add permission validation oe for lehreinheit

application/controllers/api/frontend/v1/notiz/NotizLehreinheit.php

@@ -21,14 +21,67 @@ class NotizLehreinheit extends Notiz_Controller
 		//Load Models
 		$this->load->model('person/Notiz_model', 'NotizModel');
 		$this->load->model('person/Notizzuordnung_model', 'NotizzuordnungModel');
+		$this->load->model('education/Lehreinheit_model', 'LehreinheitModel');
 
 		// Load Libraries
 		$this->load->library('VariableLib', ['uid' => getAuthUID()]);
 
 		//Permission checks for allowed Oes
-/*		$allowedOes = $this->permissionlib->getOE_isEntitledFor('assistenz') ?: [];
+		$allowedOes = $this->permissionlib->getOE_isEntitledFor('assistenz') ?: [];
 
-		$this->terminateWithSuccess($allowedOes);*/
+		if ($this->router->method == 'addNewNotiz')
+		{
+			$json = $this->input->post('data');
+			$post_data = json_decode($json, true);
+			$lehreinheit_id = $post_data['id'];
+
+			if(!$lehreinheit_id)
+			{
+				return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Lehreinheit ID']), self::ERROR_TYPE_GENERAL);
+			}
+			$this->_checkAllowedOesFromLehreinheit($lehreinheit_id, $allowedOes);
+		}
+
+		if ($this->router->method == 'updateNotiz')
+		{
+			$json = $this->input->post('data');
+			$post_data = json_decode($json, true);
+			$notiz_id = $post_data['notiz_id'];
+
+			if(!$notiz_id)
+			{
+				return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Notiz ID']), self::ERROR_TYPE_GENERAL);
+			}
+
+			//get lehreinheit_id
+			$result = $this->NotizzuordnungModel->loadWhere(['notiz_id' => $notiz_id]);
+
+			$data = $this->getDataOrTerminateWithError($result);
+			$lehreinheit_id = current($data)->lehreinheit_id;
+
+			if(!$lehreinheit_id)
+			{
+				return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Lehreinheit ID']), self::ERROR_TYPE_GENERAL);
+			}
+			$this->_checkAllowedOesFromLehreinheit($lehreinheit_id, $allowedOes);
+		}
+
+		if ($this->router->method == 'deleteNotiz')
+		{
+			$notiz_id = $this->input->post('notiz_id');
+			$lehreinheit_id = $this->input->post('id');
+
+			if(!$notiz_id)
+			{
+				return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Notiz ID']), self::ERROR_TYPE_GENERAL);
+			}
+
+			if(!$lehreinheit_id)
+			{
+				return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Lehreinheit ID']), self::ERROR_TYPE_GENERAL);
+			}
+			$this->_checkAllowedOesFromLehreinheit($lehreinheit_id, $allowedOes);
+		}
 
 		// Load language phrases
 		$this->loadPhrases([
@@ -36,14 +89,26 @@ class NotizLehreinheit extends Notiz_Controller
 		]);
 	}
 
+	private function _checkAllowedOesFromLehreinheit($lehreinheit_id, $allowedOes)
+	{
+		//get oe from lehreinheit
+		$result = $this->LehreinheitModel->getOes($lehreinheit_id);
+		$data = $this->getDataOrTerminateWithError($result);
+		$oes = current($data);
+
+		if (!in_array($oes, $allowedOes))
+		{
+			return $this->terminateWithError($this->p->t('ui', 'error_keineBerechtigungStg') . " " . $oes, self::ERROR_TYPE_GENERAL);
+		}
+	}
+
 	public function isBerechtigt($id, $typeId)
 	{
-		if($typeId != "lehreinheit_id")
+			if($typeId != "lehreinheit_id")
 		{
 			$this->terminateWithError($this->p->t('ui','error_typeNotizIdIncorrect'), self::ERROR_TYPE_GENERAL);
 		}
 
-		//TODO define permission
 		if(!$this->permissionlib->isBerechtigt('admin', 'suid') && !$this->permissionlib->isBerechtigt('assistenz', 'suid'))
 		{
 			$result =  $this->p->t('lehre','error_keineSchreibrechte');
@@ -52,4 +117,6 @@ class NotizLehreinheit extends Notiz_Controller
 		}
 		$this->terminateWithSuccess("berechtigt in überschreibender Funktion");
 	}
+
+
 }

application/core/Notiz_Controller.php

@@ -112,7 +112,6 @@ abstract class Notiz_Controller extends FHCAPI_Controller
 
 		$notiz_id = $this->input->post('notiz_id');
 
-		//$this->load->model('person/Notiz_model', 'NotizModel');
 		$this->NotizModel->addJoin('public.tbl_notiz_dokument', 'notiz_id', 'LEFT');
 		$this->NotizModel->addSelect('*');
 		$this->NotizModel->addSelect("TO_CHAR(CASE WHEN public.tbl_notiz.updateamum >= public.tbl_notiz.insertamum 
@@ -239,6 +238,7 @@ abstract class Notiz_Controller extends FHCAPI_Controller
 
 	public function updateNotiz()
 	{
+
 		$this->load->library('form_validation');
 		$this->load->library('DmsLib');
 

public/js/api/factory/notiz/lehreinheit.js

@@ -26,4 +26,29 @@ export default {
 			url: 'api/frontend/v1/notiz/notizLehreinheit/getNotizen/' + encodeURIComponent(id) + '/' + encodeURIComponent(type)
 		};
 	},
+	addNewNotiz(lehreinheit_id, params) {
+		return {
+			method: 'post',
+			url: 'api/frontend/v1/notiz/notizLehreinheit/addNewNotiz/' + lehreinheit_id,
+			params
+		};
+	},
+	updateNotiz(notiz_id, params) {
+		return {
+			method: 'post',
+			url: 'api/frontend/v1/notiz/notizLehreinheit/updateNotiz/' + notiz_id,
+			params
+		};
+	},
+	deleteNotiz(notiz_id, type_id, id) {
+		return {
+			method: 'post',
+			url: 'api/frontend/v1/notiz/notizLehreinheit/deleteNotiz/',
+			params: {
+				notiz_id,
+				type_id,
+				id
+			}
+		};
+	},
 };

public/js/components/Notiz/Notiz.js

@@ -267,6 +267,7 @@ export default {
 			editor: null,
 			notizData: {
 				typeId: this.typeId,
+				id: this.id,
 				titel: null,
 				statusNew: true,
 				text: '',
@@ -344,6 +345,7 @@ export default {
 		},
 		addNewNotiz() {
 			const formData = new FormData();
+			this.notizData.id = this.id;
 
 			formData.append('data', JSON.stringify(this.notizData));
 			Object.entries(this.notizData.anhang).forEach(([k, v]) => formData.append(k, v));
@@ -1171,6 +1173,7 @@ export default {
 									container-class="col-6"
 									:label="$p.t('notiz', 'bearbeiter')"
 									v-model="notizData.bearbeiter_uid"
+									name="bearbeiter"
 									minlength="3"
 									>
 								</form-input>
@@ -1184,6 +1187,7 @@ export default {
 									:suggestions="filteredMitarbeiter" 
 									@complete="search" 
 									optionLabel="mitarbeiter"
+									name="bearbeiter"
 									minlength="3"
 									>
 								</form-input>