()
-	{
-		// TODO(chris): access!
-		parent::__construct();
-
-		// Load models
-		$this->load->model('system/Variable_model', 'VariableModel');
-
-		// Load libraries
-		$this->load->library('AuthLib');
-
-		// TODO(chris): variable table might be to small to store favorites!
-	}
-
-	public function index()
-	{
-		$result = $this->VariableModel->getVariables(getAuthUID(), ['stv_favorites']);
-
-		if (isError($result)) {
-			$this->output->set_status_header(REST_Controller::HTTP_INTERNAL_SERVER_ERROR);
-			return $this->outputJson(getError($result));
-		}
-
-		$result = getData($result);
-		if (!$result)
-			$this->outputJson(null);
-		else
-			$this->outputJson($result['stv_favorites']);
-	}
-
-	public function set()
-	{
-		$_POST = json_decode(utf8_encode($this->input->raw_input_stream), true);
-		
-		$this->load->library('form_validation');
-
-		$this->form_validation->set_rules('favorites', 'Favorites', 'required');
-
-		if ($this->form_validation->run() == false) {
-			$this->output->set_status_header(REST_Controller::HTTP_BAD_REQUEST);
-			return $this->outputJson($this->form_validation->error_array());
-		}
-
-		$favorites = $this->input->post('favorites');
-
-		$result = $this->VariableModel->setVariable(getAuthUID(), 'stv_favorites', $favorites);
-
-		if (isError($result)) {
-			$this->output->set_status_header(REST_Controller::HTTP_INTERNAL_SERVER_ERROR);
-			return $this->outputJson(getError($result));
-		}
-
-		$this->outputJsonSuccess(true);
-	}
-}