anrechnungen schreibberechtigt ueberpruefungen backendseitig

Fixed CSS for the error box in the logs viewer filter

.gitignore

@@ -2,6 +2,8 @@ documents/
 vendor/
 
 /nbproject/
+.vscode
+composer.phar
 /.idea/
 .settings
 .project

application/config/anrechnung.php

@@ -1,6 +1,6 @@
 <?php
 
-if (! defined('BASEPATH')) exit('No direct script access allowed');
+if (!defined('BASEPATH')) exit('No direct script access allowed');
 
 
 // Deadline for Application given as Time-Interval after Semesterstart.
@@ -21,3 +21,15 @@ $config['grades_blocking_application'] = array(
 $config['fbl'] = FALSE;
 //Enables Info Mails
 $config['send_mail'] = TRUE;
+
+// Display fields to explain equivalence of ECTS and LV-Inhalte
+$config['explain_equivalence'] = TRUE;
+
+// Displays infobox if set to true
+$config['display_infobox'] = [
+	'fristen' => TRUE,
+	'referenzbeispiele_ects' => TRUE,
+	'voraussetzungen' => TRUE,
+	'nachweisdokumente' => TRUE,
+	'herkunft_kenntnisse' => TRUE
+];

application/config/cis.php

@@ -0,0 +1,9 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+
+// CMS Content Id for CIS4 Menu Root
+$config['cis_menu_root_content_id'] = 11066;
+// send Mails for ProfilUpdate
+$config['cis_send_profil_update_mails'] = true;

application/config/javascript.php

@@ -0,0 +1,7 @@
+<?php
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+// use vuejs dev version
+$config['use_vuejs_dev_version'] = false;
+// use bundled javascript
+$config['use_bundled_javascript'] = false;

application/config/mail.php

@@ -32,3 +32,18 @@ $config['validate'] = false; // If true then the email address will be validated
 
 // If enabled will be logged info about emails in Codeigniter error logs
 $config['enable_debug'] = false;
+
+// default sender
+$config['sancho_mail_default_sender'] = defined('SANCHO_MAIL_DEFAULT_SENDER') ? SANCHO_MAIL_DEFAULT_SENDER : '';
+
+// If to use images for custom mails
+$config['sancho_mail_use_images'] = defined('SANCHO_MAIL_USE_IMAGES') ? SANCHO_MAIL_USE_IMAGES : false;
+
+// image path for sancho mail, relativ to document root
+$config['sancho_mail_img_path'] = defined('SANCHO_MAIL_IMG_PATH') ? SANCHO_MAIL_IMG_PATH : '';
+
+// header image for custom mails
+$config['sancho_mail_header_img'] = defined('SANCHO_MAIL_HEADER_IMG') ? SANCHO_MAIL_HEADER_IMG : '';
+
+// footer image for custom mails
+$config['sancho_mail_footer_img'] = defined('SANCHO_MAIL_FOOTER_IMG') ? SANCHO_MAIL_FOOTER_IMG : '';

application/config/migratecontract.php

@@ -0,0 +1,36 @@
+<?php
+
+/**
+ * Copyright (C) 2023 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (!defined('BASEPATH')) exit('No direct script access allowed');
+
+$config['migratecontract_oe_default'] = 'TODO_OE_DEFAULT';
+
+$config['migratecontract_matching_ba1_vertragsart'] = array(
+    '101'=>'dvbund',
+    '102'=>'dvanderengk',
+    '103'=>'echterdv',
+    '104'=>'studentischehilfskr',
+    '105'=>'externerlehrender',
+    '106'=>'dvanderenbet',
+    '107'=>'werkvertrag',
+    '108'=>'studentischehilfskr',
+    '109'=>'ueberlassungsvertrag',
+    '110'=>'echterfreier',
+    '111'=>'echterdv' //All-In
+);

application/config/navigation.php

@@ -1,6 +1,12 @@
 <?php
 // Header menu
 
+if(defined('CIS4') && CIS4) {
+	$root = APP_ROOT;
+} else {
+	$root = CIS_ROOT;
+}
+
 $config['navigation_header'] = array(
 	'*' => array(
 		'fhcomplete' => array(
@@ -50,11 +56,17 @@ $config['navigation_header'] = array(
 			'requiredPermissions' => 'basis/vilesci:r',
 			'children' => array(
 				'cis' => array(
-					'link' => CIS_ROOT,
+					'link' => $root,
 					'icon' => '',
 					'description' => 'CIS',
 					'sort' => 10
 				),
+				'lehrveranstaltungen' => array(
+					'link' => site_url('lehre/lvplanung/LvTemplateUebersicht'),
+					'icon' => '',
+					'description' => 'Lehrveranstaltungen',
+					'sort' => 15
+				),
 				'reihungstest' => array(
 					'link' => site_url('organisation/Reihungstest'),
 					'description' => 'Reihungstests',
@@ -217,7 +229,7 @@ $config['navigation_menu']['organisation/Reihungstest/index'] = array(
 		'target' => '_blank'
 	),
 	'auswertung' => array(
-		'link' => CIS_ROOT.'/cis/testtool/admin/auswertung.php',
+		'link' => $root.'/cis/testtool/admin/auswertung.php',
 		'description' => 'Auswertung',
 		'icon' => 'list-alt',
 		'sort' => 1,
@@ -287,6 +299,15 @@ $config['navigation_menu']['lehre/lehrauftrag/LehrauftragErteilen/*'] = array(
 	)
 );
 
+$config['navigation_menu']['lehre/lvplanung/LvTemplateUebersicht/index'] = array(
+	'lvTemplateUebersicht' => array(
+		'link' => site_url('lehre/lvplanung/LvTemplateUebersicht'),
+		'description' => 'LV Template Übersicht',
+		'icon' => '',
+		'sort' => 1
+	)
+);
+
 $config['navigation_menu']['system/issues/Issues/*'] = array(
 	'fehlerzustaendigkeiten' => array(
 		'link' => site_url('system/issues/IssuesZustaendigkeiten'),
@@ -304,5 +325,4 @@ $config['navigation_menu']['system/issues/Issues/*'] = array(
 		'target' => '_blank',
 		'requiredPermissions' => array('admin:rw')
 	),
-);
-
+);

application/config/routes.php

@@ -50,7 +50,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
 | Examples: my-controller/index -> my_controller/index
 |   my-controller/my-method -> my_controller/my_method
 */
-$route['default_controller'] = 'Vilesci';
+$route['default_controller'] = defined('CIS4') && CIS4 ? 'Cis4' : 'Vilesci';
 $route['translate_uri_dashes'] = FALSE;
 
 // Class name conflicts
@@ -61,6 +61,9 @@ $route['api/v1/organisation/[O|o]rganisationseinheit/(:any)'] = 'api/v1/organisa
 $route['api/v1/ressource/[B|b]etriebsmittelperson/(:any)'] = 'api/v1/ressource/betriebsmittelperson2/$1';
 $route['api/v1/system/[S|s]prache/(:any)'] = 'api/v1/system/sprache2/$1';
 
+$route['CisVue'] = 'CisVue/dashboard';
+$route['Cis/Stundenplan/(:any)'] = 'Cis/Stundenplan';
+
 // load routes from extensions
 $subdir = 'application/config/extensions';
 $dirlist = scandir($subdir);
@@ -81,5 +84,4 @@ if ($dirlist)
 			}
 		}
 	}
-}
-
+}

application/controllers/Cis/Auth.php

@@ -0,0 +1,77 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+ 
+/**
+ *
+ */
+class Auth extends FHC_Controller
+{
+	/**
+	 * Constructor
+	 */
+	public function __construct()
+	{
+		parent::__construct();
+
+		// Load Helpers
+		$this->load->helper('form');
+		$this->load->helper('hlp_authentication');
+
+		// Loads phrases system
+		$this->loadPhrases([
+			'global'
+		]);
+	}
+
+	// -----------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * @return void
+	 */
+	public function login()
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules('username', 'Username', 'required|trim|callback_validation');
+		$this->form_validation->set_rules('password', 'Password', 'required|trim');
+
+
+		if ($this->form_validation->run())
+		{
+			redirect($this->authlib->getLandingPage('/CisVue/Dashboard'));
+		}
+		else
+		{
+			$this->load->view('Cis/Login');
+		}
+	}
+
+	/**
+	 * @return boolean
+	 */
+	public function validation()
+	{
+		$username = $this->input->post('username');
+		$password = $this->input->post('password');
+
+		$this->load->library('AuthLib', [false]); // without authentication otherwise loooooop!
+
+		$login = $this->authlib->loginLDAP($username, $password);
+		if (isSuccess($login))
+			return true;
+		$this->form_validation->set_message('validation', 'Incorrect username/password.');
+		return false;
+	}
+
+	/**
+	 * @return void
+	 */
+	public function logout()
+	{
+		$this->load->library('AuthLib');
+		$this->authlib->logout();
+		redirect('/Cis/Auth/login', 'refresh');
+	}
+}

application/controllers/Cis/Documents.php

@@ -0,0 +1,192 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+use \stdClass as stdClass;
+
+/**
+ *
+ */
+class Documents extends Auth_Controller
+{
+	/**
+	 * Constructor
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'index' => [self::PERM_LOGGED],
+			'student' => ['admin:r'],
+			'download' => [self::PERM_LOGGED]
+		]);
+
+		$this->load->model('crm/Prestudentstatus_model', 'PrestudentstatusModel');
+
+		$this->loadPhrases([
+			'global',
+			'tools'
+		]);
+	}
+
+	// -----------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * @return void
+	 */
+	public function index()
+	{
+		return $this->showDocuments(getAuthUID());
+	}
+
+	/**
+	 * @param string		$uid		Administratoren dürfen die UID als Parameter übergeben um die Dokumente von anderen Personen anzuzeigen
+	 * @return void
+	 */
+	public function student($uid)
+	{
+		return $this->showDocuments($uid);
+	}
+
+	/**
+	 * @param string		$uid
+	 * @return void
+	 */
+	protected function showDocuments($uid)
+	{
+		$this->load->model('crm/Konto_model', 'KontoModel');
+		$this->load->model('organisation/Studiengang_model', 'StudiengangModel');
+
+		$stati = $this->PrestudentstatusModel->loadWhereUid($uid, null, true);
+		if (isError($stati))
+			return $this->load->view('errors/html/error_db.php', [
+				'heading' => 'Database Error',
+				'message' => getError($stati)
+			]);
+		$stati = getData($stati);
+		if (!$stati)
+			return $this->load->view('errors/html/error_general.php', [
+				'heading' => 'User ist kein Student',
+				'message' => 'Es konnten keine Studiensemester gefunden werden in denen der User als Student inskripiert ist'
+			]);
+
+		$stgs = [];
+		$stsemArray = [];
+		$buchungstypen = implode('\',\'', defined("CIS_DOKUMENTE_STUDIENBEITRAG_TYPEN") ? unserialize(CIS_DOKUMENTE_STUDIENBEITRAG_TYPEN) : []);
+		$person_ids = [];
+		foreach ($stati as $status) {
+			$person_ids[] = $status->person_id;
+
+			if(!in_array($status->studiensemester_kurzbz, $stsemArray)) {
+				$stsemArray[] = $status->studiensemester_kurzbz;
+			}
+			
+			if (!isset($stgs[$status->studiengang_kz])) {
+				$stg = $this->StudiengangModel->load($status->studiengang_kz);
+				if (isError($stg))
+					return $this->load->view('errors/html/error_db.php', [
+						'heading' => 'Database Error',
+						'message' => getError($stg)
+					]);
+				$stg = getData($stg);
+				if (!$stg)
+					return $this->load->view('errors/html/error_db.php', [
+						'heading' => 'Database Error',
+						'message' => 'No Studiengang found for studiengang_kz ' . $status->studiengang_kz
+					]);
+				$stgs[$status->studiengang_kz] = current($stg);
+				$stgs[$status->studiengang_kz]->studiensemester = [];
+			}
+			if (!isset($stgs[$status->studiengang_kz]->studiensemester[$status->studiensemester_kurzbz])) {
+				$stgs[$status->studiengang_kz]->studiensemester[$status->studiensemester_kurzbz] = new stdClass();
+				$stgs[$status->studiengang_kz]->studiensemester[$status->studiensemester_kurzbz]->inskriptionsbestaetigung = (boolean)getData(
+					$this->KontoModel->checkStudienbeitragFromPrestudent(
+						$status->prestudent_id,
+						$status->studiensemester_kurzbz,
+						$buchungstypen
+					)
+				);
+			}
+		}
+		$person_ids = array_unique($person_ids);
+
+		$selfservice = null;
+		if (!defined('CIS_DOKUMENTE_SELFSERVICE') || CIS_DOKUMENTE_SELFSERVICE) {
+			$this->load->model('crm/Akte_model', 'AkteModel');
+			$selfservice = [];
+			foreach ($person_ids as $person_id) {
+				$result = $this->AkteModel->getArchiv($person_id, null, true);
+				if (isError($result))
+					return $this->load->view('errors/html/error_db.php', [
+						'heading' => 'Database Error',
+						'message' => getError($result)
+					]);
+				$selfservice = array_merge($selfservice, getData($result) ?: []);
+			}
+		}
+
+		
+		$this->load->view('Cis/Documents', [
+			'stsemArray' => $stsemArray,
+			'stgs' => $stgs,
+			'uid' => $uid,
+			'studienbuchblatt' => defined('CIS_DOKUMENTE_STUDIENBUCHLBATT_DRUCKEN') && CIS_DOKUMENTE_STUDIENBUCHLBATT_DRUCKEN,
+			'studienerfolgsbestaetigung' => defined('CIS_DOKUMENTE_STUDIENERFOLGSBESTAETIGUNG_DRUCKEN') && CIS_DOKUMENTE_STUDIENERFOLGSBESTAETIGUNG_DRUCKEN,
+			'selfservice' => $selfservice
+		]);
+	}
+
+	/**
+	 * @param integer		$akte_id
+	 * @param string		$uid		(optional) Administratoren dürfen die UID als Parameter übergeben um die Dokumente von anderen Personen anzuzeigen
+	 *
+	 * @return void
+	 */
+	public function download($akte_id, $uid = null)
+	{
+		if (!is_numeric($akte_id))
+			return show_404();
+
+		$this->load->model('crm/Akte_model', 'AkteModel');
+		$result = $this->AkteModel->load($akte_id);
+		if (isError($result))
+			return show_error(getError($result));
+		$akte = getData($result);
+		if (!$akte)
+			return show_404();
+		$akte = current($akte);
+
+		$admin_access = false;
+		if ($uid !== null && $this->permissionlib->isBerechtigt('admin')) {
+			$stati = $this->PrestudentstatusModel->loadWhereUid($uid, null, true);
+			if (hasData($stati)) {
+				$person_ids = array_map(function ($status) {
+					return $status->person_id;
+				}, getData($stati));
+				$person_ids = array_unique($person_ids);
+				if (count($person_ids) == 1 && current($person_ids) == $akte->person_id) {
+					$admin_access = true;
+				}
+			}
+		}
+
+		if (!$admin_access && ($akte->person_id != getAuthPersonId() || !$akte->stud_selfservice))
+			return show_error('Forbidden', 403);
+
+		// NOTE(chris): Log bei einem Download vom Becheid
+		if (isset($akte->dokument_kurzbz) && ($akte->dokument_kurzbz === 'Bescheid' || $akte->dokument_kurzbz === 'BescheidEng')) {
+			$this->load->model('system/Webservicelog_model', 'WebservicelogModel');
+			$this->WebservicelogModel->insert([
+				'webservicetyp_kurzbz' => 'content',
+				'request_id' => (isset($akte->akte_id) && !empty($akte->akte_id)) ? $akte->akte_id : null,
+				'beschreibung' => 'Bescheidbestaetigungsdownload',
+				'request_data' => $_SERVER['QUERY_STRING'],
+				'execute_time' => date('c'),
+				'execute_user' => getAuthUID()
+			]);
+		}
+
+		$this->output->set_content_type($akte->mimetype);
+		$this->output->set_output(base64_decode($akte->inhalt));
+	}
+}

application/controllers/Cis/MyLv.php

@@ -0,0 +1,36 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ *
+ */
+class MyLv extends Auth_Controller
+{
+	/**
+	 * Constructor
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'index' => ['basis/cis:r'],
+			'Info' => [self::PERM_LOGGED]
+		]);
+	}
+
+	// -----------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * @return void
+	 */
+	public function index()
+	{
+		$this->load->view('Cis/MyLv');
+	}
+
+	public function Info($studien_semester,$lvid)
+	{
+		$this->load->view('Cis/LvInfo',['lvid'=> $lvid, 'studien_semester' => $studien_semester]);
+	}
+}

application/controllers/Cis/Profil.php

@@ -0,0 +1,737 @@
+<?php
+
+if (!defined('BASEPATH'))
+	exit('No direct script access allowed');
+
+class Profil extends Auth_Controller
+{
+
+	/**
+	 * Constructor
+	 */
+
+	public function __construct()
+	{
+		parent::__construct([
+			'index' => ['basis/cis:r'],
+			'foto_sperre_function' => ['basis/cis:r'],
+			'getView' => ['basis/cis:r'],
+			'View' => ['basis/cis:r'],
+			'isMitarbeiter' => ['basis/cis:r'],
+			'isStudent' => ['basis/cis:r'],
+			'getZustellAdresse' => ['basis/cis:r'],
+			'getZustellKontakt' => ['basis/cis:r'],
+			'getAllNationen' => ['basis/cis:r'],
+			'getGemeinden' => ['basis/cis:r'],
+
+		]);
+
+		$this->load->model('ressource/mitarbeiter_model', 'MitarbeiterModel');
+		$this->load->model('crm/Student_model', 'StudentModel');
+		$this->load->model('person/Benutzer_model', 'BenutzerModel');
+		$this->load->model('person/Person_model', 'PersonModel');
+		$this->load->model('person/Adresse_model', 'AdresseModel');
+		$this->load->model('person/Benutzerfunktion_model', 'BenutzerfunktionModel');
+		$this->load->model('person/Benutzergruppe_model', 'BenutzergruppeModel');
+		$this->load->model('ressource/Betriebsmittelperson_model', 'BetriebsmittelpersonModel');
+		$this->load->model('person/Kontakt_model', 'KontaktModel');
+		$this->load->model('person/Profil_update_model', 'ProfilUpdateModel');
+		$this->load->model('content/DmsVersion_model', 'DmsVersionModel');
+
+
+		//? put the uid and pid inside the controller for reusability
+		$this->uid = getAuthUID();
+		$this->pid = getAuthPersonID();
+	}
+
+	// -----------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+
+	/**
+	 * index loads the Profil view
+	 * @access public
+	 * @return void 
+	 */
+	public function index()
+	{
+		$this->load->view('Cis/Profil');
+	}
+
+	/**
+	 * redirects to the index function (needed to allow calling this URI)
+	 * @access public
+	 * @return void 
+	 */
+	public function View($uid)
+	{
+		$this->load->view('Cis/Profil');
+	}
+
+	/**
+	 * checks whether a specific userID is a mitarbeiter or not (foreword declaration of the function isMitarbeiter in Mitarbeiter_model.php)
+	 * @access public
+	 * @param  $uid the userID used to check if it is a mitarbeiter
+	 * @return boolean 
+	 */
+	public function isStudent($uid)
+	{
+		$result = $this->StudentModel->isStudent($uid);
+		if (isError($result)) {
+			show_error("error when calling Student_model function isStudent with uid " . $uid);
+		}
+		$result = getData($result);
+		echo json_encode($result);
+	}
+
+	/**
+	 * checks whether a specific userID is a mitarbeiter or not (foreword declaration of the function isMitarbeiter in Mitarbeiter_model.php)
+	 * @access public
+	 * @param  $uid the userID used to check if it is a mitarbeiter
+	 * @return boolean 
+	 */
+	public function isMitarbeiter($uid)
+	{
+		$result = $this->MitarbeiterModel->isMitarbeiter($uid);
+		if (isError($result)) {
+			show_error("error when calling Mitarbeiter_model function isMitarbeiter with uid " . $uid);
+		}
+		$result = getData($result);
+		echo json_encode($result);
+	}
+
+	/**
+	 * gets the adressen that are marked as zustell from the currenlty logged in user
+	 * @access public
+	 * @return array a list of adresse_id's 
+	 */
+	public function getZustellAdresse()
+	{
+		$this->AdresseModel->addSelect(["adresse_id"]);
+		$adressen_res = $this->AdresseModel->loadWhere(['person_id' => $this->pid, 'zustelladresse' => true]);
+		$adressen_res = hasData($adressen_res) ? getData($adressen_res) : null;
+		$adressen_res = array_map(function ($item) {
+			return $item->adresse_id;
+		}, $adressen_res);
+		echo json_encode($adressen_res);
+	}
+
+	/**
+	 * gets the kontakte that are marked as zustell from the currenlty logged in user
+	 * @access public
+	 * @return array a list of kontakt_id's 
+	 */
+	public function getZustellKontakt()
+	{
+		$this->KontaktModel->addSelect(["kontakt_id"]);
+		$kontakt_res = $this->KontaktModel->loadWhere(['person_id' => $this->pid, 'zustellung' => true]);
+		$kontakt_res = hasData($kontakt_res) ? getData($kontakt_res) : null;
+		$kontakt_res = array_map(function ($item) {
+			return $item->kontakt_id;
+		}, $kontakt_res);
+		echo json_encode($kontakt_res);
+	}
+
+	/**
+	 * function that returns the data used for the corresponding view
+	 * the client side parses the @param $uid and calls this function to get the data to the correct view 
+	 * @access public
+	 * @param  boolean $uid the userID used to identify which information should be retrieved for which view 
+	 * @return stdClass all the data corresponding to a view of a user
+	 */
+	public function getView($uid)
+	{
+		$res = new stdClass();
+
+		// if parsing the URL did not found a UID then the UID of the logged in user is used
+		if ($uid == "Profil" || $uid == $this->uid) {
+			$isMitarbeiter = $this->MitarbeiterModel->isMitarbeiter($this->uid);
+			if (isError($isMitarbeiter)) {
+				show_error("error while checking if UID: " . $this->uid . " is a mitarbeiter");
+			}
+			$isMitarbeiter = getData($isMitarbeiter);
+			if ($isMitarbeiter) {
+				$res->view = "MitarbeiterProfil";
+				$res->data = $this->mitarbeiterProfil();
+				$res->data->pid = $this->pid;
+			} else {
+				$res->view = "StudentProfil";
+				$res->data = $this->studentProfil();
+				$res->data->pid = $this->pid;
+			}
+		}
+		// UID is availabe when accessing Profil/View/:uid
+		else {
+			$this->PersonModel->addSelect(["person_id"]);
+			$pid = $this->PersonModel->getByUid($uid);
+			if (isError($pid)) {
+				show_error("error while trying to update table public.tbl_person while searching for a person with UID: " . $uid);
+			}
+			$pid = hasData($pid) ? getData($pid)[0] : null;
+			if (!$pid) {
+				show_error("Person with UID: " . $uid . " does not exist");
+			}
+			$isMitarbeiter = $this->MitarbeiterModel->isMitarbeiter($uid);
+			if (isError($isMitarbeiter)) {
+				show_error("error while checking if UID: " . $uid . " is a mitarbeiter");
+			}
+			$isMitarbeiter = getData($isMitarbeiter);
+			if ($isMitarbeiter) {
+				$res->view = "ViewMitarbeiterProfil";
+				$res->data = $this->viewMitarbeiterProfil($uid);
+
+			} else {
+				$res->view = "ViewStudentProfil";
+				$res->data = $this->viewStudentProfil($uid);
+			}
+		}
+		echo json_encode($res);
+	}
+
+	/**
+	 * update column foto_sperre in public.tbl_person
+	 * @access public
+	 * @param  boolean $value  new value for the column
+	 * @return boolean the new value added to the column in public.tbl_person
+	 */
+	public function foto_sperre_function($value)
+	{
+		$res = $this->PersonModel->update($this->pid, ["foto_sperre" => $value]);
+		if (isError($res)) {
+			show_error("error while trying to update table public.tbl_person");
+		}
+		$this->PersonModel->addSelect("foto_sperre");
+		$res = $this->PersonModel->load($this->pid);
+		if (isError($res)) {
+			show_error("error while trying to query table public.tbl_person");
+		}
+		$res = hasData($res) ? getData($res)[0] : null;
+		echo json_encode($res);
+	}
+
+	/**
+	 * gets all nations in the table bis.tbl_nation
+	 *
+	 * @access public
+	 * @return array all the nations in table bis.tbl_nation
+	 */
+	public function getAllNationen()
+	{
+		$this->load->model('codex/Nation_model', "NationModel");
+		$this->NationModel->addSelect(["nation_code as code", "langtext"]);
+		$nation_res = $this->NationModel->load();
+		if (isError($nation_res)) {
+			show_error("error while trying to query table codex.tbl_nation");
+		}
+		$nation_res = hasData($nation_res) ? getData($nation_res) : null;
+		echo json_encode($nation_res);
+	}
+
+	/**
+	 * gets specific gemeinden which are related to the ZIP and the Nation passed in the body of the get request
+	 * @access public
+	 * @var    $_GET function uses GET request payload
+	 * @return boolean the new value added to the column in public.tbl_person
+	 */
+	public function getGemeinden()
+	{
+		/** @var $nation value parsed out of the body of the get request */
+		$nation = $this->input->get('nation', true);
+		/** @var $zip value parsed out of the body of the get request and converted to a php integer with json_decode */
+		$zip = json_decode($this->input->get('zip', true));
+
+		$this->load->model('codex/Gemeinde_model', "GemeindeModel");
+		$this->GemeindeModel->addDistinct();
+		$this->GemeindeModel->addSelect(["name"]);
+		if ($nation == "A") {
+				if (isset($zip) && $zip > 999 && $zip < 32000) {
+
+						$gemeinde_res = $this->GemeindeModel->loadWhere(['plz' => $zip]);
+						if (isError($gemeinde_res)) {
+								show_error("error while trying to query bis.tbl_gemeinde");
+						}
+						$gemeinde_res = hasData($gemeinde_res) ? getData($gemeinde_res) : null;
+						$gemeinde_res = array_map(function ($obj) {
+								return $obj->name;
+						}, $gemeinde_res);
+						echo json_encode($gemeinde_res);
+
+				} else {
+						echo json_encode(error("ortschaftskennziffer code was not valid"));
+				}
+		} else {
+				echo json_encode(error("Nation was not 'A' (Austria)"));
+		}
+	}
+
+
+	// -----------------------------------------------------------------------------------------------------------------
+	// Private methods
+
+	/**
+	 * function that returns the data used for viewing another mitarbeiter profile
+	 * @access private 
+	 * @param  integer $uid the userID to retrieve the mitarbeiter data
+	 * @return stdClass restricted mitarbeiter data
+	 */
+	private function viewMitarbeiterProfil($uid)
+	{
+		$mailverteiler_res = $this->getMailverteiler($uid);
+		$benutzer_funktion_res = $this->getBenutzerFunktion($uid);
+		$benutzer_res = $this->getBenutzerAlias($uid);
+		$person_res = $this->getPersonInfo($uid);
+		$mitarbeiter_res = $this->getMitarbeiterInfo($uid);
+		$telefon_res = $this->getTelefonInfo($uid);
+
+		$res = new stdClass();
+		$res->username = $uid;
+
+		//? Person Info
+		foreach ($person_res as $key => $val) {
+			$res->$key = $val;
+		}
+
+		//? Mitarbeiter Info
+		foreach ($mitarbeiter_res as $key => $val) {
+			$res->$key = $val;
+
+		}
+
+		$intern_email = array();
+		$intern_email["type"] = "intern";
+		$intern_email["email"] = $uid . "@" . DOMAIN;
+		$extern_email = array();
+		$extern_email["type"] = "alias";
+		$extern_email["email"] = $benutzer_res->alias . "@" . DOMAIN;
+		$res->emails = array($intern_email, $extern_email);
+
+		$res->funktionen = $benutzer_funktion_res;
+		$res->mailverteiler = $mailverteiler_res;
+		$res->standort_telefon = isset($telefon_res) ? $telefon_res->kontakt : null;
+
+		return $res;
+	}
+
+	/**
+	 * function that returns the data used for viewing another student profile
+	 * @access private 
+	 * @param  integer $uid the userID to retrieve the student data
+	 * @return stdClass restricted student data
+	 */
+	private function viewStudentProfil($uid)
+	{
+		$mailverteiler_res = $this->getMailverteiler($uid);
+		$person_res = $this->getPersonInfo($uid);
+		$student_res = $this->getStudentInfo($uid);
+		$matr_res = $this->getMatrikelNummer($uid);
+
+		$res = new stdClass();
+		$res->username = $uid;
+
+		//? Person Information
+		foreach ($person_res as $key => $value) {
+			$res->$key = $value;
+		}
+
+		//? Student Information
+		foreach ($student_res as $key => $value) {
+			$res->$key = $value;
+		}
+
+		$intern_email = array();
+		$intern_email["type"] = "intern";
+		$intern_email["email"] = $uid . "@" . DOMAIN;
+
+		$res->emails = [$intern_email];
+		$res->matrikelnummer = $matr_res->matr_nr;
+		$res->mailverteiler = $mailverteiler_res;
+
+		return $res;
+	}
+
+	/**
+	 * function that returns the data used for the mitarbeiter profile
+	 * @access private 
+	 * @return stdClass mitarbeiter data
+	 */
+	private function mitarbeiterProfil()
+	{
+
+		$zutrittskarte_ausgegebenam = $this->getZutrittskarteDatum($this->uid);
+		$adresse_res = $this->getAdressenInfo($this->pid);
+		$kontakte_res = $this->getKontaktInfo($this->pid);
+		$mailverteiler_res = $this->getMailverteiler($this->uid);
+		$person_res = $this->getPersonInfo($this->uid, true);
+		$benutzer_funktion_res = $this->getBenutzerFunktion($this->uid);
+		$betriebsmittelperson_res = $this->getBetriebsmittelInfo($this->pid);
+		$profilUpdates = $this->getProfilUpdates($this->uid);
+		$telefon_res = $this->getTelefonInfo($this->uid);
+		$mitarbeiter_res = $this->getMitarbeiterInfo($this->uid);
+
+		$res = new stdClass();
+		$res->username = $this->uid;
+
+		//? Person Information
+		foreach ($person_res as $key => $value) {
+			$res->$key = $value;
+		}
+
+		//? Mitarbeiter Information
+		foreach ($mitarbeiter_res as $key => $value) {
+			$res->$key = $value;
+		}
+
+		$res->adressen = $adresse_res;
+		$res->zutrittsdatum = $zutrittskarte_ausgegebenam;
+		$res->kontakte = $kontakte_res;
+		$res->mittel = $betriebsmittelperson_res;
+		$res->mailverteiler = $mailverteiler_res;
+
+		$intern_email = array();
+		$intern_email["type"] = "intern";
+		$intern_email["email"] = $this->uid . "@" . DOMAIN;
+		$extern_email = array();
+		$extern_email["type"] = "alias";
+		$extern_email["email"] = $mitarbeiter_res->alias . "@" . DOMAIN;
+		$res->emails = [$intern_email, $extern_email];
+
+		$res->funktionen = $benutzer_funktion_res;
+		$res->standort_telefon = $telefon_res;
+		$res->profilUpdates = $profilUpdates;
+
+		return $res;
+	}
+
+	/**
+	 * function that returns the data used for the student profile
+	 * @access private 
+	 * @return stdClass student data
+	 */
+	private function studentProfil()
+	{
+		$betriebsmittelperson_res = $this->getBetriebsmittelInfo($this->pid);
+		$kontakte_res = $this->getKontaktInfo($this->pid);
+		$zutrittskarte_ausgegebenam = $this->getZutrittskarteDatum($this->uid);
+		$adresse_res = $this->getAdressenInfo($this->pid);
+		$mailverteiler_res = $this->getMailverteiler($this->uid);
+		$person_res = $this->getPersonInfo($this->uid, true);
+		$zutrittsgruppe_res = $this->getZutrittsgruppen($this->uid);
+		$student_res = $this->getStudentInfo($this->uid);
+		$matr_res = $this->getMatrikelNummer($this->uid);
+		$profilUpdates = $this->getProfilUpdates($this->uid);
+
+		$res = new stdClass();
+		$res->username = $this->uid;
+
+		//? Person Information
+		foreach ($person_res as $key => $value) {
+			$res->$key = $value;
+		}
+
+		//? Student Information
+		foreach ($student_res as $key => $value) {
+			$res->$key = trim($value);
+		}
+
+		$intern_email = array();
+		$intern_email["type"] = "intern";
+		$intern_email["email"] = $this->uid . "@" . DOMAIN;
+
+		$res->emails = [$intern_email];
+		$res->adressen = $adresse_res;
+		$res->zutrittsdatum = $zutrittskarte_ausgegebenam;
+		$res->kontakte = $kontakte_res;
+		$res->mittel = $betriebsmittelperson_res;
+		$res->matrikelnummer = $matr_res->matr_nr;
+		$res->zuttritsgruppen = $zutrittsgruppe_res;
+		$res->mailverteiler = $mailverteiler_res;
+		$res->profilUpdates = $profilUpdates;
+
+		return $res;
+	}
+
+	/**
+	 * gets all the mailverteiler using the tables: tbl_benutzer, tbl_benutzergruppe, tbl_gruppe
+	 * @access private
+	 * @param  integer $uid  the userID used to retrieve the mailverteiler 
+	 * @return array returns the mailvertailer corresponding to a userID 
+	 */
+	private function getMailverteiler($uid)
+	{
+		$this->PersonModel->addSelect('gruppe_kurzbz, beschreibung');
+		$this->PersonModel->addJoin('tbl_benutzer', 'person_id');
+		$this->PersonModel->addJoin('tbl_benutzergruppe', 'uid');
+		$this->PersonModel->addJoin('tbl_gruppe', 'gruppe_kurzbz');
+
+		$mailverteiler_res = $this->PersonModel->loadWhere(array('mailgrp' => true, 'uid' => $uid));
+		if (isError($mailverteiler_res)) {
+			show_error("was not able to query the table public.tbl_benutzer:" . getData($mailverteiler_res));
+		}
+		$mailverteiler_res = hasData($mailverteiler_res) ? getData($mailverteiler_res) : null;
+		$mailverteiler_res = array_map(function ($element) {
+			$element->mailto = "mailto:" . $element->gruppe_kurzbz . "@" . DOMAIN;
+			return $element;
+		}, $mailverteiler_res);
+		return $mailverteiler_res;
+	}
+
+	/**
+	 * gets all the Benutzerfunktionen of a corresponding user
+	 * @access private
+	 * @param  integer $uid  the userID used to retrieve the Benutzerfunktionen 
+	 * @return array returns the Benutzerfunktionen corresponding to a userID 
+	 */
+	private function getBenutzerFunktion($uid)
+	{
+		$this->BenutzerfunktionModel->addSelect(["tbl_benutzerfunktion.bezeichnung as Bezeichnung", "tbl_organisationseinheit.bezeichnung as Organisationseinheit", "datum_von as Gültig_von", "datum_bis as Gültig_bis", "wochenstunden as Wochenstunden"]);
+		$this->BenutzerfunktionModel->addJoin("tbl_organisationseinheit", "oe_kurzbz");
+
+		$benutzer_funktion_res = $this->BenutzerfunktionModel->loadWhere(array('uid' => $uid));
+		if (isError($benutzer_funktion_res)) {
+			show_error("was not able to query the table public.tbl_benutzerfunktion:" . getData($benutzer_funktion_res));
+		}
+		$benutzer_funktion_res = hasData($benutzer_funktion_res) ? getData($benutzer_funktion_res) : null;
+		return $benutzer_funktion_res;
+	}
+
+	/**
+	 * gets all the Betriebsmittel of a corresponding user
+	 * @access private
+	 * @param  integer $uid  the userID used to retrieve the Betriebsmittel 
+	 * @return array returns the Betriebsmittel corresponding to a userID 
+	 */
+	private function getBetriebsmittelInfo($pid)
+	{
+		$this->BetriebsmittelpersonModel->addSelect(["CONCAT(betriebsmitteltyp, ' ' ,beschreibung) as Betriebsmittel", "nummer as Nummer", "ausgegebenam as Ausgegeben_am"]);
+
+		//? betriebsmittel are not needed in a view
+		$betriebsmittelperson_res = $this->BetriebsmittelpersonModel->getBetriebsmittel($pid);
+		if (isError($betriebsmittelperson_res)) {
+			show_error("was not able to query the table public.tbl_betriebsmittelperson:" . getData($betriebsmittelperson_res));
+		}
+		$betriebsmittelperson_res = hasData($betriebsmittelperson_res) ? getData($betriebsmittelperson_res) : null;
+		return $betriebsmittelperson_res;
+	}
+
+	/**
+	 * gets the alias of a corresponding user
+	 * @access private
+	 * @param  integer $uid the userID used to get the alias
+	 * @return string the alias of the userID
+	 */
+	private function getBenutzerAlias($uid)
+	{
+		$this->BenutzerModel->addSelect(["alias"]);
+		$benutzer_res = $this->BenutzerModel->load([$uid]);
+		if (isError($benutzer_res)) {
+			show_error("was not able to query the table public.tbl_benutzer:" . getData($benutzer_res));
+		} else {
+			$benutzer_res = hasData($benutzer_res) ? getData($benutzer_res)[0] : null;
+		}
+
+		return $benutzer_res;
+	}
+
+	/**
+	 * gets the person information corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the person information
+	 * @param  integer $geburtsInfo flag wether to add the columns gebort, gebdatum, foto_sperre or not
+	 * @return array all the person informaion corresponding to a userID
+	 */
+	private function getPersonInfo($uid, $geburtsInfo = null)
+	{
+		$selectClause = ["foto", "anrede", "titelpost as postnomen", "titelpre as titel", "vorname", "nachname"];
+		/** @param integer $geburtsInfo */
+		if ($geburtsInfo) {
+			array_push($selectClause, "gebort");
+			array_push($selectClause, "gebdatum");
+			array_push($selectClause, "foto_sperre");
+		}
+		$this->BenutzerModel->addSelect($selectClause);
+		$this->BenutzerModel->addJoin("tbl_person", "person_id");
+
+		$person_res = $this->BenutzerModel->load([$uid]);
+		if (isError($person_res)) {
+			show_error("was not able to query the table public.tbl_benutzer:" . getData($person_res));
+		} else {
+			$person_res = hasData($person_res) ? getData($person_res)[0] : null;
+		}
+
+		return $person_res;
+	}
+
+	/**
+	 * gets the mitarbeiter information corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the mitarbeiter information
+	 * @return array all the mitarbeiter informaion corresponding to a userID
+	 */
+	private function getMitarbeiterInfo($uid)
+	{
+		$this->MitarbeiterModel->addSelect(["kurzbz", "telefonklappe", "alias", "ort_kurzbz"]);
+		$this->MitarbeiterModel->addJoin("tbl_benutzer", "tbl_benutzer.uid = tbl_mitarbeiter.mitarbeiter_uid");
+		$mitarbeiter_res = $this->MitarbeiterModel->load($uid);
+		if (isError($mitarbeiter_res)) {
+			show_error("was not able to query the table public.tbl_mitarbeiter:" . getData($mitarbeiter_res));
+		} else {
+			$mitarbeiter_res = hasData($mitarbeiter_res) ? getData($mitarbeiter_res)[0] : null;
+		}
+
+		return $mitarbeiter_res;
+	}
+
+	/**
+	 * gets the telefon information corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the telefon information
+	 * @return array all the telefon informaion corresponding to a userID
+	 */
+	private function getTelefonInfo($uid)
+	{
+		$this->MitarbeiterModel->addSelect(["kontakt"]);
+		$this->MitarbeiterModel->addJoin("tbl_kontakt", "tbl_mitarbeiter.standort_id = tbl_kontakt.standort_id");
+		$this->MitarbeiterModel->addLimit(1);
+		$telefon_res = $this->MitarbeiterModel->loadWhere(["mitarbeiter_uid" => $uid, "kontakttyp" => "telefon"]);
+		if (isError($telefon_res)) {
+			show_error("was not able to query the table public.tbl_mitarbeiter:" . getData($telefon_res));
+		}
+		$telefon_res = hasData($telefon_res) ? getData($telefon_res)[0] : null;
+		return $telefon_res;
+	}
+
+	/**
+	 * gets the student information corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the student information
+	 * @return array all the student informaion corresponding to a userID
+	 */
+	private function getStudentInfo($uid)
+	{
+		$this->StudentModel->addSelect(['tbl_studiengang.bezeichnung as studiengang', 'tbl_student.semester', 'tbl_student.verband', 'tbl_student.gruppe', 'tbl_student.matrikelnr as personenkennzeichen']);
+		$this->StudentModel->addJoin('tbl_studiengang', "tbl_studiengang.studiengang_kz=tbl_student.studiengang_kz");
+
+		$student_res = $this->StudentModel->load([$uid]);
+		if (isError($student_res)) {
+			show_error("was not able to query the table public.tbl_student:" . getData($student_res));
+		}
+		$student_res = hasData($student_res) ? getData($student_res)[0] : null;
+		return $student_res;
+	}
+
+	/**
+	 * gets the profil updates corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the profil updates
+	 * @return array all the profil updates corresponding to a userID
+	 */
+	private function getProfilUpdates($uid)
+	{
+		$profilUpdates = $this->ProfilUpdateModel->getProfilUpdatesWhere(['uid' => $uid]);
+		if (isError($profilUpdates)) {
+			show_error("was not able to query the table public.tbl_profil_update:" . getData($profilUpdates));
+		}
+		$profilUpdates = hasData($profilUpdates) ? getData($profilUpdates) : null;
+		return $profilUpdates;
+	}
+
+	/**
+	 * gets the Matrikelnummer corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the Matrikelnummer
+	 * @return integer the Matrikelnummer corresponding to a userID
+	 */
+	private function getMatrikelNummer($uid)
+	{
+		$this->BenutzerModel->addSelect(["matr_nr"]);
+		$this->BenutzerModel->addJoin("tbl_person", "person_id");
+
+		$matr_res = $this->BenutzerModel->load([$uid]);
+		if (isError($matr_res)) {
+			show_error("was not able to query the table public.tbl_benutzer:" . getData($matr_res));
+		}
+		$matr_res = hasData($matr_res) ? getData($matr_res)[0] : [];
+		return $matr_res;
+	}
+
+	/**
+	 * gets the Zutrittsgruppen corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the Zutrittsgruppen
+	 * @return array all the Zutrittsgruppen corresponding to a userID
+	 */
+	private function getZutrittsgruppen($uid)
+	{
+		$this->BenutzergruppeModel->addSelect(['bezeichnung']);
+		$this->BenutzergruppeModel->addJoin('tbl_gruppe', 'gruppe_kurzbz');
+
+		$zutrittsgruppe_res = $this->BenutzergruppeModel->loadWhere(array("uid" => $uid, "zutrittssystem" => true));
+		if (isError($zutrittsgruppe_res)) {
+			show_error("was not able to query the table public.tbl_benutzergruppe:" . getData($zutrittsgruppe_res));
+		}
+		$zutrittsgruppe_res = hasData($zutrittsgruppe_res) ? getData($zutrittsgruppe_res) : null;
+		return $zutrittsgruppe_res;
+	}
+
+	/**
+	 * gets the address information corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the address information
+	 * @return array all the address information corresponding to a userID
+	 */
+	private function getAdressenInfo($pid)
+	{
+		$adresse_res = $this->AdresseModel->addSelect(["adresse_id", "strasse", "tbl_adressentyp.bezeichnung as typ", "plz", "ort", "zustelladresse", "gemeinde", "nation"]);
+		$adresse_res = $this->AdresseModel->addOrder("zustelladresse", "DESC");
+		$adresse_res = $this->AdresseModel->addJoin("tbl_adressentyp", "typ=adressentyp_kurzbz");
+
+		$adresse_res = $this->AdresseModel->loadWhere(["person_id" => $pid]);
+		if (isError($adresse_res)) {
+			show_error("was not able to query the table public.tbl_adresse:" . getData($adresse_res));
+		}
+		$adresse_res = hasData($adresse_res) ? getData($adresse_res) : null;
+		return $adresse_res;
+	}
+
+	/**
+	 * gets the kontakt information corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the kontakt information
+	 * @return array all the kontakt information corresponding to a userID
+	 */
+	private function getKontaktInfo($pid)
+	{
+		$this->KontaktModel->addSelect(['kontakttyp', 'kontakt_id', 'kontakt', 'tbl_kontakt.anmerkung', 'tbl_kontakt.zustellung']);
+		$this->KontaktModel->addJoin('public.tbl_standort', 'standort_id', 'LEFT');
+		$this->KontaktModel->addJoin('public.tbl_firma', 'firma_id', 'LEFT');
+		$this->KontaktModel->addOrder('kontakttyp, kontakt, tbl_kontakt.updateamum, tbl_kontakt.insertamum');
+
+		$kontakte_res = $this->KontaktModel->loadWhere(['person_id' => $pid]);
+		if (isError($kontakte_res)) {
+			show_error("was not able to query the table public.tbl_kontakt:" . getData($kontakte_res));
+		}
+		$kontakte_res = hasData($kontakte_res) ? getData($kontakte_res) : null;
+		return $kontakte_res;
+	}
+
+	/**
+	 * gets the date of issue of the FH access card corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the date of issue of the FH access card
+	 * @return string the date of issue of the FH access card corresponding to a userID
+	 */
+	private function getZutrittskarteDatum($uid)
+	{
+		$zutrittskarte_ausgegebenam = $this->BetriebsmittelpersonModel->getBetriebsmittelByUid($uid, "Zutrittskarte");
+		if (isError($zutrittskarte_ausgegebenam)) {
+			show_error("was not able to query the table wavi.tbl_bentriebsmittelperson:" . getData($zutrittskarte_ausgegebenam));
+		}
+		$zutrittskarte_ausgegebenam = hasData($zutrittskarte_ausgegebenam) ? getData($zutrittskarte_ausgegebenam)[0]->ausgegebenam : null;
+
+		//? formats date from 01-01-2000 to 01.01.2000
+		$zutrittskarte_ausgegebenam = str_replace("-", ".", $zutrittskarte_ausgegebenam);
+		return $zutrittskarte_ausgegebenam;
+	}
+
+
+}

application/controllers/Cis/ProfilUpdate.php

@@ -0,0 +1,814 @@
+<?php
+
+if (!defined('BASEPATH'))
+	exit('No direct script access allowed');
+
+/**
+ *
+ */
+class ProfilUpdate extends Auth_Controller
+{
+
+	public static $STATUS_PENDING = NULL;
+	public static $STATUS_ACCEPTED = NULL;
+	public static $STATUS_REJECTED = NULL;
+
+	public static $TOPICS = [];
+
+
+	public function __construct()
+	{
+		parent::__construct([
+			'index' => ['student/stammdaten:r', 'mitarbeiter/stammdaten:r'],
+			'id' => ['student/stammdaten:r', 'mitarbeiter/stammdaten:r'],
+			'getProfilUpdateWithPermission' => ['student/stammdaten:r', 'mitarbeiter/stammdaten:r'],
+			'acceptProfilRequest' => ['student/stammdaten:rw', 'mitarbeiter/stammdaten:rw'],
+			'denyProfilRequest' => ['student/stammdaten:rw', 'mitarbeiter/stammdaten:rw'],
+			'show' => ['basis/cis:r'],
+
+			'insertProfilRequest' => ['basis/cis:rw'],
+			'updateProfilRequest' => ['basis/cis:rw'],
+			'deleteProfilRequest' => ['basis/cis:rw'],
+			'selectProfilRequest' => ['basis/cis:r'],
+			'insertFile' => ['basis/cis:rw'],
+			'getProfilRequestFiles' => ['basis/cis:r'],
+			'getStatus' => ['basis/cis:r'],
+			'getTopic' => ['basis/cis:r'],
+		]);
+
+		$this->load->config('cis');
+
+		$this->load->model('person/Profil_update_model', 'ProfilUpdateModel');
+		$this->load->model('person/Kontakt_model', 'KontaktModel');
+		$this->load->model('person/Adresse_model', 'AdresseModel');
+		$this->load->model('person/Adressentyp_model', 'AdressenTypModel');
+		$this->load->model('person/Person_model', 'PersonModel');
+		$this->load->model('ressource/mitarbeiter_model', 'MitarbeiterModel');
+		$this->load->model('crm/Student_model', 'StudentModel');
+		$this->load->model('person/Benutzer_model', 'BenutzerModel');
+		$this->load->model('system/Sprache_model', 'SpracheModel');
+		$this->load->model('person/Profil_update_status_model', 'ProfilUpdateStatusModel');
+		$this->load->model('person/Profil_update_topic_model', 'ProfilUpdateTopicModel');
+
+		// Load language phrases
+		$this->loadPhrases(
+			array(
+				'ui',
+				'global',
+				'person',
+				'profil',
+				'profilUpdate'
+			)
+		);
+
+		$this->load->library('DmsLib');
+		$this->load->library('PermissionLib');
+
+		//? put the uid and pid inside the controller for reusability
+		$this->uid = getAuthUID();
+		$this->pid = getAuthPersonID();
+
+		// setup the ProfilUpdate states
+		$this->ProfilUpdateStatusModel->addSelect(['status_kurzbz']);
+		$status_kurzbz = $this->ProfilUpdateStatusModel->load();
+		if (hasData($status_kurzbz)) {
+			list($status_pending, $status_accepted, $status_rejected) = getData($status_kurzbz);
+
+			self::$STATUS_PENDING = $status_pending->status_kurzbz;
+			self::$STATUS_ACCEPTED = $status_accepted->status_kurzbz;
+			self::$STATUS_REJECTED = $status_rejected->status_kurzbz;
+		}
+		// setup the ProfilUpdate topics
+		$this->ProfilUpdateTopicModel->addSelect(['topic_kurzbz']);
+		$topic_kurzbz = $this->ProfilUpdateTopicModel->load();
+
+		if (hasData($topic_kurzbz)) {
+			foreach (getData($topic_kurzbz) as $topic) {
+				self::$TOPICS[$topic->topic_kurzbz] = $topic->topic_kurzbz;
+			}
+		}
+	}
+
+
+	public function index()
+	{
+		$this->load->view('Cis/ProfilUpdate');
+	}
+
+	public function id($profil_update_id = null)
+	{
+		$this->load->view('Cis/ProfilUpdate', ['profil_update_id' => $profil_update_id]);
+	}
+
+	public function getStatus()
+	{
+		echo json_encode([self::$STATUS_PENDING => self::$STATUS_PENDING, self::$STATUS_ACCEPTED => self::$STATUS_ACCEPTED, self::$STATUS_REJECTED => self::$STATUS_REJECTED]);
+	}
+
+	public function getTopic()
+	{
+		echo json_encode(self::$TOPICS);
+	}
+
+	private function sendEmail_onProfilUpdate_response($uid, $topic, $status)
+	{
+		if($this->config->item('cis_send_profil_update_mails') === false)
+		{
+			return;
+		}
+
+		$this->load->helper('hlp_sancho_helper');
+		$email = $uid . "@" . DOMAIN;
+
+
+		function languageQuery($language)
+		{
+			return "select index from public.tbl_sprache where sprache = '" + $language + "'";
+		}
+		$this->ProfilUpdateStatusModel->addSelect(["bezeichnung_mehrsprachig[(" . languageQuery('German') . ")] as status_de", "bezeichnung_mehrsprachig[(" . languageQuery('English') . ")] as status_en"]);
+		$status_translation = $this->ProfilUpdateStatusModel->loadWhere(["status_kurzbz" => $status]);
+		if (isError($status_translation)) {
+			show_error($this->p->t('profilUpdate', 'ProfilUpdateStatusTranslationError'));
+		}
+		$status_translation = hasData($status_translation) ? getData($status_translation)[0] : null;
+		if (isset($status_translation)) {
+			$mail_res = sendSanchoMail("profil_update_response", ['topic' => $topic, 'status_de' => $status_translation->status_de, 'status_en' => $status_translation->status_en, 'href' => APP_ROOT . 'Cis/Profil'], $email, ("Profil Änderung " . $this->p->t('profilUpdate', 'pending')));
+			if (!$mail_res) {
+				show_error($this->p->t('profilUpdate', 'profilUpdate_email_error'));
+			}
+		}
+
+	}
+
+
+	private function sendEmail_onProfilUpdate_insertion($uid, $profil_update_id, $topic)
+	{
+		if($this->config->item('cis_send_profil_update_mails') === false)
+		{
+			return;
+		}
+
+		$this->load->helper('hlp_sancho_helper');
+		$emails = [];
+
+		$isMitarbeiter_res = $this->MitarbeiterModel->isMitarbeiter($uid);
+		if (isError($isMitarbeiter_res)) {
+			show_error($this->p->t('profilUpdate', 'profilUpdate_mitarbeiterCheck_error'));
+		}
+		$isMitarbeiter_res = getData($isMitarbeiter_res);
+
+		//! if the $uid is a mitarbeiter and student, only the hr is notified by email
+		if ($isMitarbeiter_res) {
+			//? user is not a student therefore he is a mitarbeiter, send email to Personalverwaltung
+			//? use constant variable MAIL_GST to mail to the personalverwaltung
+			$this->MitarbeiterModel->addSelect([TRUE]);
+			$this->MitarbeiterModel->addJoin("public.tbl_benutzer", "public.tbl_benutzer.uid = public.tbl_mitarbeiter.mitarbeiter_uid");
+			//? check if the the userID is a mitarbeiter and if the benutzer is active
+			$res = $this->MitarbeiterModel->loadWhere(["public.tbl_mitarbeiter.mitarbeiter_uid" => $uid, "public.tbl_benutzer.aktiv" => TRUE]);
+			if (isError($res)) {
+				show_error("was not able to query the mitarbeiter and benutzer by the uid: " . $uid);
+			}
+			if (hasData($res)) {
+				array_push($emails, MAIL_GST);
+			} else {
+				show_error($this->p->t('profilUpdate', 'profilUpdate_mitarbeiterCheck_error'));
+			}
+		} else {
+			//? if it is not a mitarbeiter, check whether it is a student and send email to studiengang
+			$isStudent_res = $this->StudentModel->isStudent($uid);
+			if (isError($isStudent_res)) {
+				show_error($this->p->t('profilUpdate', 'profilUpdate_studentCheck_error'));
+			}
+			$isStudent_res = getData($isStudent_res);
+			if ($isStudent_res) {
+				//? Send email to the Studiengangsassistentinnen
+				$this->StudentModel->addSelect(["public.tbl_studiengang.email"]);
+				$this->StudentModel->addJoin("public.tbl_benutzer", "public.tbl_benutzer.uid = public.tbl_student.student_uid");
+				$this->StudentModel->addJoin("public.tbl_prestudent", "public.tbl_benutzer.person_id = public.tbl_prestudent.person_id");
+				$this->StudentModel->addJoin("public.tbl_prestudentstatus", "public.tbl_prestudentstatus.prestudent_id = public.tbl_prestudent.prestudent_id");
+				$this->StudentModel->addJoin("public.tbl_studiengang", "public.tbl_studiengang.studiengang_kz = public.tbl_prestudent.studiengang_kz");
+				//* check if the benutzer itself is active
+				//* check if the student status is Student or Diplomand (active students)
+				$this->StudentModel->db->where_in("public.tbl_prestudentstatus.status_kurzbz", ['Student', 'Diplomand']);
+				$res = $this->StudentModel->loadWhere(["public.tbl_benutzer.aktiv" => TRUE, "public.tbl_student.student_uid" => $uid]);
+				if (isError($res)) {
+					show_error(getData($res));
+				} else {
+					$res = hasData($res) ? getData($res) : [];
+					foreach ($res as $emailObj) {
+						array_push($emails, $emailObj->email);
+					}
+				}
+			}
+		}
+		$mail_res = [];
+		//? sending email
+		foreach ($emails as $email) {
+			array_push($mail_res, sendSanchoMail("profil_update", ['uid' => $uid, 'topic' => $topic, 'href' => APP_ROOT . 'Cis/ProfilUpdate/id/' . $profil_update_id], $email, ("Profil Änderung von " . $uid)));
+		}
+		foreach ($mail_res as $m_res) {
+			if (!$m_res) {
+				show_error($this->p->t('profilUpdate', 'profilUpdate_email_error'));
+			}
+		}
+
+	}
+
+
+	public function show($dms_id)
+	{
+
+		$profil_update = $this->ProfilUpdateModel->loadWhere(['attachment_id' => $dms_id]);
+		$profil_update = hasData($profil_update) ? getData($profil_update)[0] : null;
+
+		//? checks if an profil update exists with the dms_id requested from the user
+		if ($profil_update) {
+			$is_mitarbeiter_profil_update = getData($this->MitarbeiterModel->isMitarbeiter($profil_update->uid));
+			$is_student_profil_update = getData($this->StudentModel->isStudent($profil_update->uid));
+
+			if (
+				$this->permissionlib->isBerechtigt('student/stammdaten:r') && $is_student_profil_update ||
+				$this->permissionlib->isBerechtigt('mitarbeiter/stammdaten:r') && $is_mitarbeiter_profil_update ||
+				$this->uid == $profil_update->uid
+			) {
+				// Get file to be downloaded from DMS
+				$newFilename = $this->uid . "/document_" . $dms_id;
+				$download = $this->dmslib->download($dms_id);
+				if (isError($download))
+					return $download;
+
+				// Download file
+				$this->outputFile(getData($download));
+
+
+			} else {
+				show_error($this->p->t('profilUpdate', 'profilUpdate_permission_error'));
+				return;
+			}
+
+		} else {
+			show_error($this->p->t('profilUpdate', 'profilUpdate_dms_error'));
+			return;
+		}
+
+	}
+
+
+	public function insertFile($replace)
+	{
+		$replace = json_decode($replace);
+
+		if (!count($_FILES)) {
+			echo json_encode([]);
+			return;
+		}
+
+		//? if replace is set it contains the profil_update_id in which the attachment_id has to be replaced
+		if (isset($replace)) {
+			$this->ProfilUpdateModel->addSelect(["attachment_id"]);
+			$profilUpdate = $this->ProfilUpdateModel->load([$replace]);
+			if (isError($profilUpdate)) {
+				return json_encode(error($this->p->t('profilUpdate', 'profilUpdate_loading_error')));
+			}
+			//? get the attachmentID
+			$dms_id = hasData($profilUpdate) ? getData($profilUpdate)[0]->attachment_id : null;
+
+			//? delete old dms_file of Profil Update
+			$this->deleteOldVersionFile($dms_id);
+		}
+
+
+		$files = $_FILES['files'];
+		$file_count = count($files['name']);
+
+		$res = [];
+
+		for ($i = 0; $i < $file_count; $i++) {
+			$_FILES['files']['name'] = $files['name'][$i];
+			$_FILES['files']['type'] = $files['type'][$i];
+			$_FILES['files']['tmp_name'] = $files['tmp_name'][$i];
+			$_FILES['files']['error'] = $files['error'][$i];
+			$_FILES['files']['size'] = $files['size'][$i];
+
+			$dms = [
+				"kategorie_kurzbz" => "profil_aenderung",
+				"version" => 0,
+				"name" => $_FILES['files']['name'],
+				"mimetype" => $_FILES['files']['type'],
+				"beschreibung" => $this->uid . " Profil Änderung",
+				"insertvon" => $this->uid,
+				"insertamum" => "NOW()",
+			];
+
+			$tmp_res = $this->dmslib->upload($dms, 'files', array("jpg", "png", "pdf"));
+
+			$tmp_res = hasData($tmp_res) ? getData($tmp_res) : null;
+			array_push($res, $tmp_res);
+		}
+
+		echo json_encode($res);
+	}
+
+
+	public function selectProfilRequest()
+	{
+		$_GET = json_decode($this->input->raw_input_stream, true);
+		$uid = $this->input->get('uid');
+		$id = $this->input->get('id');
+		$whereClause = ['uid' => $this->uid];
+
+		if (isset($uid))
+			$whereClause['uid'] = $uid;
+		if (isset($id))
+			$whereClause['id'] = $id;
+
+		$res = $this->ProfilUpdateModel->getProfilUpdatesWhere($whereClause);
+		$res = hasData($res) ? getData($res) : null;
+		echo json_encode($res);
+
+	}
+
+
+	public function getProfilRequestFiles()
+	{
+		$id = json_decode($this->input->raw_input_stream);
+
+		$this->ProfilUpdateModel->addSelect(["attachment_id"]);
+		$attachmentID = $this->ProfilUpdateModel->load([$id]);
+		if (isError($attachmentID)) {
+			return json_encode(error($this->p->t('profilUpdate', 'profilUpdate_loading_error')));
+		}
+		//? get the attachmentID
+		$dms_id = hasData($attachmentID) ? getData($attachmentID)[0]->attachment_id : null;
+
+		//? get the name to the file
+		$this->DmsVersionModel->addSelect(["name", "dms_id"]);
+		$attachment = $this->DmsVersionModel->load([$dms_id, 0]);
+		if (isError($attachment)) {
+			return json_encode(error($this->p->t('profilUpdate', 'profilUpdate_dmsVersion_error')));
+		}
+		$attachment = hasData($attachment) ? getData($attachment) : null;
+		//? returns {name:..., dms_id:...}
+		echo json_encode($attachment);
+	}
+
+	public function insertProfilRequest()
+	{
+
+		$json = json_decode($this->input->raw_input_stream);
+
+		$payload = $json->payload;
+		$identifier = property_exists($json->payload, "kontakt_id") ? "kontakt_id" : (property_exists($json->payload, "adresse_id") ? "adresse_id" : null);
+
+		$data = ["topic" => $json->topic, "uid" => $this->uid, "requested_change" => json_encode($payload), "insertamum" => "NOW()", "insertvon" => $this->uid, "status" => self::$STATUS_PENDING ?: 'Pending'];
+
+		//? insert fileID in the dataset if sent with post request
+		if (isset($json->fileID)) {
+			$data['attachment_id'] = $json->fileID;
+
+		}
+
+		//? loops over all updateRequests from a user to validate if the new request is valid
+		$res = $this->ProfilUpdateModel->getProfilUpdatesWhere(["uid" => $this->uid]);
+		if (isError($res)) {
+			show_error($this->p->t('profilUpdate', 'profilUpdate_loading_error'));
+		}
+		$res = hasData($res) ? getData($res) : null;
+
+		//? the user cannot delete a zustelladresse/kontakt
+		if (isset($payload->delete) && $payload->{$identifier == "kontakt_id" ? "zustellung" : "zustelladresse"}) {
+			echo json_encode(error($this->p->t('profilUpdate', 'profilUpdate_deleteZustellung_error')));
+			return;
+		}
+
+		//? if the user tries to delete a adresse, checks whether the adresse is a heimatadresse, if so an error is raised
+		if (isset($payload->delete) && $identifier == "adresse_id") {
+			$adr = $this->AdresseModel->load($payload->$identifier);
+			$adr = getData($adr)[0];
+			if ($adr->heimatadresse) {
+				echo json_encode(error($this->p->t('profilUpdate', 'profilUpdate_deleteZustellung_error')));
+				return;
+			}
+		}
+
+		if ($res) {
+			$pending_changes = array_filter($res, function ($element) {
+				return $element->status == (self::$STATUS_PENDING ?: "Pending");
+			});
+
+			foreach ($pending_changes as $update_request) {
+				$existing_change = $update_request->requested_change;
+
+				//? the user can add as many new kontakte/adressen as he likes
+				if (!isset($payload->add) && property_exists($existing_change, $identifier) && property_exists($payload, $identifier) && $existing_change->$identifier == $payload->$identifier) {
+					//? the kontakt_id / adresse_id of a change has to be unique 
+					echo json_encode(error($this->p->t('profilUpdate', 'profilUpdate_changeTwice_error')));
+					return;
+				}
+
+				//? if it is not updating any kontakt/adresse, the topic has to be unique
+				elseif (!$identifier && $update_request->topic == $json->topic) {
+					echo json_encode(error($this->p->t('profilUpdate', 'profilUpdate_changeTopicTwice_error', ['0' => $update_request->topic])));
+					return;
+				}
+			}
+		}
+
+		$insertID = $this->ProfilUpdateModel->insert($data);
+
+		if (isError($insertID)) {
+			show_error(getData($insertID));
+		} else {
+			$insertID = hasData($insertID) ? getData($insertID) : null;
+
+			//? sends emails to the correspondents of the $uid
+			$this->sendEmail_onProfilUpdate_insertion($this->uid, $insertID, $json->topic);
+			echo json_encode(success($insertID));
+		}
+	}
+
+	public function updateProfilRequest()
+	{
+		$json = json_decode($this->input->raw_input_stream);
+
+		$updateData = ["requested_change" => json_encode($json->payload), "updateamum" => "NOW()", "updatevon" => $this->uid];
+		if (isset($json->fileID)) {
+			$updateData['attachment_id'] = json_decode($json->fileID);
+		}
+		$updateID = $this->ProfilUpdateModel->update([$json->ID], $updateData);
+		//? insert fileID in the dataset if sent with post request
+
+		if (isError($updateID)) {
+			//catch error
+		} else {
+			$updateID = hasData($updateID) ? getData($updateID)[0] : null;
+			//TODO: should an email be sent to the responsable people when the user changes his profil update
+			echo json_encode(success($updateID));
+		}
+	}
+
+	public function deleteProfilRequest()
+	{
+
+		$json = json_decode($this->input->raw_input_stream);
+		$delete_res = $this->ProfilUpdateModel->delete([$json]);
+		echo json_encode($delete_res);
+	}
+
+
+	public function getProfilUpdateWithPermission($status = null)
+	{
+		// early return if no status has been passed as argument
+		if (!isset($status)) {
+			echo json_encode($this->ProfilUpdateModel->getProfilUpdateWithPermission());
+			return;
+		}
+
+		// get the sprache of the user
+		$sprachenIndex = $this->SpracheModel->loadWhere(["sprache" => getUserLanguage()]);
+		$sprachenIndex = hasData($sprachenIndex) ? getData($sprachenIndex)[0]->index : null;
+
+		if (isset($sprachenIndex) && isset($status)) {
+			// get the corresponding status kurz_bz primary key out of the translation
+			$status = $this->ProfilUpdateStatusModel->execReadOnlyQuery("select * from public.tbl_profil_update_status where ? = ANY(bezeichnung_mehrsprachig)", [$status]);
+			$status = hasData($status) ? getData($status)[0]->status_kurzbz : null;
+			$res = $this->ProfilUpdateModel->getProfilUpdateWithPermission(isset($status) ? ['status' => $status] : null);
+
+			echo json_encode($res);
+		}
+	}
+
+
+
+	private function getOE_from_student($student_uid)
+	{
+
+		//? returns the oe_einheit eines Studenten 
+		$query = "SELECT public.tbl_studiengang.oe_kurzbz
+		FROM public.tbl_student
+		JOIN public.tbl_studiengang ON tbl_student.studiengang_kz = public.tbl_studiengang.studiengang_kz
+		WHERE public.tbl_student.student_uid = ?;";
+
+		$res = $this->StudentModel->execReadOnlyQuery($query, [$student_uid]);
+		if (!isSuccess($res)) {
+			show_error($this->p->t('profilUpdate', 'profilUpdate_loadingOE_error'));
+		}
+		$res = hasData($res) ? getData($res) : [];
+		$res = array_map(
+			function ($item) {
+				return $item->oe_kurzbz;
+			},
+			$res
+		);
+		return $res;
+	}
+
+
+	public function acceptProfilRequest()
+	{
+		$_POST = json_decode($this->input->raw_input_stream, true);
+		$id = $this->input->post('profil_update_id', true);
+		$uid = $this->input->post('uid', true);
+
+		//? fetching person_id using UID
+		$personID = $this->PersonModel->getByUid($uid);
+		$personID = hasData($personID) ? getData($personID)[0]->person_id : null;
+		$status_message = $this->input->post('status_message', true);
+		$topic = $this->input->post('topic', true);
+
+		//! somehow the xss check converted boolean false to empty string
+		$requested_change = $this->input->post('requested_change');
+
+		//! check for required information
+		if (!isset($id) || !isset($uid) || !isset($personID) || !isset($requested_change) || !isset($topic)) {
+			return json_encode(error($this->p->t('profilUpdate', 'profilUpdate_requiredInformation_error')));
+		}
+
+		$is_mitarbeiter_profil_update = getData($this->MitarbeiterModel->isMitarbeiter($uid));
+		$is_student_profil_update = getData($this->StudentModel->isStudent($uid));
+
+
+		//? check if the permissions are set correctly
+		if (
+			$this->permissionlib->isBerechtigt('student/stammdaten', "suid", $this->getOE_from_student($uid)) && $is_student_profil_update ||
+			$this->permissionlib->isBerechtigt('mitarbeiter/stammdaten', "suid") && $is_mitarbeiter_profil_update
+		) {
+
+			if (is_array($requested_change) && array_key_exists("adresse_id", $requested_change)) {
+				$insertID = $this->handleAdresse($requested_change, $personID);
+				$insertID = hasData($insertID) ? getData($insertID) : null;
+				if (isset($insertID)) {
+					$requested_change['adresse_id'] = $insertID;
+					$update_res = $this->updateRequestedChange($id, $requested_change);
+					if (isError($update_res)) {
+						echo json_encode(error($this->p->t('profilUpdate', 'profilUpdate_address_error', [$insertID])));
+						return;
+					}
+				}
+
+			} else if (is_array($requested_change) && array_key_exists("kontakt_id", $requested_change)) {
+				$insertID = $this->handleKontakt($requested_change, $personID);
+				$insertID = hasData($insertID) ? getData($insertID) : null;
+				if (isset($insertID)) {
+					$requested_change['kontakt_id'] = $insertID;
+					$update_res = $this->updateRequestedChange($id, $requested_change);
+					if (isError($update_res)) {
+						echo json_encode(error($this->p->t('profilUpdate', 'profilUpdate_kontakt_error', [$insertID])));
+						return;
+					}
+				}
+
+
+			} else {
+				switch ($topic) {
+					// mapping phrasen to database columns to make the update with the correct column names
+					case self::$TOPICS['Titel']:
+						$topic = "titelpre";
+						break;
+					case self::$TOPICS['Postnomen']:
+						$topic = "titelpost";
+						break;
+					case self::$TOPICS['Vorname']:
+						$topic = "vorname";
+						break;
+					case self::$TOPICS['Nachname']:
+						$topic = "nachname";
+						break;
+					default:
+						show_error($this->p->t('profilUpdate', 'profilUpdate_topic_error', [$topic]));
+						return;
+				}
+
+				$result = $this->PersonModel->update($personID, [$topic => $requested_change["value"]]);
+				if (isError($result)) {
+					echo json_encode(error($this->p->t('profilUpdate', 'profilUpdate_insert_error')));
+					return;
+				}
+			}
+			$this->sendEmail_onProfilUpdate_response($uid, $topic, self::$STATUS_ACCEPTED);
+
+			echo json_encode($this->setStatusOnUpdateRequest($id, self::$STATUS_ACCEPTED, $status_message, $requested_change));
+		} else {
+			show_error($this->p->t('profilUpdate', 'profilUpdate_permission_error'));
+		}
+
+
+	}
+
+	public function denyProfilRequest()
+	{
+
+		$_POST = json_decode($this->input->raw_input_stream, true);
+		$id = $this->input->post('profil_update_id', true);
+		$uid = $this->input->post('uid', true);
+		$topic = $this->input->post('topic', true);
+		$status_message = $this->input->post('status_message', true);
+
+		$is_mitarbeiter_profil_update = getData($this->MitarbeiterModel->isMitarbeiter($uid));
+		$is_student_profil_update = getData($this->StudentModel->isStudent($uid));
+
+
+		if (
+			$this->permissionlib->isBerechtigt('student/stammdaten', "suid", $this->getOE_from_student($uid)) && $is_student_profil_update ||
+			$this->permissionlib->isBerechtigt('mitarbeiter/stammdaten', "suid") && $is_mitarbeiter_profil_update
+		) {
+			$this->sendEmail_onProfilUpdate_response($uid, $topic, self::$STATUS_REJECTED);
+			echo json_encode($this->setStatusOnUpdateRequest($id, self::$STATUS_REJECTED, $status_message));
+		} else {
+			show_error($this->p->t('profilUpdate', 'profilUpdate_permission_error'));
+		}
+
+
+	}
+
+	private function updateRequestedChange($id, $requested_change)
+	{
+		return $this->ProfilUpdateModel->update([$id], ['requested_change' => json_encode($requested_change)]);
+	}
+
+	private function setStatusOnUpdateRequest($id, $status, $status_message)
+	{
+		return $this->ProfilUpdateModel->update([$id], ["status" => $status, "status_timestamp" => "NOW()", "status_message" => $status_message]);
+	}
+
+	private function deleteOldVersionFile($dms_id)
+	{
+		if (!isset($dms_id)) {
+			return;
+		}
+
+		//? collect all the results of the deleted versions in an array 
+		$res = array();
+
+		//? delete all the different versions of the dms_file
+		$dmsVersions = $this->DmsVersionModel->loadWhere(["dms_id" => $dms_id]);
+		$dmsVersions = hasData($dmsVersions) ? getData($dmsVersions) : null;
+		if (isset($dmsVersions)) {
+			$zwischen_res = array_map(function ($item) {
+				return $item->version;
+			}, $dmsVersions);
+			foreach ($zwischen_res as $version) {
+				array_push($res, $this->DmsVersionModel->delete([$dms_id, $version]));
+			}
+		} else {
+			echo json_encode(error($this->p->t('profilUpdate', 'profilUpdate_dmsVersion_error')));
+		}
+
+		//? returns a result for each deleted dms_file
+		return $res;
+	}
+
+
+	private function handleKontakt($requested_change, $personID)
+	{
+		$kontakt_id = $requested_change["kontakt_id"];
+		//? removes the kontakt_id because we don't want to update the kontakt_id in the database
+		unset($requested_change["kontakt_id"]);
+
+
+		//! ADD
+		if (array_key_exists('add', $requested_change) && $requested_change['add']) {
+			//? removes add flag
+			unset($requested_change['add']);
+			$requested_change['person_id'] = $personID;
+			$requested_change['insertamum'] = "NOW()";
+			$requested_change['insertvon'] = getAuthUID();
+			$insertID = $this->KontaktModel->insert($requested_change);
+			$insert_kontakt_id = $insertID;
+			if (isError($insert_kontakt_id)) {
+				show_error($this->p->t('profilUpdate', 'profilUpdate_insertKontakt_error'));
+			}
+			$insert_kontakt_id = hasData($insert_kontakt_id) ? getData($insert_kontakt_id) : null;
+			if ($insert_kontakt_id) {
+				$this->handleDupplicateZustellKontakte($requested_change['zustellung'], $insert_kontakt_id);
+			}
+
+
+		}
+		//! DELETE
+		elseif (array_key_exists('delete', $requested_change) && $requested_change['delete']) {
+			$this->KontaktModel->delete($kontakt_id);
+		}
+		//! UPDATE
+		else {
+			$requested_change['updateamum'] = "NOW()";
+			$requested_change['updatevon'] = getAuthUID();
+
+			$update_kontakt_id = $this->KontaktModel->update($kontakt_id, $requested_change);
+
+			if (isError($update_kontakt_id)) {
+				show_error($this->p->t('profilUpdate', 'profilUpdate_updateKontakt_error'));
+			}
+			$update_kontakt_id = hasData($update_kontakt_id) ? getData($update_kontakt_id) : null;
+			if ($update_kontakt_id) {
+				$this->handleDupplicateZustellKontakte($requested_change['zustellung'], $update_kontakt_id);
+			}
+		}
+		return isset($insertID) ? $insertID : null;
+	}
+
+	private function handleAdresse($requested_change, $personID)
+	{
+
+		$this->AdressenTypModel->addSelect(["adressentyp_kurzbz"]);
+		$adr_kurzbz = $this->AdressenTypModel->loadWhere(["bezeichnung" => $requested_change['typ']]);
+		$adr_kurzbz = hasData($adr_kurzbz) ? getData($adr_kurzbz)[0]->adressentyp_kurzbz : null;
+		//? replace the address_typ with its correct kurzbz foreign key
+		$requested_change['typ'] = $adr_kurzbz;
+
+		$adresse_id = $requested_change["adresse_id"];
+		//? removes the adresse_id because we don't want to update the kontakt_id in the database
+		unset($requested_change["adresse_id"]);
+
+
+		//! ADD
+		if (array_key_exists('add', $requested_change) && $requested_change['add']) {
+
+			//? removes add flag
+			unset($requested_change['add']);
+			$requested_change['insertamum'] = "NOW()";
+			$requested_change['insertvon'] = getAuthUID();
+			$requested_change['person_id'] = $personID;
+			//TODO: zustelladresse, heimatadresse, rechnungsadresse und nation werden nicht beachtet
+			$insertID = $this->AdresseModel->insert($requested_change);
+			$insert_adresse_id = $insertID;
+			if (isError($insert_adresse_id)) {
+				show_error($this->p->t('profilUpdate', 'profilUpdate_insertAdresse_error'));
+			}
+			$insert_adresse_id = hasData($insert_adresse_id) ? getData($insert_adresse_id) : null;
+			if ($insert_adresse_id) {
+				$this->handleDupplicateZustellAdressen($requested_change['zustelladresse'], $insert_adresse_id);
+			}
+
+		}
+		//! DELETE
+		elseif (array_key_exists('delete', $requested_change) && $requested_change['delete']) {
+			$this->AdresseModel->delete($adresse_id);
+		}
+		//! UPDATE
+		else {
+			$requested_change['updateamum'] = "NOW()";
+			$requested_change['updatevon'] = getAuthUID();
+			$update_adresse_id = $this->AdresseModel->update($adresse_id, $requested_change);
+			if (isError($update_adresse_id)) {
+				show_error($this->p->t('profilUpdate', 'profilUpdate_updateAdresse_error'));
+			}
+			$update_adresse_id = hasData($update_adresse_id) ? getData($update_adresse_id) : null;
+			if ($update_adresse_id) {
+				$this->handleDupplicateZustellAdressen($requested_change['zustelladresse'], $update_adresse_id);
+			}
+		}
+		return isset($insertID) ? $insertID : null;
+	}
+
+
+	private function handleDupplicateZustellKontakte($zustellung, $kontakt_id)
+	{
+		if ($zustellung) {
+			$this->PersonModel->addSelect("public.tbl_kontakt.kontakt_id");
+			$this->PersonModel->addJoin("public.tbl_kontakt", "public.tbl_kontakt.person_id = public.tbl_person.person_id");
+			$zustellKontakteArray = $this->PersonModel->loadWhere(["public.tbl_person.person_id" => $this->pid, "zustellung" => TRUE]);
+			if (!isSuccess($zustellKontakteArray)) {
+				return error($this->p->t('profilUpdate', 'profilUpdate_loadingZustellkontakte_error'));
+			}
+			$zustellKontakteArray = hasData($zustellKontakteArray) ? getData($zustellKontakteArray) : null;
+
+			if ($zustellung && count($zustellKontakteArray) > 0) {
+				$zustellKontakteArray = array_filter($zustellKontakteArray, function ($kontakt) use ($kontakt_id) {
+					return $kontakt->kontakt_id != $kontakt_id;
+				});
+				foreach ($zustellKontakteArray as $kontakt) {
+					$this->KontaktModel->update($kontakt->kontakt_id, ["zustellung" => FALSE]);
+				}
+
+			}
+		}
+	}
+
+	private function handleDupplicateZustellAdressen($zustellung, $adresse_id)
+	{
+		if ($zustellung) {
+			$this->PersonModel->addSelect("public.tbl_adresse.adresse_id");
+			$this->PersonModel->addJoin("public.tbl_adresse", "public.tbl_adresse.person_id = public.tbl_person.person_id");
+			$zustellAdressenArray = $this->PersonModel->loadWhere(["public.tbl_person.person_id" => $this->pid, "zustelladresse" => TRUE]);
+			if (!isSuccess($zustellAdressenArray)) {
+				return error($this->p->t('profilUpdate', 'profilUpdate_loadingZustellAdressen_error'));
+			}
+			$zustellAdressenArray = hasData($zustellAdressenArray) ? getData($zustellAdressenArray) : null;
+
+			if ($zustellung && count($zustellAdressenArray) > 0) {
+
+				$zustellAdressenArray = array_filter($zustellAdressenArray, function ($adresse) use ($adresse_id) {
+
+					return $adresse->adresse_id != $adresse_id;
+				});
+				foreach ($zustellAdressenArray as $adresse) {
+					$this->AdresseModel->update($adresse->adresse_id, ["zustelladresse" => FALSE]);
+				}
+
+			}
+		}
+	}
+
+
+}

application/controllers/Cis/Pub.php

@@ -0,0 +1,167 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+ 
+/**
+ *
+ */
+class Pub extends Auth_Controller
+{
+	/**
+	 * Constructor
+	 */
+	public function __construct()
+	{
+		parent::__construct(
+		    array(
+			'bild' => ['basis/cis:r']
+		    )
+		);
+	}
+
+	// -----------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * @param string	$source [person|akte]
+	 * @param integer	$id
+	 * @return void
+	 */
+	public function bild($source, $id)
+	{
+		$this->load->model('person/Person_model', 'PersonModel');
+
+		$person_id_user = '';
+		$serverzugriff = false;
+
+		// Wenn das Bild direkt aufgerufen wird, ist eine Authentifizierung erforderlich
+		// Wenn es vom Server selbst aufgerufen wird, ist keine Auth. notwendig
+		// (z.B. fuer die Erstellung von PDFs)
+		if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
+			// Wenn Session gesetzt ist, keine Abfrage, da diese Personen noch keine UID haben
+			
+			if (isset($_SESSION['incoming/user'])) { // Von Incomingtool
+				$result = $this->PersonModel->loadWhere([
+					'zugangscode' => $_SESSION['incoming/user']
+				]);
+				if (hasData($result))
+					$person_id_user = current(getData($result))->person_id;
+			} elseif (isset($_SESSION['prestudent/user'])) { // Von Prestudententool
+				$result = $this->PersonModel->loadWhere([
+					'zugangscode' => $_SESSION['prestudent/user']
+				]);
+				if (hasData($result))
+					$person_id_user = current(getData($result))->person_id;
+			} elseif (isset($_SESSION['bewerbung/personId'])) { // Von Bewerbungstool
+				$person_id_user = $_SESSION['bewerbung/personId'];
+			} else {
+				$person_id_user = getAuthPersonId();
+			}
+		} else {
+			$serverzugriff = true;
+		}
+
+		// Default Bild (Dummy Profilbild)
+		$cTmpHEX = base64_encode(file_get_contents(FHCPATH . 'skin/images/profilbild_dummy.jpg'));
+
+		if ($source == 'person' && $id) {
+			$foto_gesperrt = false;
+			// Person laden und Fotosperre überprüfen
+			$result = $this->PersonModel->load($id);
+			if (hasData($result)) {
+				$person = current(getData($result));
+				if ($person->foto_sperre) {
+					// Wenn der User selbst darauf zugreift darf er das Bild sehen
+					$foto_gesperrt = ($person_id_user != $id);
+				} elseif (!$person_id_user && !$serverzugriff) {
+					$foto_gesperrt = true;
+				}
+
+				if ($person->foto && !$foto_gesperrt) {
+					$cTmpHEX = base64_decode($person->foto);
+				}
+			}
+		}
+		if($source == 'akte' && $id != '')
+		{
+			$this->load->model('crm/Akte_model', 'AkteModel');
+
+			$this->AkteModel->addJoin('public.tbl_person', 'person_id');
+			$result = $this->AkteModel->loadWhere([
+				'person_id' => $id,
+				'dokument_kurzbz' => 'Lichtbil'
+			]);
+
+			if (hasData($result)) {
+				$foto_gesperrt = false;
+
+				$akte = current(getData($result));
+				if ($akte->foto_sperre) {
+					// Wenn der User selbst darauf zugreift darf er das Bild sehen
+					$foto_gesperrt = ($person_id_user != $id);
+				} elseif (!$person_id_user && !$serverzugriff) {
+					$foto_gesperrt = true;
+				}
+
+				// Wenn das Foto nicht im Inhalt steht wird aus aus dem DMS geladen
+				if (!$akte->inhalt && $akte->dms_id) {
+					$this->load->model('content/Dms_model', 'DmsModel');
+					$this->load->model('content/DmsVersion_model', 'DmsVersionModel');
+
+					$this->DmsModel->addJoin('campus.tbl_dms_version', 'dms_id');
+					$this->DmsModel->addOrder('version', 'DESC');
+					$this->DmsModel->addLimit(1);
+					$result = $this->DmsModel->load($akte->dms_id);
+
+					if (!hasData($result))
+						die('Kein Dokument vorhanden');
+
+					$dms = current(getData($result));
+
+					$filename = DMS_PATH . $dms->filename;
+
+					$this->DmsVersionModel->update([
+						'dms_id' => $dms->dms_id,
+						'version' => $dms->version
+					], [
+						'letzterzugriff' => date('c')
+					]);
+
+					if (file_exists($filename)) {
+						$handle = fopen($filename, "r");
+						if ($handle) {
+							while (!feof($handle)) {
+								$akte->inhalt .= fread($handle, 8192);
+							}
+							fclose($handle);
+						} else {
+							echo 'Fehler: Datei konnte nicht geoeffnet werden';
+						}
+					} else {
+						echo 'Die Datei existiert nicht';
+					}
+				}
+
+				if ($akte->inhalt && !$foto_gesperrt) {
+					$cTmpHEX = $akte->inhalt;
+				}
+			}
+		}
+
+		// die bilder werden, sofern es funktioniert, in jpg umgewandelt da es sonst zu fehlern beim erstellen
+		// von pdfs kommen kann.
+
+		$im = @imagecreatefromstring(base64_decode($cTmpHEX));
+		if ($im) {
+			@ob_clean();
+			header("Content-type: image/jpeg");
+			exit(imagejpeg($im));
+		} else {
+			// bei manchen Bildern funktioniert die konvertierung nicht
+			// diese werden dann einfach so angezeigt.
+			@ob_clean();
+			header("Content-type: image/gif");
+			exit($cTmpHEX);
+		}
+	}
+}

application/controllers/Cis/Stundenplan.php

@@ -3,30 +3,28 @@
 if (! defined('BASEPATH')) exit('No direct script access allowed');
 
 /**
- * Test VBform Vue Component
+ *
  */
-class TestVBform extends Auth_Controller
+class Stundenplan extends Auth_Controller
 {
 	/**
 	 * Constructor
 	 */
 	public function __construct()
 	{
-		parent::__construct(
-			array(
-				'index' => 'system/developer:r'
-			)
-		);
+		parent::__construct([
+			'index' => ['basis/cis:r']
+		]);
 	}
 
 	// -----------------------------------------------------------------------------------------------------------------
 	// Public methods
 
 	/**
-	 * Everything has a beginning
+	 * @return void
 	 */
 	public function index()
 	{
-		$this->load->view('system/logs/testVBform.php');
+		$this->load->view('Cis/Stundenplan');
 	}
 }

application/controllers/Cis4.php

@@ -0,0 +1,41 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ *
+ */
+class Cis4 extends Auth_Controller
+{
+	/**
+	 * Constructor
+	 */
+	public function __construct()
+	{
+		parent::__construct(
+		    array(
+			'index' => 'basis/cis:r'
+		    )
+		);
+	}
+
+	// -----------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * @return void
+	 */
+	public function index()
+	{
+		$this->load->model('person/Person_model','PersonModel');
+		$personData = getData($this->PersonModel->getByUid(getAuthUID()))[0];
+		
+		$viewData = array(
+			'uid' => getAuthUID(),
+			'name' => $personData->vorname,
+			'person_id' => $personData->person_id
+		);
+
+		$this->load->view('CisVue/Dashboard.php',['viewData' => $viewData]);
+	}
+}

application/controllers/CisVue/Cms.php

@@ -0,0 +1,127 @@
+<?php
+
+if (!defined('BASEPATH'))
+	exit('No direct script access allowed');
+
+/**
+ *
+ */
+class Cms extends Auth_Controller
+{
+	/**
+	 * Constructor
+	 */
+	public function __construct()
+	{
+		parent::__construct(
+		    array(
+			'content' => 'basis/cis:r',
+			'getNews' => 'basis/cis:r',
+			'getNewsRowCount' => 'basis/cis:r',
+			'getRoomInformation' => 'basis/cis:r',
+			'news' => 'basis/cis:r'
+		    )
+		);
+
+		// Loads Libraries
+		$this->load->library('CmsLib');
+
+		// Loads phrases system
+		$this->loadPhrases([
+			'global'
+		]);
+
+	}
+
+	// -----------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * @param int		$content_id
+	 * @param int		$version
+	 * @param string	$sprache
+	 * @param boolean	$sichtbar
+	 *
+	 * @return void
+	 */
+	public function content($content_id, $version = null, $sprache = null, $sichtbar = true)
+	{
+		// return early if the content_id for the content is missing
+		if (!isset($content_id))
+			$this->terminateWithError("content_id is missing");
+
+		$content = $this->ContentModel->load($content_id);
+		if (isError($content))
+			$this->terminateWithError(getError($content));
+
+		$content = getData($content);
+		if (NULL === $content)
+			$this->terminateWithError("Content not found");
+
+		$content = current($content);
+
+		$this->load->view('CisVue/Cms/Content', ['content_id' => $content_id, 'template_kurzbz' => $content->template_kurzbz, 'version' => $version, 'sprache' => $sprache, 'sichtbar' => $sichtbar]);
+	}
+
+	/**
+	 * @param boolean			$infoscreen
+	 * @param string | null		$studiengang_kz
+	 * @param int | null		$semester
+	 * @param boolean			$mischen
+	 * @param string			$titel
+	 * @param boolean			$edit
+	 * @param boolean			$sichtbar
+	 *
+	 * @return void
+	 */
+	public function news($infoscreen = false, $studiengang_kz = null, $semester = null, $mischen = true, $titel = '', $edit = false, $sichtbar = true)
+	{
+		$this->load->view('CisVue/Cms/Content', ['infoscreen' => $infoscreen, 'studiengang_kz' => $studiengang_kz, 'semester' => $semester, 'mischen' => $mischen, 'titel' => $titel, 'edit' => $edit, 'sichtbar' => $sichtbar]);
+	}
+
+	public function getNews($infoscreen = false, $studiengang_kz = null, $semester = null, $mischen = true, $titel = '', $edit = false, $sichtbar = true)
+	{
+		$get_page = intval($this->input->get('page', true));
+		$get_page_size = intval($this->input->get('page_size', true));
+		if ($get_page) {
+			$page = $get_page;
+		}
+		if ($get_page_size) {
+			$page_size = $get_page_size;
+		} else {
+			$page_size = $this->page_size;
+		}
+		$news = $this->cmslib->getNews($infoscreen, $studiengang_kz, $semester, $mischen, $titel, $edit, $sichtbar, $page, $page_size);
+
+		if (isError($news)) {
+			$this->terminateWithJsonError(getError($news));
+		}
+		$news = hasData($news) ? getData($news) : null;
+		if ($news) {
+			echo json_encode($news);
+		} else {
+			show_error("News: No data found");
+		}
+
+	}
+
+	public function getNewsRowCount($infoscreen = false, $studiengang_kz = null, $semester = null, $mischen = true, $titel = '', $fachbereich_kurzbz = null, $maxalter = 0, $edit = false, $sichtbar = true, $page = 1, $page_size = 10)
+	{
+		list($studiengang_kz, $semester) = $this->cmslib->getStgAndSem($studiengang_kz, $semester);
+		$all = $edit;
+		$num_rows = $this->NewsModel->countNewsWithContent(getSprache(), $studiengang_kz, $semester, $fachbereich_kurzbz, $sichtbar, $maxalter, $page, $this->page_size, $all, $mischen);
+		if (isError($num_rows)) {
+			$this->terminateWithJsonError(getError($num_rows));
+		}
+		$num_rows = hasData($num_rows) ? getData($num_rows) : null;
+		if ($num_rows) {
+			echo json_encode($num_rows);
+		} else {
+			show_error("News number rows: No data found");
+		}
+	}
+
+	public function getRoomInformation($ort_kurzbz){
+		$this->load->view('CisVue/Cms/RoomInformation',['ort_kurzbz'=>$ort_kurzbz]);
+	}
+}

application/controllers/CisVue/Dashboard.php

@@ -0,0 +1,45 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ *
+ */
+class Dashboard extends Auth_Controller
+{
+	/**
+	 * Constructor
+	 */
+	public function __construct()
+	{
+		parent::__construct(
+			array(
+				'index' => 'dashboard/benutzer:r'
+			)
+		);
+	}
+
+	// -----------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * @return void
+	 */
+	public function index()
+	{
+
+		$this->load->model('person/Person_model','PersonModel');
+		$begruesung = $this->PersonModel->getFirstName(getAuthUID());
+		if(isError($begruesung))
+		{
+			show_error("name couldn't be loaded for username ".getAuthUID());
+		}
+		$begruesung = getData($begruesung);
+		$viewData = array(
+			'name' => $begruesung
+		);
+		
+		$this->load->view('CisVue/Dashboard.php', ['viewData' => $viewData]);
+
+	}
+}

application/controllers/Studentenverwaltung.php

@@ -0,0 +1,40 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+class Studentenverwaltung extends Auth_Controller
+{
+	public function __construct()
+	{
+		$permissions = [];
+		$router = load_class('Router');
+		$permissions[$router->method] = ['admin:r', 'assistenz:r'];
+		parent::__construct($permissions);
+
+		// Load Libraries
+		$this->load->library('VariableLib', ['uid' => getAuthUID()]);
+	}
+
+	/**
+	 * @return void
+	 */
+	public function _remap()
+	{
+		$this->load->view('Studentenverwaltung', [
+			'permissions' => [
+				'student/bpk' => $this->permissionlib->isBerechtigt('student/bpk'),
+				'student/alias' => $this->permissionlib->isBerechtigt('student/alias'),
+				'basis/prestudent' => $this->permissionlib->isBerechtigt('basis/prestudent'),
+				'basis/prestudentstatus' => $this->permissionlib->isBerechtigt('basis/prestudentstatus'),
+				'assistenz_stgs' => $this->permissionlib->getSTG_isEntitledFor('assistenz'),
+				'admin' => $this->permissionlib->isBerechtigt('admin'),
+				'assistenz_schreibrechte' => $this->permissionlib->isBerechtigt('assistenz','suid'),
+				'student/keine_studstatuspruefung' => $this->permissionlib->isBerechtigt('student/keine_studstatuspruefung'),
+				'lehre/reihungstestAufsicht' => $this->permissionlib->isBerechtigt('lehre/reihungstestAufsicht')
+			],
+			'variables' => [
+				'semester_aktuell' => $this->variablelib->getVar('semester_aktuell')
+			]
+		]);
+	}
+}

application/controllers/Test.php

@@ -1,16 +0,0 @@
-<?php
- 
-if ( !defined("PHPUNIT_TEST") ) {
-    show_404();
-}
- 
-class Test extends CI_Controller
-{
-    public function index()
-    {
-        // Yep... This is all we need.
-        ini_set('error_reporting', E_ALL); // or error_reporting(E_ALL);
-        ini_set('display_errors', '1');
-        ini_set('display_startup_errors', '1');
-    }
-}

application/controllers/api/frontend/fas/studstatus/Wiederholung.php

@@ -0,0 +1,163 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+
+/**
+ * This controller operates between (interface) the JS (FAS) and the AntragLib (back-end)
+ * This controller works with calls on the HTTP GET or POST and the output is always RDF
+ */
+class Wiederholung extends Auth_Controller
+{
+
+	/**
+	 * Calls the parent's constructor and loads the FilterCmptLib
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'getLvs' => ['student/studierendenantrag:r', 'student/noten:r'],
+			'moveLvsToZeugnis' => ['student/studierendenantrag:w', 'student/noten:w']
+		]);
+
+		// Libraries
+		$this->load->library('AntragLib');
+
+		// Load language phrases
+		$this->loadPhrases([
+			'global',
+			'studierendenantrag'
+		]);
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	public function getLvs($prestudent_id)
+	{
+		// header für no cache
+		$this->output->set_header("Cache-Control: no-cache");
+		$this->output->set_header("Cache-Control: post-check=0, pre-check=0", false);
+		$this->output->set_header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+		$this->output->set_header("Pragma: no-cache");
+		$this->output->set_header("Content-type: application/xhtml+xml");
+
+		$this->load->library('VariableLib', ['uid' => getAuthUID()]);
+		$sem_akt = $this->variablelib->getVar('semester_aktuell');
+
+
+		$result = $this->antraglib->getLvsForPrestudent($prestudent_id, $sem_akt);
+		if (isError($result))
+			return $result;
+		$lvs = $result->retval;
+
+		$rdf_url = 'http://www.technikum-wien.at/antragnote';
+
+		$this->load->view('lehre/Antrag/Wiederholung/getLvs.rdf.php', [
+			'url' => $rdf_url,
+			'lvs' => $lvs
+		]);
+	}
+
+	public function moveLvsToZeugnis()
+	{
+		$anzahl = $this->input->post('anzahl');
+		$student_uid = $this->input->post('student_uid');
+		$this->load->model('education/Studierendenantraglehrveranstaltung_model', 'StudierendenantraglehrveranstaltungModel');
+		$this->load->model('education/Zeugnisnote_model', 'ZeugnisnoteModel');
+
+		$errormsg = array();
+
+		for($i=0; $i<$anzahl; $i++)
+		{
+			$id = $this->input->post('studierendenantrag_lehrveranstaltung_id_' . $i);
+			$result =$this->StudierendenantraglehrveranstaltungModel->load($id);
+			if(isError($result))
+			{
+				$errormsg[] = getError($result);
+			}
+			elseif(!hasData($result))
+			{
+				$errormsg[] = $this->p->t('studierendenantrag', 'error_no_lv_in_application');
+			}
+			else
+			{
+				$antragLv = getData($result)[0];
+				$result= $this->ZeugnisnoteModel->load([
+					'lehrveranstaltung_id'=> $antragLv->lehrveranstaltung_id,
+					'student_uid'=> $student_uid,
+					'studiensemester_kurzbz' => $antragLv->studiensemester_kurzbz
+				]);
+				if(isError($result))
+				{
+					$errormsg[] = getError($result);
+				}
+				else
+				{
+					if (hasData($result))
+					{
+						$result = $this->ZeugnisnoteModel->update(
+							[
+								'lehrveranstaltung_id'=> $antragLv->lehrveranstaltung_id,
+								'student_uid'=> $student_uid,
+								'studiensemester_kurzbz' => $antragLv->studiensemester_kurzbz
+							],
+							[
+								'note'=> $antragLv->note,
+								'uebernahmedatum' => date('c'),
+								'benotungsdatum' => $antragLv->insertamum,
+								'updateamum' => date('c'),
+								'bemerkung'=>$antragLv->anmerkung,
+								'updatevon'=>getAuthUID()
+							]
+						);
+					}
+					else
+					{
+						$result = $this->ZeugnisnoteModel->insert([
+							'lehrveranstaltung_id'=> $antragLv->lehrveranstaltung_id,
+							'student_uid'=> $student_uid,
+							'studiensemester_kurzbz' => $antragLv->studiensemester_kurzbz,
+							'note'=> $antragLv->note,
+							'uebernahmedatum' => date('c'),
+							'benotungsdatum' => $antragLv->insertamum,
+							'insertamum' => date('c'),
+							'bemerkung'=>$antragLv->anmerkung,
+							'insertvon'=>getAuthUID()
+						]);
+					}
+					if(isError($result))
+					{
+						$errormsg[] = getError($result);
+					}
+				}
+			}
+		}
+
+		if($errormsg)
+			$return = false;
+		else
+			$return = true;
+
+		$this->load->view('lehre/Antrag/Wiederholung/moveLvs.rdf.php', [
+			'return' => $return,
+			'errormsg' => $errormsg
+		]);
+	}
+}

application/controllers/api/frontend/v1/Ampeln.php

@@ -0,0 +1,145 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (!defined('BASEPATH')) exit('No direct script access allowed');
+
+class Ampeln extends FHCAPI_Controller
+{
+
+	/**
+	 * Object initialization
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'open' => self::PERM_LOGGED,
+			'all' => self::PERM_LOGGED,
+			'confirm' => self::PERM_LOGGED,
+			'alleAmpeln' => self::PERM_LOGGED,
+		]);
+
+		$this->load->model('content/Ampel_model', 'AmpelModel');
+		$this->load->model('system/Sprache_model', 'SpracheModel');
+
+		$this->uid = getAuthUID();
+		$this->pid = getAuthPersonID();
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * confirms ampel and inserts ampel_id in public.tbl_ampel_benutzer_bestaetigt
+	 * @access public
+	 *
+	 */
+	public function confirm($ampel_id)
+	{
+		$this->load->library('form_validation');
+		$this->form_validation->set_data(['ampel_id'=> $ampel_id]);
+		$this->form_validation->set_rules('ampel_id', 'Ampel ID', 'required|integer');
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		// load Ampel_benutzer_bestaetigt_model to confirm the ampel
+		$this->load->model('content/Ampel_Benutzer_Bestaetigt_model', 'AmpelBenutzerBestaetigtModel');
+		$insert_into_result = $this->AmpelBenutzerBestaetigtModel->insert(["ampel_id"=> $ampel_id, "uid"=> $this->uid]);
+
+		$insert_into_result = $this->getDataOrTerminateWithError($insert_into_result);
+
+		$this->terminateWithSuccess($insert_into_result);
+	}
+	
+	/**
+	 * queries active and not confirmed ampeln by the user
+	 * @access public
+	 *
+	 */
+	public function open()
+	{
+		$userAmpeln = array();
+
+		// fetch active ampeln
+		$activeAmpeln = $this->AmpelModel->openActive($this->uid, false);
+		
+		$activeAmpeln = $this->getDataOrTerminateWithError($activeAmpeln);
+
+		foreach ($activeAmpeln as $ampel) {
+			// only include non confirmed active ampeln in the result
+			if (!$ampel->bestaetigt) {
+				// check if the user was assigned to the ampel
+				$zugeteilt = $this->AmpelModel->isZugeteilt($this->uid, $ampel->benutzer_select);
+
+				$zugeteilt = $this->getDataOrTerminateWithError($zugeteilt);
+
+				if($zugeteilt) $userAmpeln[] = $ampel;
+			}
+		}
+		
+		$this->terminateWithSuccess($userAmpeln);
+	}
+
+	/**
+	 * queries all ampeln of the user
+	 * @access public
+	 *
+	 */
+	public function all()
+	{
+		$userAmpeln = array();
+		
+		$ampel_result = $this->AmpelModel->active(false, $this->uid);
+		
+		$ampel_result = $this->getDataOrTerminateWithError($ampel_result);
+		
+		foreach ($ampel_result as $ampel) {
+			// check if the ampel was assigned to the user
+			$zugeteilt = $this->AmpelModel->isZugeteilt($this->uid, $ampel->benutzer_select);
+
+			$zugeteilt = $this->getDataOrTerminateWithError($zugeteilt);
+
+			if ($zugeteilt) $userAmpeln[] = $ampel;
+		}
+
+		$this->terminateWithSuccess($userAmpeln);
+	}
+
+	/**
+	 * queries all ampeln that were assigned to the user until start of first work day
+	 * @access public
+	 *
+	 */
+	public function alleAmpeln()
+	{
+
+		//fetch all ampeln
+		$alle_ampeln = $this->AmpelModel->alleAmpeln($this->uid);
+
+		$alle_ampeln = $this->getDataOrTerminateWithError($alle_ampeln);
+
+		$alle_ampeln = array_map(function ($ampel) {
+			// check if ampel is confirmed by user
+			$confirmedByUser = $this->AmpelModel->isConfirmed($ampel->ampel_id, $this->uid);
+			$ampel->bestaetigt = $confirmedByUser;
+			return $ampel;
+		}, $alle_ampeln);
+
+		$this->terminateWithSuccess($alle_ampeln);
+	}
+}
+

application/controllers/api/frontend/v1/Bookmark.php

@@ -0,0 +1,109 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+class Bookmark extends FHCAPI_Controller
+{
+
+	/**
+	 * Object initialization
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'getBookmarks' => self::PERM_LOGGED,
+            'delete' => self::PERM_LOGGED,
+            'insert' => self::PERM_LOGGED,
+        ]);
+
+		$this->load->model('dashboard/Bookmark_model', 'BookmarkModel');
+
+		$this->uid = getAuthUID();
+		$this->pid = getAuthPersonID();
+
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	
+    /**
+	 * gets the bookmarks associated to a user 
+	 * @access public
+	 * @return void
+	 */
+	public function getBookmarks()
+	{
+        $bookmarks = $this->BookmarkModel->loadWhere(["uid"=>$this->uid]);
+
+        $bookmarks = $this->getDataOrTerminateWithError($bookmarks);
+
+        $this->terminateWithSuccess($bookmarks);
+    }
+
+    /**
+	 * deletes bookmark from associated user 
+	 * @access public
+	 * @return void
+	 */
+    public function delete($bookmark_id)
+	{
+        $bookmark = $this->BookmarkModel->load($bookmark_id);
+
+        $bookmark = current($this->getDataOrTerminateWithError($bookmark));
+
+        // only delete bookmark if the user is the owner of the bookmark
+        if($bookmark->uid == $this->uid || $this->permissionlib->isBerechtigt('admin')){
+
+            $delete_result = $this->BookmarkModel->delete($bookmark_id);
+
+            $delete_result = $this->getDataOrTerminateWithError($delete_result);
+
+            $this->terminateWithSuccess($delete_result);
+        }else{
+            $this->_outputAuthError(['delete' => ['admin:rw']]);
+        }
+    }
+
+    /**
+	 * inserts new bookmark into the bookmark table 
+	 * @access public
+	 * @return void
+	 */
+    public function insert()
+	{
+        // form validation
+        $this->load->library('form_validation');
+        $this->form_validation->set_rules('url', 'URL', 'required|valid_url|max_length[511]');
+        $this->form_validation->set_rules('title', 'Title', 'required|max_length[255]');
+        if($this->form_validation->run() == FALSE) $this->terminateWithValidationErrors($this->form_validation->error_array());
+
+        $url = $this->input->post('url',true);
+        $title = $this->input->post('title',true);
+        $tag = $this->input->post('tag', true);
+
+        $insert_into_result = $this->BookmarkModel->insert(['uid'=>$this->uid, 'url'=>$url, 'title'=>$title,'tag'=>$tag, 'insertvon'=>$this->uid, 'updateamum'=>NULL, 'updatevon'=>NULL]);
+
+        $insert_into_result = $this->getDataOrTerminateWithError($insert_into_result);
+
+        $this->terminateWithSuccess($insert_into_result);
+
+    }
+}
+

application/controllers/api/frontend/v1/Cms.php

@@ -0,0 +1,195 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the SearchBarLib (back-end)
+ * Provides data to the ajax get calls about the searchbar component
+ * This controller works with JSON calls on the HTTP GET and the output is always JSON
+ */
+class Cms extends FHCAPI_Controller
+{
+	
+	/**
+	 * Object initialization
+	 */
+	public function __construct()
+	{
+		// NOTE(chris): additional permission checks will be done in SearchBarLib
+		parent::__construct([
+			'ContentID' => self::PERM_LOGGED,
+			'getOrtKurzbzContent' => self::PERM_LOGGED,
+            'content' => self::PERM_LOGGED,
+			'news' => self::PERM_LOGGED,
+			'getNewsRowCount' => self::PERM_LOGGED,
+			'getNews' => self::PERM_LOGGED,
+
+		]);
+
+		$this->load->model('content/News_model', 'NewsModel');
+
+		// setting up the papgination_size
+		$this->page_size = 10;
+
+		$this->load->library('CmsLib');
+
+		// Loads phrases system
+		$this->loadPhrases([
+			'global'
+		]);
+
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Private methods
+
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+    /**
+	 * fetches the content with the content_id and additional parameters
+	 */
+    public function content()
+	{
+		// form validation
+		$this->load->library('form_validation');
+		$this->form_validation->set_data($_GET);
+		$this->form_validation->set_rules('content_id','Content ID','required|is_natural');
+		if($this->form_validation->run() == FALSE) $this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		// getting the get parameters
+        $content_id = $this->input->get("content_id",TRUE);
+        $version = $this->input->get("version",TRUE);
+        $sprache = $this->input->get("sprache",TRUE);
+        $sichtbar = $this->input->get("sichtbar",TRUE);
+
+		$content = $this->cmslib->getContent($content_id, $version, $sprache, $sichtbar);
+		$content = $this->getDataOrTerminateWithError($content);
+
+		$this->terminateWithSuccess($content);
+	}
+
+	/**
+	 * Gets a JSON body via HTTP POST and provides the parameters
+	 */
+	public function ContentID()
+	{
+		// form validation
+		$this->load->library('form_validation');
+		$this->form_validation->set_data($_GET);
+		$this->form_validation->set_rules('ort_kurzbz', 'Ort', 'required');
+		if ($this->form_validation->run() == FALSE) $this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$ort_kurzbz = $this->input->get('ort_kurzbz',TRUE);
+		
+		$content_id = $this->OrtModel->getContentID($ort_kurzbz);
+
+		$content_id = current($this->getDataOrTerminateWithError($content_id))->content_id;
+		
+		$this->terminateWithSuccess($content_id);
+	}
+
+	//todo: there is the method news and getNews but only one should exist
+	public function news()
+	{
+
+		// form validation
+		$this->load->library('form_validation');
+		$this->form_validation->set_data($_GET);
+		$this->form_validation->set_rules('limit','Limit','required|is_natural_no_zero');
+		if($this->form_validation->run() == FALSE) $this->terminateWithValidationErrors($this->form_validation->error_array());
+		
+		$this->load->model('content/news_model', 'NewsModel');
+		
+		$limit =  $this->input->get('limit',TRUE);
+		
+		//query the news
+		$news = $this->NewsModel->getAll($limit);
+
+		//get the data or terminate with error
+		$news = $this->getDataOrTerminateWithError($news);
+		
+		// collect the content of the news
+		foreach($news as $news_element){
+			$this->addMeta("content_id",$news_element->content_id);
+			
+			//todo: quick fix, for query builder error when fetching content
+			$this->NewsModel->resetQuery();
+			$content = $this->cmslib->getContent($news_element->content_id);
+
+			$content = getData($content);
+			
+			$news_element->content_obj = $content;
+		}
+		$withContent = function($news) {
+			return $news->content_obj != null;
+		};
+		
+		$newsWithContent = array_filter($news, $withContent);
+
+		$this->terminateWithSuccess($newsWithContent);
+        
+	}
+
+	public function getNewsRowCount($infoscreen = false, $studiengang_kz = null, $semester = null, $mischen = true, $titel = '', $fachbereich_kurzbz = null, $maxalter = 0, $edit = false, $sichtbar = true, $page = 1, $page_size = 10)
+	{
+		list($studiengang_kz, $semester) = $this->cmslib->getStgAndSem($studiengang_kz, $semester);
+		$all = $edit;
+		
+		$this->load->model('content/News_model','NewsModel');
+
+		$num_rows = $this->NewsModel->countNewsWithContent(getSprache(), $studiengang_kz, $semester, $fachbereich_kurzbz, $sichtbar, $maxalter, $page, $page_size, $all, $mischen);
+		
+		$num_rows = $this->getDataOrTerminateWithError($num_rows);
+		
+		$this->terminateWithSuccess($num_rows);
+		
+	}
+
+
+	public function getNews($infoscreen = false, $studiengang_kz = null, $semester = null, $mischen = true, $titel = '', $edit = false, $sichtbar = true)
+	{
+		//form validation
+		$this->load->library('form_validation');
+		$this->form_validation->set_data($_GET);
+		$this->form_validation->set_rules('page','Page','required|is_natural');
+		$this->form_validation->set_rules('page_size', 'PageSize', 'is_natural');
+		if($this->form_validation->run() == FALSE) $this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		// getting the GET parameters
+		$page = intval($this->input->get('page', true));
+		$page_size = intval($this->input->get('page_size', true));
+
+		// default value for the page_size is 10
+		$page_size = $page_size ?? 10;
+		
+		$news = $this->cmslib->getNews($infoscreen, $studiengang_kz, $semester, $mischen, $titel, $edit, $sichtbar, $page, $page_size);
+
+		$news = $this->getDataOrTerminateWithError($news);
+
+		$this->addMeta('test', $this->p->t('global', 'studiengangsleitung'));
+		$this->addMeta('phrases', json_decode($this->p->getJson()));
+		$this->terminateWithSuccess($news);
+
+	}
+
+	
+}
+

application/controllers/api/frontend/v1/Filter.php

@@ -0,0 +1,231 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the FilterCmptLib (back-end)
+ * Provides data to the ajax get calls about the filter component
+ * Listens to ajax post calls to change the filter data
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ */
+class Filter extends FHCAPI_Controller
+{
+	const FILTER_UNIQUE_ID = 'filterUniqueId'; // Name of the filter cmpt unique id (mandatory)
+	const FILTER_TYPE = 'filterType'; // The filter type (PHP filter definition) used (mandatory)
+	const FILTER_ID = 'filterId'; // The id of the used filter (optional)
+
+	/**
+	 * Calls the parent's constructor and loads the FilterCmptLib
+	 */
+	public function __construct()
+	{
+		// NOTE: FilterCmpt has its own permissions checks
+		parent::__construct([
+			'getFilter' => self::PERM_LOGGED,
+			'removeFilterField' => self::PERM_LOGGED,
+			'addFilterField' => self::PERM_LOGGED,
+			'applyFilterFields' => self::PERM_LOGGED,
+			'removeCustomFilter' => self::PERM_LOGGED,
+			'saveCustomFilter' => self::PERM_LOGGED,
+			'reloadDataset' => self::PERM_LOGGED
+		]);
+
+		// Loads the FiltersModel
+		$this->load->model('system/Filters_model', 'FiltersModel');
+
+		// Loads the FilterCmptLib with HTTP GET/POST parameters
+		$this->_startFilterCmptLib();
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * Retrieves data about the current filter from the session and will be written on the output in JSON format
+	 */
+	public function getFilter()
+	{
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$session = $this->filtercmptlib->getSession();
+		if (is_object($session)) {
+			// If stdClass it is an retval object
+			$session = $this->getDataOrTerminateWithError($session);
+		}
+		$this->terminateWithSuccess($session);
+	}
+
+	/**
+	 * Remove an applied filter (SQL where condition) from the current filter
+	 */
+	public function removeFilterField()
+	{
+		$this->form_validation->set_rules('filterField', 'filterField', 'required');
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$result = $this->filtercmptlib->removeFilterField($this->input->post('filterField'));
+
+		if (!$result)
+			$this->terminateWithError('Error occurred', self::ERROR_TYPE_GENERAL);
+
+		$this->terminateWithSuccess('Field removed');
+	}
+
+	/**
+	 * Add a filter (SQL where clause) to be applied to the current filter
+	 */
+	public function addFilterField()
+	{
+		$this->form_validation->set_rules('filterField', 'filterField', 'required');
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$result = $this->filtercmptlib->addFilterField($this->input->post('filterField'));
+
+		if (!$result)
+			$this->terminateWithError('Error occurred', self::ERROR_TYPE_GENERAL);
+
+		$this->terminateWithSuccess('Field added');
+	}
+
+	/**
+	 * Apply the filter changes
+	 */
+	public function applyFilterFields()
+	{
+		$this->form_validation->set_rules('filterFields[]', 'filterFields', 'required');
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$result = $this->filtercmptlib->applyFilterFields($this->input->post('filterFields'));
+
+		if (!$result)
+			$this->terminateWithError('Error occurred', self::ERROR_TYPE_GENERAL);
+
+		$this->terminateWithSuccess('Applied');
+	}
+
+	/**
+	 * Save the current filter as a custom filter for this user with the given description
+	 */
+	public function saveCustomFilter()
+	{
+		$this->form_validation->set_rules('customFilterName', 'customFilterName', 'required');
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$result = $this->filtercmptlib->saveCustomFilter($this->input->post('customFilterName'));
+
+		if (!$result)
+			$this->terminateWithError('Error occurred', self::ERROR_TYPE_GENERAL);
+
+		$this->terminateWithSuccess('Saved');
+	}
+
+	/**
+	 * Remove a custom filter by its filterId
+	 */
+	public function removeCustomFilter()
+	{
+		$this->form_validation->set_rules('filterId', 'filterId', 'required');
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$result = $this->filtercmptlib->removeCustomFilter($this->input->post('filterId'));
+
+		if (!$result)
+			$this->terminateWithError('Error occurred', self::ERROR_TYPE_GENERAL);
+
+		$this->terminateWithSuccess('Removed');
+	}
+
+	/**
+	 * Reloads the dataset
+	 */
+	public function reloadDataset()
+	{
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$this->filtercmptlib->reloadDataset();
+
+		$this->terminateWithSuccess('Success');
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Private methods
+
+	/**
+	 * Loads the FilterCmptLib with the FILTER_UNIQUE_ID parameter
+	 * If the parameter FILTER_UNIQUE_ID is not given then the execution of the controller is terminated and
+	 * an error message is printed
+	 */
+	private function _startFilterCmptLib()
+	{
+		$filterUniqueId = null;
+		$filterType = null;
+		$filterId = null;
+
+		$validations = [
+			[
+				'field' => self::FILTER_UNIQUE_ID,
+				'label' => self::FILTER_UNIQUE_ID,
+				'rules' => 'required'
+			],
+			[
+				'field' => self::FILTER_TYPE,
+				'label' => self::FILTER_TYPE,
+				'rules' => 'required'
+			],
+		];
+
+		$this->load->library('form_validation');
+
+		if ($this->input->method() == 'get')
+			$this->form_validation->set_data($this->input->get());
+		$this->form_validation->set_rules($validations);
+
+		if ($this->form_validation->run()) {
+			$filterUniqueId = $this->input->post_get(self::FILTER_UNIQUE_ID);
+			$filterType = $this->input->post_get(self::FILTER_TYPE);
+			$filterId = $this->input->post_get(self::FILTER_ID);
+
+			// Loads the FilterCmptLib that contains all the used logic
+			$this->load->library(
+				'FilterCmptLib',
+				array(
+					'filterUniqueId' => $filterUniqueId,
+					'filterType' => $filterType,
+					'filterId' => $filterId
+				)
+			);
+
+			// Start the component
+			$this->filtercmptlib->start();
+		}
+	}
+}
+

application/controllers/api/frontend/v1/Lehre.php

@@ -0,0 +1,85 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+
+class Lehre extends FHCAPI_Controller
+{
+	
+	/**
+	 * Object initialization
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'lvStudentenMail' => self::PERM_LOGGED,
+			'LV' => self::PERM_LOGGED,
+		]);
+
+		
+
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+    /**
+	 * constructs the emails of the groups from a lehrveranstaltung
+	 */
+    public function lvStudentenMail()
+	{
+        $lehreinheit_id = $this->input->get("lehreinheit_id",TRUE);
+        
+        // return early if the required parameter is missing
+        if(!isset($lehreinheit_id))
+        {
+            $this->terminateWithError('Missing required parameter', self::ERROR_TYPE_GENERAL);
+        }
+
+        $this->load->model('education/Lehreinheit_model', 'LehreinheitModel');
+        
+        $studentenMails = $this->LehreinheitModel->getStudentenMail($lehreinheit_id);
+
+        $studentenMails = $this->getDataOrTerminateWithError($studentenMails);
+
+		//convert array of objects into array of strings
+		$studentenMails = array_map(function($element){
+			return $element->mail;
+		}, $studentenMails);
+
+        $this->terminateWithSuccess($studentenMails);
+	}
+
+	public function LV($studiensemester_kurzbz, $lehrveranstaltung_id)
+	{
+		$this->load->model('education/Lehrveranstaltung_model', 'LehrveranstaltungModel');
+
+		$result = $this->LehrveranstaltungModel->getLvsByStudentWithGrades(getAuthUID(), $studiensemester_kurzbz, getUserLanguage(), $lehrveranstaltung_id);
+
+		$result = current($this->getDataOrTerminateWithError($result));
+		
+		$this->terminateWithSuccess($result);
+	}
+	
+
+	
+
+	
+}
+

application/controllers/api/frontend/v1/LvMenu.php

@@ -0,0 +1,532 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+
+use CI3_Events as Events;
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the SearchBarLib (back-end)
+ * Provides data to the ajax get calls about the searchbar component
+ * This controller works with JSON calls on the HTTP GET and the output is always JSON
+ */
+class LvMenu extends FHCAPI_Controller
+{
+    
+
+	/**
+	 * Object initialization
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'getLvMenu' => self::PERM_LOGGED
+		]);
+
+		$this->load->model("ressource/Mitarbeiter_model");
+		$this->load->model("education/Lehreinheit_model");
+		$this->load->model("education/Lehrveranstaltung_model");
+		$this->load->model("organisation/Studiengang_model");
+		$this->load->model("accounting/Vertrag_model");
+		$this->load->model("system/Variable_model");
+		$this->load->model("person/Benutzergruppe_model");
+		$this->load->model("education/Lvangebot_model");
+		$this->load->model("ressource/Lehretools_model");
+
+		$this->load->library("PermissionLib", null, 'PermissionLib');
+
+		$this->load->library("PhrasesLib");
+		$this->loadPhrases(array('global', 'lehre'));
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * 
+	 */
+	public function getLvMenu($lvid, $studiensemester_kurzbz)
+	{
+
+		// return early if parameters are missing
+		if(!isset($lvid) || !isset($studiensemester_kurzbz))
+			$this->terminateWithError('Missing parameters', self::ERROR_TYPE_GENERAL);
+
+		// get the sprache
+		$sprache = getUserLanguage();
+
+		// get the user
+		if (!$user=getAuthUID())
+		    $this->terminateWithError($this->p->t('global', 'nichtAngemeldet'));
+
+		// check if is_lector
+		$is_lector = false;
+		$mares = $this->Mitarbeiter_model->isMitarbeiter($user);
+		if(hasData($mares))
+		{
+		    $is_lector = getData($mares);
+		}
+
+		// definition of user_is_allowed_to_upload
+		$user_is_allowed_to_upload=false;
+		$angezeigtes_stsem = $studiensemester_kurzbz;
+
+		// load lehrveranstaltung
+		$lvres = $this->Lehrveranstaltung_model->load($lvid);
+		if(!hasData($lvres)) 
+		{
+		    $this->terminateWithError('LV ' . $lvid . ' not found.');
+		}
+		$lv = (getData($lvres))[0];
+
+		// define studiengang_kz / semester / lehrverzeichnis
+		$studiengang_kz = $lv->studiengang_kz;
+		$semester = $lv->semester;
+		$short = $lv->lehreverzeichnis;
+
+		// load studiengang
+		$stgres = $this->Studiengang_model->load($lv->studiengang_kz);
+		if(!hasData($stgres))
+		{
+		    $this->terminateWithError('Stg ' . $lv->studiengang_kz . ' nof found.');
+		}
+		$stg = (getData($stgres))[0];
+		$kurzbz = strtoupper($stg->typ . $stg->kurzbz);
+
+		$short_name = $lv->bezeichnung;
+		$short_short_name = $lv->lehreverzeichnis;
+
+		// angemeldet
+		$angemeldet = true;
+		if(defined('CIS_LEHRVERANSTALTUNG_WENNANGEMELDET_DETAILS_ANZEIGEN') && CIS_LEHRVERANSTALTUNG_WENNANGEMELDET_DETAILS_ANZEIGEN && !$is_lector)
+		{
+			$angemeldet = false;
+
+			$lesres = $this->Lehreinheit_model->getLehreinheitenForStudentAndStudienSemester(
+			    $lvid, $user, $angezeigtes_stsem
+			);
+
+			if(hasData($lesres) && count(getData($lesres)) > 0)
+				$angemeldet = true;
+		}
+
+		// lehrfach
+		$lehrfach_id='';
+		
+		if(defined('CIS_LEHRVERANSTALTUNG_LEHRFACH_ANZEIGEN') && CIS_LEHRVERANSTALTUNG_LEHRFACH_ANZEIGEN)
+		{
+			// Wenn der eingeloggte User zu einer der Lehreinheiten zugeteilt ist
+			// wird zusätzlich das Lehrfach der Lehreinheit angezeigt.
+			if($is_lector )
+			{
+				$result = $this->Lehreinheit_model->getLehrfachIdMitarbeiter($angezeigtes_stsem,$user,$lvid);
+			}
+			else
+			{
+				$result = $this->Lehreinheit_model->getLehrfachIdStudierender($angezeigtes_stsem,$user,$lvid);
+			}
+
+			// Wenn die LV mehrere verschiedenen Lehrfaecher hat, und der User zu mehreren davon zugeteilt ist
+			// wird das Lehrfach nicht angezeigt damit es nicht zu verwirrungen kommt.
+			if( ($lehrfaecher = getData($result)) && count($lehrfaecher)==1 && ($lehrfach = $lehrfaecher[0]))
+			{
+				$lehrfach_id=$lehrfach->lehrfach_id;
+			}
+		}
+
+		// lektor der lv
+		$lektor_der_lv=false;
+
+		$leinfores = $this->Lehreinheit_model->getLehreinheitInfo($lvid,$angezeigtes_stsem,$lehrfach_id);
+		$db_result = hasData($leinfores) ? getData($leinfores) : array();
+
+		foreach($db_result as $row_lector)
+		{
+
+			// Lektor wird erst angezeigt wenn der Auftrag erteilt wurde
+			if (defined('CIS_LV_LEKTORINNENZUTEILUNG_VERTRAGSPRUEFUNG_VON')
+				&& CIS_LV_LEKTORINNENZUTEILUNG_VERTRAGSPRUEFUNG_VON != '')
+			{
+				if (!$this->Vertrag_model->isVertragErteiltLV($lvid, $angezeigtes_stsem, $row_lector->uid))
+				{
+					continue;
+				}
+			}
+
+
+			if($user == $row_lector->uid)
+			{
+				$lektor_der_lv=true;
+				$user_is_allowed_to_upload=true;
+			}
+
+			// style of the link
+			if($row_lector->lvleiter === true)
+				$style='style="font-weight: bold"';
+			else
+				$style='';
+
+		}
+
+		//Berechtigungen auf Fachbereichsebene
+		$lehrfach_oe_kurzbz_arr = array();
+		$fbres = $this->Lehrveranstaltung_model->getBerechtigungenAufFachberechsebene($lvid, $angezeigtes_stsem);
+		$fbs = (hasData($fbres)) ? getData($fbres) : array();
+		foreach($fbs as $row)
+		{
+			$lehrfach_oe_kurzbz_arr[] = $row->oe_kurzbz;
+			if($this->PermissionLib->isBerechtigt('lehre', null, $row->oe_kurzbz) 
+			    || $this->PermissionLib->isBerechtigt('assistenz', null, $stg->oe_kurzbz))
+			{
+				$user_is_allowed_to_upload=true;
+			}
+		}
+
+		// FH-Core Menu Logic 
+		// ##########################################################################################
+
+		$menu = array();
+
+		$this->fhc_menu_lvinfo($menu, $lvid, $studiengang_kz, $lektor_der_lv, $is_lector, $lehrfach_oe_kurzbz_arr);
+		
+		$this->fhc_menu_feedback($menu, $angemeldet, $lvid);
+		
+		$this->fhc_menu_gesamtnote($menu, $angemeldet, $lvid, $lv, $is_lector, $angezeigtes_stsem);
+		
+		$this->fhc_menu_emailStudierende($menu, $user, $angemeldet, $lvid, $angezeigtes_stsem);
+		
+		$this->fhc_menu_abmeldung($menu, $user, $is_lector, $lvid, $angezeigtes_stsem);
+		
+		$this->fhc_menu_lehretools($menu, $lvid, $angezeigtes_stsem, $sprache);
+		
+		$this->fhc_menu_anrechnungStudent($menu, $lvid, $angezeigtes_stsem);
+		
+		$this->fhc_menu_anrechnungLector($menu, $angezeigtes_stsem);
+		
+
+		// Addons Menu Logic
+		// ##########################################################################################		
+
+		$params = [
+			'sprache'=>$sprache,
+			//'p'=>$p,
+			'ci_p'=> $this->p,
+			//'db'=>$db,
+			'user'=>$user,
+			'is_lector'=>$is_lector,
+			'user_is_allowed_to_upload'=>$user_is_allowed_to_upload,
+			//'rechte'=>$rechte,
+			'angezeigtes_stsem'=>$angezeigtes_stsem,
+			//'lehreinheit'=>$lehreinheit,
+			'lv_obj'=>$lv,
+			'lv'=>$lv,
+			'lvid'=>$lvid,
+			'studiengang_kz'=>$studiengang_kz,
+			'semester'=>$semester,
+			'short'=>$short,
+			'stg_obj'=>$stg,
+			'kurzbz'=>$kurzbz,
+			'short_name'=>$short_name,
+			'short_short_name'=>$short_short_name,
+			//'dir_name'=>$dir_name,
+			'angemeldet'=>$angemeldet,
+			'lehrfach_id'=>$lehrfach_id,
+			'lektor_der_lv'=>$lektor_der_lv,
+			'lehrfach_oe_kurzbz_arr'=>$lehrfach_oe_kurzbz_arr,
+		];
+		
+		Events::trigger('lvMenuBuild', 
+						// passing $menu per reference
+						function & () use (&$menu) {
+							return $menu;
+						},
+						$params
+		);
+
+		// Menu sortieren
+		// ##########################################################################################
+		
+		foreach ($menu as $key => $row){
+
+			// removes menu points that are not needed in the c4 lvUebersicht
+			if( !array_key_exists('c4_link',$row) || !array_key_exists('c4_icon',$row)){
+				unset($menu[$key]);
+				continue;
+			}
+			
+			// fills pos array to sort the menu 
+			$pos[$key] = $row['position'];
+
+		}
+
+		array_multisort($pos, SORT_ASC, SORT_NUMERIC, $menu);
+
+		// HTTP response
+		// ##########################################################################################
+		
+		$this->terminateWithSuccess($menu);
+
+	}
+
+
+	private function fhc_menu_digitale_anwesenheiten(&$menu, $angemeldet, $studiengang_kz, $semester, $lvid, $angezeigtes_stsem){
+		
+		// DIGITALE ANWESENHEITEN
+		if (defined('CIS_LEHRVERANSTALTUNG_ANWESENHEIT_ANZEIGEN') && CIS_LEHRVERANSTALTUNG_ANWESENHEIT_ANZEIGEN && $angemeldet) {
+
+			$menu[] = array
+			(
+				'id' => 'core_menu_digitale_anwesenheitslisten',
+				'position' => '50',
+				'name' => $this->p->t('lehre', 'digiAnw'),
+				'c4_icon' => base_url('skin/images/button_kreuzerltool.png'),
+				'c4_link' => base_url("index.ci.php/extensions/FHC-Core-Anwesenheiten/?stg_kz=$studiengang_kz&sem=$semester&lvid=$lvid&sem_kurzbz=$angezeigtes_stsem&nav=false"),
+				'c4_linkList' => []
+			);
+		}
+	}
+
+	private function fhc_menu_lvinfo(&$menu, $lvid, $studiengang_kz, $lektor_der_lv, $is_lector, $lehrfach_oe_kurzbz_arr){
+		
+		// LVINFO
+		if(!defined('CIS_LEHRVERANSTALTUNG_LVINFO_ANZEIGEN') || CIS_LEHRVERANSTALTUNG_LVINFO_ANZEIGEN)
+		{
+			$c4_linkList=array();
+			
+			// Bearbeiten Button anzeigen wenn Lektor der LV und bearbeiten fuer Lektoren aktiviert ist
+			// Oder Berechtigung zum Bearbeiten eingetragen ist
+			if((!defined('CIS_LEHRVERANSTALTUNG_LVINFO_LEKTOR_EDIT') && $lektor_der_lv)
+			|| (defined('CIS_LEHRVERANSTALTUNG_LVINFO_LEKTOR_EDIT') && CIS_LEHRVERANSTALTUNG_LVINFO_LEKTOR_EDIT==true && $lektor_der_lv)
+			|| $this->PermissionLib->isBerechtigt('lehre/lvinfo',$studiengang_kz)
+			|| $this->PermissionLib->isBerechtigtMultipleOe('lehre/lvinfo', $lehrfach_oe_kurzbz_arr)
+			)
+			{
+				$c4_linkList[]= [$this->p->t('lehre', 'lvInfoBearbeiten'), 'ects/index.php?lvid='.$lvid];
+			}
+			elseif ($is_lector)
+			{
+				$c4_linkList[]= ["Bearbeiten der LV-Infos derzeit gesperrt",'#'];
+			}
+
+			$menu[]=array
+			(
+				'id'=>'core_menu_lvinfo',
+				'position'=>'10',
+				'name'=>$this->p->t('lehre', 'lehrveranstaltungsinformation'),
+				'icon'=>'../../../skin/images/button_lvinfo.png',
+				'link'=>'',
+				'c4_icon'=> base_url('skin/images/button_lvinfo.png'),
+				'c4_link'=>'',
+				'c4_linkList'=>$c4_linkList
+			);
+		}
+	}
+
+	private function fhc_menu_feedback(&$menu, $angemeldet, $lvid){
+		//FEEDBACK
+		if((!defined('CIS_LEHRVERANSTALTUNG_FEEDBACK_ANZEIGEN') || CIS_LEHRVERANSTALTUNG_FEEDBACK_ANZEIGEN) && $angemeldet)
+		{
+			$menu[]=array
+			(
+				'id'=>'core_menu_feedback',
+				'position'=>'60',
+				'name'=>$this->p->t('lehre', 'feedback'),
+				'c4_icon'=> base_url('skin/images/button_feedback.png'),
+				'c4_link'=> base_url('feedback.php?lvid='.$lvid),
+			);
+		}
+	}
+
+	private function fhc_menu_gesamtnote(&$menu, $angemeldet, $lvid, $lv_obj, $is_lector, $angezeigtes_stsem){
+		//Gesamtnote
+		if($is_lector && ((!defined('CIS_LEHRVERANSTALTUNG_GESAMTNOTE_ANZEIGEN') || CIS_LEHRVERANSTALTUNG_GESAMTNOTE_ANZEIGEN) && $angemeldet))
+		{
+			if($lv_obj->benotung)
+			{
+				$menu[]=array
+				(
+					'id'=>'core_menu_gesamtnote',
+					'position'=>'80',
+					'name'=>$this->p->t('lehre', 'gesamtnote'),
+					'c4_icon'=> base_url('skin/images/button_endnote.png'),
+					'c4_link'=> base_url('cis/private/lehre/benotungstool/lvgesamtnoteverwalten.php?lvid='.urlencode($lvid).'&stsem='.urlencode($angezeigtes_stsem))
+					//'c4_link'=> base_url('benotungstool/lvgesamtnoteverwalten.php?lvid='.urlencode($lvid).'&stsem='.urlencode($angezeigtes_stsem))
+				);
+			}
+			else
+			{
+				$menu[]=array
+				(
+					'id'=>'core_menu_gesamtnote',
+					'position'=>'80',
+					'name'=>$this->p->t('lehre', 'gesamtnote'),
+					'c4_icon'=>base_url('skin/images/button_endnote.png'),
+					'c4_link'=>'#',
+					'c4_linkList'=>[[$this->p->t('lehre', 'noteneingabedeaktiviert'),'#']],
+				);
+			}
+		}
+	}
+
+	
+
+	private function fhc_menu_emailStudierende(&$menu, $user, $angemeldet, $lvid, $angezeigtes_stsem){
+		// Email an Studierende
+		if((!defined('CIS_LEHRVERANSTALTUNG_MAILSTUDIERENDE_ANZEIGEN') || CIS_LEHRVERANSTALTUNG_MAILSTUDIERENDE_ANZEIGEN) && $angemeldet)
+		{
+			$mailto='mailto:';
+			$c4_linkList=array();
+			
+			$studentMailsRes = $this->Lehrveranstaltung_model->getStudentEMail($lvid, $angezeigtes_stsem);
+			
+			// get the data of the database result and map the array of objects to their object property
+			$studentMails = $this->getDataOrTerminateWithError($studentMailsRes, 'No student mails found');
+			
+
+			$nomail='';
+			$variablesres = $this->Variable_model->getVariables($user);
+			$variables = (hasData($variablesres)) ? getData($variablesres) : array();
+
+			foreach ($studentMails as $row)
+			{
+				if($row->gruppe_kurzbz != '')
+				{
+					$bngrp_uids = $this->Benutzergruppe_model->getUids($row->gruppe_kurzbz, $angezeigtes_stsem);
+					if(count($bngrp_uids) > 0)
+					{
+						if(!$row->mailgrp)
+						{
+							$nomail = $row->gruppe_kurzbz . ' ';
+						}
+						else
+						{
+							$mailto .= mb_strtolower($row->gruppe_kurzbz . '@' 
+								. DOMAIN . $variables['emailadressentrennzeichen']);
+						}
+					}
+				}
+				else
+				{
+					$mailto .= mb_strtolower($row->stg_typ . $row->stg_kurzbz 
+						. $row->semester . trim($row->verband) . trim($row->gruppe) 
+						. '@' . DOMAIN . $variables['emailadressentrennzeichen']);
+				}
+			}
+
+			if($nomail != '') 
+			{
+				$c4_linkList[] = array(
+					$this->p->t('lehre', 'keinMailverteiler', array('nomail' => $nomail)), 
+					'#'
+				);
+				$link_onclick = 'alert(\''.$this->p->t('lehre', 'keinMailverteiler', array('nomail' => $nomail)) . '\');';
+			}
+			else
+			{
+				$link_onclick = '';
+			}
+			
+			
+			$menu[]=array
+			(
+				'id'=>'core_menu_mailanstudierende',
+				'position'=>'100',
+				'name'=>$this->p->t('lehre', 'mail'),
+				'c4_icon'=>base_url('skin/images/button_feedback.png'),
+				'c4_icon2' => 'fa-regular fa-envelope',
+				'c4_link'=>$mailto,
+				'c4_linkList'=>$c4_linkList,
+				'link_onclick'=>$link_onclick
+			);
+		} 
+	}
+
+	
+
+	private function fhc_menu_abmeldung(&$menu, $user, $is_lector, $lvid, $angezeigtes_stsem){
+		if(!defined('CIS_LEHRVERANSTALTUNG_ABMELDUNG_ANZEIGEN') || CIS_LEHRVERANSTALTUNG_ABMELDUNG_ANZEIGEN)
+		{
+			if(!$is_lector)
+			{
+				$gruppen = $this->Lvangebot_model->AbmeldungMoeglich($lvid, $angezeigtes_stsem, $user);
+				if(count($gruppen) > 0)
+				{
+					$menu[]=array
+					(
+						'id'=>'core_menu_abmeldung',
+						'position'=>'120',
+						'name'=>$this->p->t('lehre', 'abmelden'),
+						'c4_icon'=>base_url('skin/images/button_studiupload.png'),
+						'c4_link'=>base_url('abmeldung.php?lvid='.urlencode($lvid).'&stsem='.urlencode($angezeigtes_stsem)),
+					);
+
+				}
+			}
+		}
+	}
+
+	private function fhc_menu_lehretools(&$menu, $lvid, $angezeigtes_stsem, $sprache){
+		//Anzeigen von zusaetzlichen Lehre-Tools
+		$lehretools = $this->Lehretools_model->getTools($lvid, $angezeigtes_stsem, $sprache);
+		foreach($lehretools as $row)
+		{
+			$menu[] = array(
+				'id' => 'core_menu_lehretools_' . $row->lehre_tools_id,
+				'position' => '1000',
+				'name' => $row->bezeichnung,
+				'c4_icon' => base_url('cms/dms.php?id='.$row->logo_dms_id),
+				'c4_link' => $row->basis_url,
+			);
+		}
+	}
+
+    private function fhc_menu_anrechnungStudent(&$menu, $lvid, $angezeigtes_stsem){
+		// Anerkennung nachgewiesener Kenntnisse (Anrechnung) - Anzeige fuer Studenten
+		if((!defined('CIS_LEHRVERANSTALTUNG_ANRECHNUNG_ANZEIGEN') || CIS_LEHRVERANSTALTUNG_ANRECHNUNG_ANZEIGEN)
+			&& $this->PermissionLib->isBerechtigt('student/anrechnung_beantragen'))
+		{
+			$menu[]=array
+			(
+				'id' => 'core_menu_anerkennungNachgewiesenerKenntnisse',
+				'position' => '128',
+				'name' => $this->p->t('lehre', 'anrechnung'),
+				'c4_icon' => base_url('skin/images/button_listen.png'),
+				'c4_icon2' => 'fa-regular fa-folder-open',
+				'c4_link' => base_url('cis.php/lehre/anrechnung/RequestAnrechnung?studiensemester='.urlencode($angezeigtes_stsem).'&lv_id='.urlencode($lvid))
+			);
+		}
+    }
+
+    private function fhc_menu_anrechnungLector(&$menu, $angezeigtes_stsem){
+		// Anerkennung nachgewiesener Kenntnisse (Anrechnung) - Anzeige fuer LektorInnen
+		if((!defined('CIS_LEHRVERANSTALTUNG_ANRECHNUNG_ANZEIGEN') || CIS_LEHRVERANSTALTUNG_ANRECHNUNG_ANZEIGEN)
+			&& $this->PermissionLib->isBerechtigt('lehre/anrechnung_empfehlen'))
+		{
+			$menu[]=array
+			(
+				'id' => 'core_menu_anerkennungNachgewiesenerKenntnisse_empfehlen',
+				'position' => '128',
+				'name' => $this->p->t('lehre', 'anrechnungen'),
+				'c4_icon'=> base_url('skin/images/button_listen.png'),
+				'c4_icon2' => 'fa-regular fa-folder-open',
+				'c4_link' => base_url('cis.php/lehre/anrechnung/ReviewAnrechnungUebersicht?studiensemester='.urlencode($angezeigtes_stsem))
+			);
+		}
+    }
+}

application/controllers/api/frontend/v1/Navigation.php

@@ -0,0 +1,101 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the NavigationLib (back-end)
+ * Provides data to the ajax get calls about the filter
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ */
+class Navigation extends FHCAPI_Controller
+{
+	const NAVIGATION_PAGE_PARAM = 'navigation_page'; // Navigation page parameter name
+
+	/**
+	 * Loads the NavigationLib where the used logic lies
+	 */
+	public function __construct()
+    {
+        parent::__construct([
+        	'menu' => self::PERM_LOGGED,
+        	'header' => self::PERM_LOGGED
+        ]);
+
+		$this->_loadNavigationLib(); // Loads the NavigationLib with parameters
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * This function creates the left Menu for each Page
+	 * @param NAVIGATION_PAGE_PARAM GET Parameter witch holds the currently called Page
+	 * @return JSON object with the Menu Entries
+	 */
+	public function menu()
+	{
+		$menuArray = $this->navigationlib->getMenuArray($this->input->get(self::NAVIGATION_PAGE_PARAM));
+
+		$this->terminateWithSuccess($menuArray);
+	}
+
+	/**
+	 * This function creates the Top Menu for each Page
+	 * @param NAVIGATION_PAGE_PARAM GET Parameter witch holds the currently called Page
+	 * @return JSON object with the Menu Entries
+	 */
+	public function header()
+	{
+		$headerArray = $this->navigationlib->getHeaderArray($this->input->get(self::NAVIGATION_PAGE_PARAM));
+
+		$this->terminateWithSuccess($headerArray);
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Private methods
+
+	/**
+	 * Loads the NavigationLib with the NAVIGATION_PAGE_PARAM parameter
+	 * If the parameter NAVIGATION_PAGE_PARAM is not given then the execution of the controller is terminated and
+	 * an error message is printed
+	 */
+	private function _loadNavigationLib()
+	{
+		// If the parameter NAVIGATION_PAGE_PARAM is present in the HTTP GET or POST
+		if (isset($_GET[self::NAVIGATION_PAGE_PARAM]) || isset($_POST[self::NAVIGATION_PAGE_PARAM]))
+		{
+			// If it is present in the HTTP GET
+			if (isset($_GET[self::NAVIGATION_PAGE_PARAM]))
+			{
+				$navigationPage = $this->input->get(self::NAVIGATION_PAGE_PARAM); // is retrieved from the HTTP GET
+			}
+			elseif (isset($_POST[self::NAVIGATION_PAGE_PARAM])) // Else if it is present in the HTTP POST
+			{
+				$navigationPage = $this->input->post(self::NAVIGATION_PAGE_PARAM); // is retrieved from the HTTP POST
+			}
+
+			// Loads the NavigationLib that contains all the used logic
+			$this->load->library('NavigationLib', array(self::NAVIGATION_PAGE_PARAM => $navigationPage));
+		}
+		else // Otherwise an error will be written in the output
+		{
+			show_error('Parameter "' . self::NAVIGATION_PAGE_PARAM . '" not provided!');
+		}
+	}
+}

application/controllers/api/frontend/v1/Ort.php

@@ -0,0 +1,95 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the SearchBarLib (back-end)
+ * Provides data to the ajax get calls about the searchbar component
+ * This controller works with JSON calls on the HTTP GET and the output is always JSON
+ */
+class Ort extends FHCAPI_Controller
+{
+	
+	/**
+	 * Object initialization
+	 */
+	public function __construct()
+	{
+		// NOTE(chris): additional permission checks will be done in SearchBarLib
+		parent::__construct([
+			'ContentID' => self::PERM_LOGGED,
+			'getOrtKurzbzContent' => self::PERM_LOGGED,
+		]);
+
+		$this->load->model('ressource/Ort_model', 'OrtModel');
+
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * Gets a JSON body via HTTP POST and provides the parameters
+	 */
+	public function ContentID()
+	{
+		// if error
+		//$this->terminateWithError(SearchBarLib::ERROR_WRONG_JSON, self::ERROR_TYPE_GENERAL);
+		
+		$ort_kurzbz = $this->input->get('ort_kurzbz',TRUE);
+		
+		if(!$ort_kurzbz){
+			$this->terminateWithError("missing ort_kurzbz parameter", self::ERROR_TYPE_GENERAL);
+		}
+
+		$result = $this->OrtModel->getContentID($ort_kurzbz);
+		
+		if(isError($result)){
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+
+		$result = hasData($result) ? current(getData($result)) : null;
+		
+		$this->terminateWithSuccess($result->content_id ?? NULL);
+	}
+
+	/**
+	 * @param int		$version
+	 * @param string	$sprache
+	 * @param boolean	$sichtbar
+	 *
+	 * @return $content
+	 */
+	public function getOrtKurzbzContent($version = null, $sprache = null, $sichtbar = true)
+	{
+		$content_id = $this->input->get("content_id",TRUE);
+
+		$this->load->library('CmsLib');
+
+		$content = $this->cmslib->getContent($content_id, $version, $sprache, $sichtbar);
+
+		if (isError($content))
+			$this->terminateWithError(getError($content), self::ERROR_TYPE_GENERAL);
+
+		$content = hasData($content) ? getData($content) : null;
+
+		$this->terminateWithSuccess($content);
+	}
+}
+

application/controllers/api/frontend/v1/Phrasen.php

@@ -0,0 +1,84 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the PhrasesLib (back-end)
+ * Provides data to the ajax get calls about the Phrasen plugin
+ * This controller works with JSON calls on the HTTP GET and the output is always JSON
+ */
+class Phrasen extends FHCAPI_Controller
+{
+	public function __construct()
+	{
+		parent::__construct([
+			'loadModule' => self::PERM_ANONYMOUS,
+			'setLanguage' => self::PERM_ANONYMOUS,
+			'getLanguage' => self::PERM_ANONYMOUS,
+			'getAllLanguages' => self::PERM_ANONYMOUS,
+		]);
+
+		$this->load->helper('hlp_language');
+	}
+	
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * @param string $module
+	 */
+	public function loadModule($module)
+	{
+		$this->load->library('PhrasesLib', [$module], 'pj');
+		$this->terminateWithSuccess(json_decode($this->pj->getJSON()));
+	}
+
+	public function setLanguage()
+	{
+		$postParams = $this->getPostJSON();
+		$language = $postParams->language;
+		$categories = $postParams->categories;
+
+		setUserLanguage($language);
+
+		$this->load->library('PhrasesLib', array($categories, $language), 'p');
+
+		$phrases = $this->p->setPhrases($categories, $language);
+		$this->terminateWithSuccess($phrases);
+	}
+
+	// gets the langauge of the currently logged in user session and otherwhise the system language
+	public function getLanguage()
+	{
+		$lang = getUserLanguage();
+		$this->terminateWithSuccess($lang);
+	}
+
+	// gets all languages that are set as active in the database
+	public function getAllLanguages()
+	{
+		$langs = getDBActiveLanguages();
+		$langs = $this->getDataOrTerminateWithError($langs);
+		$langs = array_map(function($lang){
+			return $lang->sprache;
+		}, $langs);
+		$this->terminateWithSuccess($langs);
+	}
+
+}

application/controllers/api/frontend/v1/Profil.php

@@ -0,0 +1,695 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+class Profil extends FHCAPI_Controller
+{
+
+	/**
+	 * Object initialization
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'getView' => self::PERM_LOGGED,
+            'fotoSperre' => self::PERM_LOGGED,
+			'getGemeinden' => self::PERM_LOGGED,
+			'getAllNationen' => self::PERM_LOGGED,
+			'isMitarbeiter' => self::PERM_LOGGED,
+			
+		]);
+		
+		$this->load->library('PermissionLib');
+
+		$this->load->model('ressource/mitarbeiter_model', 'MitarbeiterModel');
+		$this->load->model('crm/Student_model', 'StudentModel');
+		$this->load->model('person/Benutzer_model', 'BenutzerModel');
+		$this->load->model('person/Person_model', 'PersonModel');
+		$this->load->model('person/Adresse_model', 'AdresseModel');
+		$this->load->model('person/Benutzerfunktion_model', 'BenutzerfunktionModel');
+		$this->load->model('person/Benutzergruppe_model', 'BenutzergruppeModel');
+		$this->load->model('ressource/Betriebsmittelperson_model', 'BetriebsmittelpersonModel');
+		$this->load->model('person/Kontakt_model', 'KontaktModel');
+		$this->load->model('person/Profil_update_model', 'ProfilUpdateModel');
+		$this->load->model('content/DmsVersion_model', 'DmsVersionModel');
+
+
+		//? put the uid and pid inside the controller for reusability
+		$this->uid = getAuthUID();
+		$this->pid = getAuthPersonID();
+
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	
+    /**
+	 * function that returns the data used for the corresponding view
+	 * the client side parses the @param $uid and calls this function to get the data to the correct view 
+	 * @access public
+	 * @param  boolean $uid the userID used to identify which information should be retrieved for which view 
+	 * @return stdClass all the data corresponding to a view of a user
+	 */
+	public function getView($uid)
+	{
+		$res = new stdClass();
+		$editAllowed = getAuthUID() == $uid || $this->permissionlib->isBerechtigt('admin');
+
+		// if parsing the URL did not found a UID then the UID of the logged in user is used
+		if ($uid == "Profil" || $uid == $this->uid) {
+			$isMitarbeiter = $this->MitarbeiterModel->isMitarbeiter($this->uid);
+			if (isError($isMitarbeiter)) {
+				show_error("error while checking if UID: " . $this->uid . " is a mitarbeiter");
+			}
+			$isMitarbeiter = getData($isMitarbeiter);
+			if ($isMitarbeiter) {
+				$res->view = "MitarbeiterProfil";
+				$res->data = $this->mitarbeiterProfil();
+				$res->data->pid = $this->pid;
+			} else {
+				$res->view = "StudentProfil";
+				$res->data = $this->studentProfil();
+				$res->data->pid = $this->pid;
+			}
+			// editing your own profil - true
+			$editAllowed = true;
+		}
+		// UID is availabe when accessing Profil/View/:uid
+		else {
+			$this->PersonModel->addSelect(["person_id"]);
+			$pid = $this->PersonModel->getByUid($uid);
+			if (isError($pid)) {
+				show_error("error while trying to update table public.tbl_person while searching for a person with UID: " . $uid);
+			}
+			$pid = hasData($pid) ? getData($pid)[0] : null;
+			if (!$pid) {
+				show_error("Person with UID: " . $uid . " does not exist");
+			}
+			$isMitarbeiter = $this->MitarbeiterModel->isMitarbeiter($uid);
+			if (isError($isMitarbeiter)) {
+				show_error("error while checking if UID: " . $uid . " is a mitarbeiter");
+			}
+			$isMitarbeiter = getData($isMitarbeiter);
+			if ($isMitarbeiter) {
+				$res->view = "ViewMitarbeiterProfil";
+				$res->data = $this->viewMitarbeiterProfil($uid);
+
+			} else {
+				$res->view = "ViewStudentProfil";
+				$res->data = $this->viewStudentProfil($uid);
+			}
+		}
+		$res->data->editAllowed = $editAllowed;
+		$this->terminateWithSuccess($res);
+	}
+
+    /**
+	 * update column foto_sperre in public.tbl_person
+	 * @access public
+	 * @param  boolean $value  new value for the column
+	 * @return boolean the new value added to the column in public.tbl_person
+	 */
+	public function fotoSperre($value)
+	{
+        if(!isset($value)){
+            $this->terminateWithError("Missing parameter", self::ERROR_TYPE_GENERAL);
+        }
+
+		$res = $this->PersonModel->update($this->pid, ["foto_sperre" => $value]);
+		if (isError($res)) {
+			show_error("error while trying to update table public.tbl_person");
+		}
+		$this->PersonModel->addSelect("foto_sperre");
+		$res = $this->PersonModel->load($this->pid);
+		if (isError($res)) {
+			show_error("error while trying to query table public.tbl_person");
+		}
+
+        $res = $this->getDataOrTerminateWithError($res);
+		
+        $this->terminateWithSuccess(current($res));
+	}
+
+	/**
+	 * gets all nations in the table bis.tbl_nation
+	 *
+	 * @access public
+	 * @return array all the nations in table bis.tbl_nation
+	 */
+	public function getAllNationen()
+	{
+		// load the nationen from the database
+		$this->load->model('codex/Nation_model', "NationModel");
+		$this->NationModel->addSelect(["nation_code as code", "langtext"]);
+		$nation_res = $this->NationModel->load();
+
+		if (isError($nation_res)) {
+			$this->terminateWithError("error while trying to query table codex.tbl_nation", self::ERROR_TYPE_GENERAL);
+		}
+		
+		$nation_res = $this->getDataOrTerminateWithError($nation_res);
+
+		$this->terminateWithSuccess($nation_res);
+	}
+
+	public function getGemeinden($nation, $zip)
+	{
+		if(!isset($nation) || !isset($zip)){
+			echo json_encode(error("Missing parameters"));
+			return;
+		}
+		
+		$this->load->model('codex/Gemeinde_model', "GemeindeModel");
+		
+
+		$gemeinde_res = $this->GemeindeModel->getGemeindeByPlz($zip);
+		
+		if (isError($gemeinde_res)) {
+			$this->terminateWithError(getError($gemeinde_res),self::ERROR_TYPE_GENERAL);
+		}
+		$gemeinde_res = $this->getDataOrTerminateWithError($gemeinde_res);
+		
+		/* $gemeinde_res = array_map(function ($obj) {
+			return $obj->ortschaftsname;
+		}, $gemeinde_res); */
+
+		$this->terminateWithSuccess($gemeinde_res);	
+		
+	}
+
+
+    // -----------------------------------------------------------------------------------------------------------------
+	// Private methods
+
+	/**
+	 * function that returns the data used for viewing another mitarbeiter profile
+	 * @access private 
+	 * @param  integer $uid the userID to retrieve the mitarbeiter data
+	 * @return stdClass restricted mitarbeiter data
+	 */
+	private function viewMitarbeiterProfil($uid)
+	{
+		$mailverteiler_res = $this->getMailverteiler($uid);
+		$benutzer_funktion_res = $this->getBenutzerFunktion($uid);
+		$benutzer_res = $this->getBenutzerAlias($uid);
+		$person_res = $this->getPersonInfo($uid);
+		$mitarbeiter_res = $this->getMitarbeiterInfo($uid);
+		$telefon_res = $this->getTelefonInfo($uid);
+
+		$res = new stdClass();
+		$res->username = $uid;
+
+		//? Person Info
+		foreach ($person_res as $key => $val) {
+			$res->$key = $val;
+		}
+
+		//? Mitarbeiter Info
+		foreach ($mitarbeiter_res as $key => $val) {
+			$res->$key = $val;
+
+		}
+
+		$intern_email = array();
+		$intern_email["type"] = "intern";
+		$intern_email["email"] = $uid . "@" . DOMAIN;
+		$extern_email = array();
+		$extern_email["type"] = "alias";
+		$extern_email["email"] = $benutzer_res->alias . "@" . DOMAIN;
+		$res->emails = array($intern_email, $extern_email);
+
+		$res->funktionen = $benutzer_funktion_res;
+		$res->mailverteiler = $mailverteiler_res;
+		$res->standort_telefon = isset($telefon_res) ? $telefon_res->kontakt : null;
+
+		return $res;
+	}
+
+	/**
+	 * function that returns the data used for viewing another student profile
+	 * @access private 
+	 * @param  integer $uid the userID to retrieve the student data
+	 * @return stdClass restricted student data
+	 */
+	private function viewStudentProfil($uid)
+	{
+		$mailverteiler_res = $this->getMailverteiler($uid);
+		$person_res = $this->getPersonInfo($uid);
+		$student_res = $this->getStudentInfo($uid);
+		$matr_res = $this->getMatrikelNummer($uid);
+
+		$res = new stdClass();
+		$res->username = $uid;
+
+		//? Person Information
+		foreach ($person_res as $key => $value) {
+			$res->$key = $value;
+		}
+
+		//? Student Information
+		foreach ($student_res as $key => $value) {
+			$res->$key = $value;
+		}
+
+		$intern_email = array();
+		$intern_email["type"] = "intern";
+		$intern_email["email"] = $uid . "@" . DOMAIN;
+
+		$res->emails = [$intern_email];
+		$res->matrikelnummer = $matr_res->matr_nr;
+		$res->mailverteiler = $mailverteiler_res;
+
+		return $res;
+	}
+
+	/**
+	 * checks whether a specific userID is a mitarbeiter or not (foreword declaration of the function isMitarbeiter in Mitarbeiter_model.php)
+	 * @access public
+	 * @param  $uid the userID used to check if it is a mitarbeiter
+	 * @return boolean 
+	 */
+	public function isMitarbeiter($uid)
+	{
+
+		if(!$uid) $this->terminateWithError("No uid provided", self::ERROR_TYPE_GENERAL);
+		
+		
+		$result = $this->MitarbeiterModel->isMitarbeiter($uid);
+		
+		if (isError($result)) {
+			$this->terminateWithError("error when calling Mitarbeiter_model function isMitarbeiter with uid " . $uid, self::ERROR_TYPE_GENERAL);
+		}
+
+		$result = $this->getDataOrTerminateWithError($result);
+		
+		$this->terminateWithSuccess($result);
+	}
+
+	/**
+	 * function that returns the data used for the mitarbeiter profile
+	 * @access private 
+	 * @return stdClass mitarbeiter data
+	 */
+	private function mitarbeiterProfil()
+	{
+
+		$zutrittskarte_ausgegebenam = $this->getZutrittskarteDatum($this->uid);
+		$adresse_res = $this->getAdressenInfo($this->pid);
+		$kontakte_res = $this->getKontaktInfo($this->pid);
+		$mailverteiler_res = $this->getMailverteiler($this->uid);
+		$person_res = $this->getPersonInfo($this->uid, true);
+		$benutzer_funktion_res = $this->getBenutzerFunktion($this->uid);
+		$betriebsmittelperson_res = $this->getBetriebsmittelInfo($this->pid);
+		$profilUpdates = $this->getProfilUpdates($this->uid);
+		$telefon_res = $this->getTelefonInfo($this->uid);
+		$mitarbeiter_res = $this->getMitarbeiterInfo($this->uid);
+
+		$res = new stdClass();
+		$res->username = $this->uid;
+
+		//? Person Information
+		foreach ($person_res as $key => $value) {
+			$res->$key = $value;
+		}
+
+		//? Mitarbeiter Information
+		foreach ($mitarbeiter_res as $key => $value) {
+			$res->$key = $value;
+		}
+
+		$res->adressen = $adresse_res;
+		$res->zutrittsdatum = $zutrittskarte_ausgegebenam;
+		$res->kontakte = $kontakte_res;
+		$res->mittel = $betriebsmittelperson_res;
+		$res->mailverteiler = $mailverteiler_res;
+
+		$intern_email = array();
+		$intern_email["type"] = "intern";
+		$intern_email["email"] = $this->uid . "@" . DOMAIN;
+		$extern_email = array();
+		$extern_email["type"] = "alias";
+		$extern_email["email"] = $mitarbeiter_res->alias . "@" . DOMAIN;
+		$res->emails = [$intern_email, $extern_email];
+
+		$res->funktionen = $benutzer_funktion_res;
+		$res->standort_telefon = $telefon_res;
+		$res->profilUpdates = $profilUpdates;
+
+		return $res;
+	}
+
+	/**
+	 * function that returns the data used for the student profile
+	 * @access private 
+	 * @return stdClass student data
+	 */
+	private function studentProfil()
+	{
+		$betriebsmittelperson_res = $this->getBetriebsmittelInfo($this->pid);
+		$kontakte_res = $this->getKontaktInfo($this->pid);
+		$zutrittskarte_ausgegebenam = $this->getZutrittskarteDatum($this->uid);
+		$adresse_res = $this->getAdressenInfo($this->pid);
+		$mailverteiler_res = $this->getMailverteiler($this->uid);
+		$person_res = $this->getPersonInfo($this->uid, true);
+		$zutrittsgruppe_res = $this->getZutrittsgruppen($this->uid);
+		$student_res = $this->getStudentInfo($this->uid);
+		$matr_res = $this->getMatrikelNummer($this->uid);
+		$profilUpdates = $this->getProfilUpdates($this->uid);
+
+		$res = new stdClass();
+		$res->username = $this->uid;
+
+		//? Person Information
+		foreach ($person_res as $key => $value) {
+			$res->$key = $value;
+		}
+
+		//? Student Information
+		foreach ($student_res as $key => $value) {
+			$res->$key = trim($value);
+		}
+
+		$intern_email = array();
+		$intern_email["type"] = "intern";
+		$intern_email["email"] = $this->uid . "@" . DOMAIN;
+
+		$res->emails = [$intern_email];
+		$res->adressen = $adresse_res;
+		$res->zutrittsdatum = $zutrittskarte_ausgegebenam;
+		$res->kontakte = $kontakte_res;
+		$res->mittel = $betriebsmittelperson_res;
+		$res->matrikelnummer = $matr_res->matr_nr;
+		$res->zuttritsgruppen = $zutrittsgruppe_res;
+		$res->mailverteiler = $mailverteiler_res;
+		$res->profilUpdates = $profilUpdates;
+
+		return $res;
+	}
+
+
+    /**
+	 * gets all the mailverteiler using the tables: tbl_benutzer, tbl_benutzergruppe, tbl_gruppe
+	 * @access private
+	 * @param  integer $uid  the userID used to retrieve the mailverteiler 
+	 * @return array returns the mailvertailer corresponding to a userID 
+	 */
+	private function getMailverteiler($uid)
+	{
+		$this->PersonModel->addSelect('gruppe_kurzbz, beschreibung');
+		$this->PersonModel->addJoin('tbl_benutzer', 'person_id');
+		$this->PersonModel->addJoin('tbl_benutzergruppe', 'uid');
+		$this->PersonModel->addJoin('tbl_gruppe', 'gruppe_kurzbz');
+
+		$mailverteiler_res = $this->PersonModel->loadWhere(array('mailgrp' => true, 'uid' => $uid));
+		if (isError($mailverteiler_res)) {
+			show_error("was not able to query the table public.tbl_benutzer:" . getData($mailverteiler_res));
+		}
+		$mailverteiler_res = hasData($mailverteiler_res) ? getData($mailverteiler_res) : null;
+		$mailverteiler_res = array_map(function ($element) {
+			$element->mailto = "mailto:" . $element->gruppe_kurzbz . "@" . DOMAIN;
+			return $element;
+		}, $mailverteiler_res);
+		return $mailverteiler_res;
+	}
+
+	/**
+	 * gets all the Benutzerfunktionen of a corresponding user
+	 * @access private
+	 * @param  integer $uid  the userID used to retrieve the Benutzerfunktionen 
+	 * @return array returns the Benutzerfunktionen corresponding to a userID 
+	 */
+	private function getBenutzerFunktion($uid)
+	{
+		$this->BenutzerfunktionModel->addSelect(["tbl_benutzerfunktion.bezeichnung as Bezeichnung", "tbl_organisationseinheit.bezeichnung as Organisationseinheit", "datum_von as Gültig_von", "datum_bis as Gültig_bis", "wochenstunden as Wochenstunden"]);
+		$this->BenutzerfunktionModel->addJoin("tbl_organisationseinheit", "oe_kurzbz");
+
+		$benutzer_funktion_res = $this->BenutzerfunktionModel->loadWhere(array('uid' => $uid));
+		if (isError($benutzer_funktion_res)) {
+			show_error("was not able to query the table public.tbl_benutzerfunktion:" . getData($benutzer_funktion_res));
+		}
+		$benutzer_funktion_res = hasData($benutzer_funktion_res) ? getData($benutzer_funktion_res) : null;
+		return $benutzer_funktion_res;
+	}
+
+	/**
+	 * gets all the Betriebsmittel of a corresponding user
+	 * @access private
+	 * @param  integer $uid  the userID used to retrieve the Betriebsmittel 
+	 * @return array returns the Betriebsmittel corresponding to a userID 
+	 */
+	private function getBetriebsmittelInfo($pid)
+	{
+		$this->BetriebsmittelpersonModel->addSelect(["CONCAT(betriebsmitteltyp, ' ' ,beschreibung) as Betriebsmittel", "nummer as Nummer", "ausgegebenam as Ausgegeben_am"]);
+
+		//? betriebsmittel are not needed in a view
+		$betriebsmittelperson_res = $this->BetriebsmittelpersonModel->getBetriebsmittel($pid);
+		if (isError($betriebsmittelperson_res)) {
+			show_error("was not able to query the table public.tbl_betriebsmittelperson:" . getData($betriebsmittelperson_res));
+		}
+		$betriebsmittelperson_res = hasData($betriebsmittelperson_res) ? getData($betriebsmittelperson_res) : null;
+		return $betriebsmittelperson_res;
+	}
+
+	/**
+	 * gets the alias of a corresponding user
+	 * @access private
+	 * @param  integer $uid the userID used to get the alias
+	 * @return string the alias of the userID
+	 */
+	private function getBenutzerAlias($uid)
+	{
+		$this->BenutzerModel->addSelect(["alias"]);
+		$benutzer_res = $this->BenutzerModel->load([$uid]);
+		if (isError($benutzer_res)) {
+			show_error("was not able to query the table public.tbl_benutzer:" . getData($benutzer_res));
+		} else {
+			$benutzer_res = hasData($benutzer_res) ? getData($benutzer_res)[0] : null;
+		}
+
+		return $benutzer_res;
+	}
+
+	/**
+	 * gets the person information corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the person information
+	 * @param  integer $geburtsInfo flag wether to add the columns gebort, gebdatum, foto_sperre or not
+	 * @return array all the person informaion corresponding to a userID
+	 */
+	private function getPersonInfo($uid, $geburtsInfo = null)
+	{
+		$selectClause = ["foto", "foto_sperre", "anrede", "titelpost as postnomen", "titelpre as titel", "vorname", "nachname"];
+		/** @param integer $geburtsInfo */
+		if ($geburtsInfo) {
+			array_push($selectClause, "gebort");
+			array_push($selectClause, "gebdatum");
+		}
+		$this->BenutzerModel->addSelect($selectClause);
+		$this->BenutzerModel->addJoin("tbl_person", "person_id");
+
+		$person_res = $this->BenutzerModel->load([$uid]);
+		if (isError($person_res)) {
+			show_error("was not able to query the table public.tbl_benutzer:" . getData($person_res));
+		} else {
+			$person_res = hasData($person_res) ? getData($person_res)[0] : null;
+		}
+
+		if( ($person_res->foto === null) || (($this->uid !== $uid) && ($person_res->foto_sperre !== false)) )
+		{
+			$dummy_foto = base64_encode(file_get_contents(DOC_ROOT.'skin/images/profilbild_dummy.jpg'));
+			$person_res->foto = $dummy_foto;
+		}
+
+		return $person_res;
+	}
+
+	/**
+	 * gets the mitarbeiter information corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the mitarbeiter information
+	 * @return array all the mitarbeiter informaion corresponding to a userID
+	 */
+	private function getMitarbeiterInfo($uid)
+	{
+		$this->MitarbeiterModel->addSelect(["kurzbz", "telefonklappe", "alias", "ort_kurzbz"]);
+		$this->MitarbeiterModel->addJoin("tbl_benutzer", "tbl_benutzer.uid = tbl_mitarbeiter.mitarbeiter_uid");
+		$mitarbeiter_res = $this->MitarbeiterModel->load($uid);
+		if (isError($mitarbeiter_res)) {
+			show_error("was not able to query the table public.tbl_mitarbeiter:" . getData($mitarbeiter_res));
+		} else {
+			$mitarbeiter_res = hasData($mitarbeiter_res) ? getData($mitarbeiter_res)[0] : null;
+		}
+
+		return $mitarbeiter_res;
+	}
+
+	/**
+	 * gets the telefon information corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the telefon information
+	 * @return array all the telefon informaion corresponding to a userID
+	 */
+	private function getTelefonInfo($uid)
+	{
+		$this->MitarbeiterModel->addSelect(["kontakt"]);
+		$this->MitarbeiterModel->addJoin("tbl_kontakt", "tbl_mitarbeiter.standort_id = tbl_kontakt.standort_id");
+		$this->MitarbeiterModel->addLimit(1);
+		$telefon_res = $this->MitarbeiterModel->loadWhere(["mitarbeiter_uid" => $uid, "kontakttyp" => "telefon"]);
+		if (isError($telefon_res)) {
+			show_error("was not able to query the table public.tbl_mitarbeiter:" . getData($telefon_res));
+		}
+		$telefon_res = hasData($telefon_res) ? getData($telefon_res)[0] : null;
+		return $telefon_res;
+	}
+
+	/**
+	 * gets the student information corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the student information
+	 * @return array all the student informaion corresponding to a userID
+	 */
+	private function getStudentInfo($uid)
+	{
+		$this->StudentModel->addSelect(['tbl_studiengang.bezeichnung as studiengang', 'tbl_student.semester', 'tbl_student.verband', 'tbl_student.gruppe', 'tbl_student.matrikelnr as personenkennzeichen']);
+		$this->StudentModel->addJoin('tbl_studiengang', "tbl_studiengang.studiengang_kz=tbl_student.studiengang_kz");
+
+		$student_res = $this->StudentModel->load([$uid]);
+		if (isError($student_res)) {
+			show_error("was not able to query the table public.tbl_student:" . getData($student_res));
+		}
+		$student_res = hasData($student_res) ? getData($student_res)[0] : null;
+		return $student_res;
+	}
+
+	/**
+	 * gets the profil updates corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the profil updates
+	 * @return array all the profil updates corresponding to a userID
+	 */
+	private function getProfilUpdates($uid)
+	{
+		$profilUpdates = $this->ProfilUpdateModel->getProfilUpdatesWhere(['uid' => $uid]);
+		if (isError($profilUpdates)) {
+			show_error("was not able to query the table public.tbl_profil_update:" . getData($profilUpdates));
+		}
+		$profilUpdates = hasData($profilUpdates) ? getData($profilUpdates) : null;
+		return $profilUpdates;
+	}
+
+	/**
+	 * gets the Matrikelnummer corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the Matrikelnummer
+	 * @return integer the Matrikelnummer corresponding to a userID
+	 */
+	private function getMatrikelNummer($uid)
+	{
+		$this->BenutzerModel->addSelect(["matr_nr"]);
+		$this->BenutzerModel->addJoin("tbl_person", "person_id");
+
+		$matr_res = $this->BenutzerModel->load([$uid]);
+		if (isError($matr_res)) {
+			show_error("was not able to query the table public.tbl_benutzer:" . getData($matr_res));
+		}
+		$matr_res = hasData($matr_res) ? getData($matr_res)[0] : [];
+		return $matr_res;
+	}
+
+	/**
+	 * gets the Zutrittsgruppen corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the Zutrittsgruppen
+	 * @return array all the Zutrittsgruppen corresponding to a userID
+	 */
+	private function getZutrittsgruppen($uid)
+	{
+		$this->BenutzergruppeModel->addSelect(['bezeichnung']);
+		$this->BenutzergruppeModel->addJoin('tbl_gruppe', 'gruppe_kurzbz');
+
+		$zutrittsgruppe_res = $this->BenutzergruppeModel->loadWhere(array("uid" => $uid, "zutrittssystem" => true));
+		if (isError($zutrittsgruppe_res)) {
+			show_error("was not able to query the table public.tbl_benutzergruppe:" . getData($zutrittsgruppe_res));
+		}
+		$zutrittsgruppe_res = hasData($zutrittsgruppe_res) ? getData($zutrittsgruppe_res) : null;
+		return $zutrittsgruppe_res;
+	}
+
+	/**
+	 * gets the address information corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the address information
+	 * @return array all the address information corresponding to a userID
+	 */
+	private function getAdressenInfo($pid)
+	{
+		$adresse_res = $this->AdresseModel->addSelect(["adresse_id", "strasse", "tbl_adressentyp.bezeichnung as typ", "plz", "ort", "zustelladresse", "gemeinde", "nation"]);
+		$adresse_res = $this->AdresseModel->addOrder("zustelladresse", "DESC");
+		$adresse_res = $this->AdresseModel->addJoin("tbl_adressentyp", "typ=adressentyp_kurzbz");
+
+		$adresse_res = $this->AdresseModel->loadWhere(["person_id" => $pid]);
+		if (isError($adresse_res)) {
+			show_error("was not able to query the table public.tbl_adresse:" . getData($adresse_res));
+		}
+		$adresse_res = hasData($adresse_res) ? getData($adresse_res) : null;
+		return $adresse_res;
+	}
+
+	/**
+	 * gets the kontakt information corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the kontakt information
+	 * @return array all the kontakt information corresponding to a userID
+	 */
+	private function getKontaktInfo($pid)
+	{
+		$this->KontaktModel->addSelect(['kontakttyp', 'kontakt_id', 'kontakt', 'tbl_kontakt.anmerkung', 'tbl_kontakt.zustellung']);
+		$this->KontaktModel->addJoin('public.tbl_standort', 'standort_id', 'LEFT');
+		$this->KontaktModel->addJoin('public.tbl_firma', 'firma_id', 'LEFT');
+		$this->KontaktModel->addOrder('kontakttyp, kontakt, tbl_kontakt.updateamum, tbl_kontakt.insertamum');
+
+		$kontakte_res = $this->KontaktModel->loadWhere(['person_id' => $pid]);
+		if (isError($kontakte_res)) {
+			show_error("was not able to query the table public.tbl_kontakt:" . getData($kontakte_res));
+		}
+		$kontakte_res = hasData($kontakte_res) ? getData($kontakte_res) : null;
+		return $kontakte_res;
+	}
+
+	/**
+	 * gets the date of issue of the FH access card corresponding to a user
+	 * @access private
+	 * @param  integer $uid the userID used to get the date of issue of the FH access card
+	 * @return string the date of issue of the FH access card corresponding to a userID
+	 */
+	private function getZutrittskarteDatum($uid)
+	{
+		$zutrittskarte_ausgegebenam = $this->BetriebsmittelpersonModel->getBetriebsmittelByUid($uid, "Zutrittskarte");
+		if (isError($zutrittskarte_ausgegebenam)) {
+			show_error("was not able to query the table wavi.tbl_bentriebsmittelperson:" . getData($zutrittskarte_ausgegebenam));
+		}
+		$zutrittskarte_ausgegebenam = hasData($zutrittskarte_ausgegebenam) ? getData($zutrittskarte_ausgegebenam)[0]->ausgegebenam : null;
+
+		//? formats date from 01-01-2000 to 01.01.2000
+		$zutrittskarte_ausgegebenam = str_replace("-", ".", $zutrittskarte_ausgegebenam);
+		return $zutrittskarte_ausgegebenam;
+	}
+}
+

application/controllers/api/frontend/v1/ProfilUpdate.php

@@ -0,0 +1,837 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+class ProfilUpdate extends FHCAPI_Controller
+{
+
+    public static $STATUS_PENDING = NULL;
+	public static $STATUS_ACCEPTED = NULL;
+	public static $STATUS_REJECTED = NULL;
+
+	public static $TOPICS = [];
+
+	/**
+	 * Object initialization
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+            'getStatus' => self::PERM_LOGGED,
+            'getTopic' => self::PERM_LOGGED,
+			'getProfilRequestFiles' => self::PERM_LOGGED,
+			'getProfilUpdateWithPermission' => ['student/stammdaten:r', 'mitarbeiter/stammdaten:r'],
+			'denyProfilRequest' => ['student/stammdaten:rw', 'mitarbeiter/stammdaten:rw'],
+			'acceptProfilRequest' => ['student/stammdaten:rw', 'mitarbeiter/stammdaten:rw'],
+			'selectProfilRequest' => self::PERM_LOGGED,
+			'insertProfilRequest' => self::PERM_LOGGED,
+			'updateProfilRequest' => self::PERM_LOGGED,
+			'deleteProfilRequest' => self::PERM_LOGGED,
+			'insertFile' => self::PERM_LOGGED,
+			'show' => self::PERM_LOGGED,
+			]);
+
+		$this->load->config('cis');
+
+		// Load language phrases
+		$this->loadPhrases(
+			array(
+				'ui',
+				'global',
+				'person',
+				'profil',
+				'profilUpdate'
+			)
+		);
+
+        $this->load->model('person/Profil_update_model', 'ProfilUpdateModel');
+		$this->load->model('person/Kontakt_model', 'KontaktModel');
+		$this->load->model('person/Adresse_model', 'AdresseModel');
+		$this->load->model('person/Adressentyp_model', 'AdressenTypModel');
+		$this->load->model('person/Person_model', 'PersonModel');
+		$this->load->model('ressource/mitarbeiter_model', 'MitarbeiterModel');
+		$this->load->model('crm/Student_model', 'StudentModel');
+		$this->load->model('person/Benutzer_model', 'BenutzerModel');
+		$this->load->model('system/Sprache_model', 'SpracheModel');
+		$this->load->model('person/Profil_update_status_model', 'ProfilUpdateStatusModel');
+		$this->load->model('person/Profil_update_topic_model', 'ProfilUpdateTopicModel');
+
+		$this->load->library('DmsLib');
+		$this->load->library('PermissionLib');
+
+		//? put the uid and pid inside the controller for reusability
+		$this->uid = getAuthUID();
+		$this->pid = getAuthPersonID();
+
+		// setup the ProfilUpdate states
+		$this->ProfilUpdateStatusModel->addSelect(['status_kurzbz']);
+		$status_kurzbz = $this->ProfilUpdateStatusModel->load();
+		if (hasData($status_kurzbz)) {
+			list($status_pending, $status_accepted, $status_rejected) = getData($status_kurzbz);
+
+			self::$STATUS_PENDING = $status_pending->status_kurzbz;
+			self::$STATUS_ACCEPTED = $status_accepted->status_kurzbz;
+			self::$STATUS_REJECTED = $status_rejected->status_kurzbz;
+		}
+		// setup the ProfilUpdate topics
+		$this->ProfilUpdateTopicModel->addSelect(['topic_kurzbz']);
+		$topic_kurzbz = $this->ProfilUpdateTopicModel->load();
+
+		if (hasData($topic_kurzbz)) {
+			foreach (getData($topic_kurzbz) as $topic) {
+				self::$TOPICS[$topic->topic_kurzbz] = $topic->topic_kurzbz;
+			}
+		}
+
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+    public function getStatus()
+	{
+		$this->terminateWithSuccess([self::$STATUS_PENDING => self::$STATUS_PENDING, self::$STATUS_ACCEPTED => self::$STATUS_ACCEPTED, self::$STATUS_REJECTED => self::$STATUS_REJECTED]);
+	}
+
+
+    public function getTopic()
+	{
+        if(!count(self::$TOPICS)){
+            $this->terminateWithError('No topics found');
+        }
+		$this->terminateWithSuccess(self::$TOPICS);
+	}
+
+	public function show($dms_id)
+	{
+
+		$profil_update = $this->ProfilUpdateModel->loadWhere(['attachment_id' => $dms_id]);
+		$profil_update = hasData($profil_update) ? getData($profil_update)[0] : null;
+
+		//? checks if an profil update exists with the dms_id requested from the user
+		if ($profil_update) {
+			$is_mitarbeiter_profil_update = getData($this->MitarbeiterModel->isMitarbeiter($profil_update->uid));
+			$is_student_profil_update = getData($this->StudentModel->isStudent($profil_update->uid));
+
+			if (
+				$this->permissionlib->isBerechtigt('student/stammdaten:r') && $is_student_profil_update ||
+				$this->permissionlib->isBerechtigt('mitarbeiter/stammdaten:r') && $is_mitarbeiter_profil_update ||
+				$this->uid == $profil_update->uid
+			) {
+				// Get file to be downloaded from DMS
+				$download = $this->dmslib->download($dms_id);
+				$download = $this->getDataOrTerminateWithError($download);
+				// Download file
+				$this->outputFile($download);
+
+
+			} else {
+				$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_permission_error'));
+			}
+
+		} else {
+			$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_dms_error'));
+		}
+
+	}
+
+	public function selectProfilRequest()
+	{
+
+		$uid = $this->input->get('uid',true);
+		$id = $this->input->get('id',true);
+		$whereClause = ['uid' => $this->uid];
+		
+		if (isset($uid))
+			$whereClause['uid'] = $uid;
+		if (isset($id))
+			$whereClause['id'] = $id;
+
+		$res = $this->ProfilUpdateModel->getProfilUpdatesWhere($whereClause);
+		$res = $this->getDataOrTerminateWithError($res);
+		$this->terminateWithSuccess($res);
+
+	}
+
+	public function insertProfilRequest()
+	{
+
+		$payload = $this->input->post('payload');
+		$topic = $this->input->post('topic',true);
+		$fileID = $this->input->post('fileID',true);
+
+		if(!isset($payload) || !isset($topic)){
+			$this->terminateWithError("required parameters are missing");
+		}
+
+		$identifier = array_key_exists("kontakt_id", $payload) ? "kontakt_id" : (array_key_exists("adresse_id", $payload) ? "adresse_id" : null);
+		
+		$data = ["topic" => $topic, "uid" => $this->uid, "requested_change" => json_encode($payload), "insertamum" => "NOW()", "insertvon" => $this->uid, "status" => self::$STATUS_PENDING ?: 'Pending'];
+
+		//? insert fileID in the dataset if sent with post request
+		if (isset($fileID)) {
+			$data['attachment_id'] = $fileID;
+		}
+
+		//? loops over all updateRequests from a user to validate if the new request is valid
+		$res = $this->ProfilUpdateModel->getProfilUpdatesWhere(["uid" => $this->uid]);
+		$res = $this->getDataOrTerminateWithError($res);
+
+		//? the user cannot delete a zustelladresse/kontakt
+		if (isset($payload["delete"]) && $payload[$identifier == "kontakt_id" ? "zustellung" : "zustelladresse"]) {
+			$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_deleteZustellung_error'));
+		}
+
+		//? if the user tries to delete a adresse, checks whether the adresse is a heimatadresse, if so an error is raised
+		if (isset($payload["delete"]) && $identifier == "adresse_id") {
+			$adr = $this->AdresseModel->load($payload[$identifier]);
+			$adr = $this->getDataOrTerminateWithError($adr)[0];
+			if ($adr->heimatadresse) {
+				$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_deleteZustellung_error'));
+			}
+		}
+
+		if ($res) {
+			$pending_changes = array_filter($res, function ($element) {
+				return $element->status == (self::$STATUS_PENDING ?: "Pending");
+			});
+			foreach ($pending_changes as $update_request) {
+				$existing_change = $update_request->requested_change;
+				//? the user can add as many new kontakte/adressen as he likes
+				if (!isset($payload["add"]) && property_exists($existing_change, $identifier) && array_key_exists($identifier,$payload) && $existing_change->$identifier == $payload[$identifier]) {
+					//? the kontakt_id / adresse_id of a change has to be unique 
+					$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_changeTwice_error'));
+				}
+
+				//? if it is not updating any kontakt/adresse, the topic has to be unique
+				elseif (!$identifier && $update_request->topic == $topic) {
+					$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_changeTopicTwice_error', ['0' => $update_request->topic]));
+				}
+			}
+		}
+
+		$insertID = $this->ProfilUpdateModel->insert($data);
+
+		if (isError($insertID)) {
+			$this->terminateWithError(getError($insertID));
+		} else {
+			
+			$insertID = hasData($insertID) ? getData($insertID) : null;
+			//? sends emails to the correspondents of the $uid
+			$this->sendEmail_onProfilUpdate_insertion($this->uid, $insertID, $topic);
+			$this->terminateWithSuccess(success($insertID));
+		}
+	}
+
+	public function updateProfilRequest()
+	{
+		$topic = $this->input->post('topic', true);
+		$payload = $this->input->post('payload', true);
+		$ID = $this->input->post('ID', true);
+		$fileID = $this->input->post('fileID', true);//optional
+
+		if(!isset($topic) || !isset($payload) || !isset($ID)){
+			$this->terminateWithError("required parameters are missing");
+		}
+
+		$updateData = ["requested_change" => json_encode($payload), "updateamum" => "NOW()", "updatevon" => $this->uid];
+		if (isset($fileID)) {
+			$updateData['attachment_id'] = json_decode($fileID);
+		}
+		$updateID = $this->ProfilUpdateModel->update([$ID], $updateData);
+		//? insert fileID in the dataset if sent with post request
+
+		if (isError($updateID)) {
+			$this->terminateWithError(getError($updateID));
+		}
+		
+		$updateID = $this->getDataOrTerminateWithError($updateID)[0];
+		
+		$this->terminateWithSuccess(success($updateID));
+	}
+
+	public function deleteProfilRequest()
+	{
+
+		$requestID = $this->input->post('requestID', true);
+		$result = $this->ProfilUpdateModel->delete([$requestID]);
+		if (isError($result)) {
+			$this->terminateWithError(getError($result));
+		}
+		$this->terminateWithSuccess($result);
+	}
+
+	public function getProfilRequestFiles($id)
+	{
+		 if(!$id){
+			$this->terminateWithError("parameter id is missing");
+		 }
+
+		$this->ProfilUpdateModel->addSelect(["attachment_id"]);
+		$attachmentID = $this->ProfilUpdateModel->load([$id]);
+		if (isError($attachmentID)) {
+			$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_loading_error'),self::ERROR_TYPE_GENERAL);
+		}
+		//? get the attachmentID
+		$dms_id = $this->getDataOrTerminateWithError($attachmentID)[0]->attachment_id;
+
+		//? get the name to the file
+		$this->DmsVersionModel->addSelect(["name", "dms_id"]);
+		$attachment = $this->DmsVersionModel->load([$dms_id, 0]);
+		if (isError($attachment)) {
+			$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_dmsVersion_error'),self::ERROR_TYPE_GENERAL);
+		}
+		$attachment = $this->getDataOrTerminateWithError($attachment);
+		//? returns {name:..., dms_id:...}
+		$this->terminateWithSuccess($attachment);
+	}
+
+	public function denyProfilRequest()
+	{
+		$id = $this->input->post('profil_update_id', true);
+		$uid = $this->input->post('uid', true);
+		$topic = $this->input->post('topic', true);
+		$status_message = $this->input->post('status_message', true); //optional
+
+		if(!isset($id) || !isset($uid) || !isset($topic)){
+			$this->terminateWithError("parameter id, uid, topic or status_message is missing");
+		}
+
+		$is_mitarbeiter = $this->MitarbeiterModel->isMitarbeiter($uid);
+		$is_mitarbeiter = $this->getDataOrTerminateWithError($is_mitarbeiter);
+		
+		$is_student = $this->StudentModel->isStudent($uid);
+		$is_student = $this->getDataOrTerminateWithError($is_student);
+
+		if (
+			$is_student && $this->permissionlib->isBerechtigt('student/stammdaten', "suid", $this->getOE_from_student($uid)) ||
+			$is_mitarbeiter && $this->permissionlib->isBerechtigt('mitarbeiter/stammdaten', "suid") 
+		) {
+			$this->sendEmail_onProfilUpdate_response($uid, $topic, self::$STATUS_REJECTED);
+			$this->terminateWithSuccess($this->setStatusOnUpdateRequest($id, self::$STATUS_REJECTED, $status_message));
+		} else {
+			$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_permission_error'),self::ERROR_TYPE_GENERAL);
+		}
+	}
+
+	public function acceptProfilRequest()
+	{
+		$id = $this->input->post('profil_update_id', true);
+		$uid = $this->input->post('uid', true);
+		$topic = $this->input->post('topic', true);
+		$requested_change = $this->input->post('requested_change');
+		$status_message = $this->input->post('status_message', true); //optional
+
+		//? fetching person_id using UID
+		$personID = $this->PersonModel->getByUid($uid);
+		$personID = $this->getDataOrTerminateWithError($personID)[0]->person_id;
+
+		//! check for required information
+		if (!isset($id) || !isset($uid) || !isset($personID) || !isset($requested_change) || !isset($topic)) {
+			$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_requiredInformation_error'));
+		}
+
+		$is_mitarbeiter = $this->MitarbeiterModel->isMitarbeiter($uid);
+		$is_mitarbeiter = $this->getDataOrTerminateWithError($is_mitarbeiter);
+
+		$is_student = $this->StudentModel->isStudent($uid);
+		$is_student = $this->getDataOrTerminateWithError($is_student);
+
+
+		//? check if the permissions are set correctly
+		if (
+			$is_student && $this->permissionlib->isBerechtigt('student/stammdaten', "suid", $this->getOE_from_student($uid)) ||
+			$is_mitarbeiter && $this->permissionlib->isBerechtigt('mitarbeiter/stammdaten', "suid") 
+		) {
+
+			if (is_array($requested_change) && array_key_exists("adresse_id", $requested_change)) {
+				$insertID = $this->handleAdresse($requested_change, $personID);
+				$insertID = getData($insertID);
+				if (isset($insertID)) {
+					$requested_change['adresse_id'] = $insertID;
+					$update_res = $this->updateRequestedChange($id, $requested_change);
+					if (isError($update_res)) {
+						$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_address_error', [$insertID]));
+					}
+				}
+
+			} else if (is_array($requested_change) && array_key_exists("kontakt_id", $requested_change)) {
+				$insertID = $this->handleKontakt($requested_change, $personID);
+				$insertID = getData($insertID);
+				if (isset($insertID)) {
+					$requested_change['kontakt_id'] = $insertID;
+					$update_res = $this->updateRequestedChange($id, $requested_change);
+					if (isError($update_res)) {
+						$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_kontakt_error', [$insertID]));
+					}
+				}
+
+
+			} else {
+				switch ($topic) {
+					// mapping phrasen to database columns to make the update with the correct column names
+					case self::$TOPICS['Titel']:
+						$topic = "titelpre";
+						break;
+					case self::$TOPICS['Postnomen']:
+						$topic = "titelpost";
+						break;
+					case self::$TOPICS['Vorname']:
+						$topic = "vorname";
+						break;
+					case self::$TOPICS['Nachname']:
+						$topic = "nachname";
+						break;
+					default:
+						$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_topic_error', [$topic]));
+				}
+
+				$result = $this->PersonModel->update($personID, [$topic => $requested_change["value"]]);
+				if (isError($result)) $this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_insert_error'));
+			
+			}
+			$this->sendEmail_onProfilUpdate_response($uid, $topic, self::$STATUS_ACCEPTED);
+
+			$this->terminateWithSuccess($this->setStatusOnUpdateRequest($id, self::$STATUS_ACCEPTED, $status_message, $requested_change));
+		} else {
+			$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_permission_error'));
+		}
+
+
+	}
+
+	public function insertFile($replace)
+	{
+		$replace = json_decode($replace);
+		
+		if (!count($_FILES)) {
+			$this->terminateWithError("No file available for upload");
+		}
+
+		//? if replace is set it contains the profil_update_id in which the attachment_id has to be replaced
+		if (isset($replace)) {
+			
+			$this->ProfilUpdateModel->addSelect(["attachment_id"]);
+			$profilUpdate = $this->ProfilUpdateModel->load([$replace]);
+			if (isError($profilUpdate)) {
+				$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_loading_error'));
+			}
+			//? get the attachmentID
+			$dms_id = $this->getDataOrTerminateWithError($profilUpdate)[0]->attachment_id;
+
+			//? delete old dms_file of Profil Update
+			$deleteOldFile_result = $this->deleteOldVersionFile($dms_id);
+			if(!$deleteOldFile_result){
+				$this->terminateWithError("error while deleting the old file");
+			}
+		}
+
+
+		$files = $_FILES['files'];
+		$file_count = count($files['name']);
+
+		$res = [];
+
+		for ($i = 0; $i < $file_count; $i++) {
+			$_FILES['files']['name'] = $files['name'][$i];
+			$_FILES['files']['type'] = $files['type'][$i];
+			$_FILES['files']['tmp_name'] = $files['tmp_name'][$i];
+			$_FILES['files']['error'] = $files['error'][$i];
+			$_FILES['files']['size'] = $files['size'][$i];
+
+			$dms = [
+				"kategorie_kurzbz" => "profil_aenderung",
+				"version" => 0,
+				"name" => $_FILES['files']['name'],
+				"mimetype" => $_FILES['files']['type'],
+				"beschreibung" => $this->uid . " Profil Änderung",
+				"insertvon" => $this->uid,
+				"insertamum" => "NOW()",
+			];
+
+			$tmp_res = $this->dmslib->upload($dms, 'files', array("jpg", "png", "pdf"));
+			
+			if(isError($tmp_res)){
+				$this->addError(getError($tmp_res));
+			}
+
+			$tmp_res = $this->getDataOrTerminateWithError($tmp_res);
+			array_push($res, $tmp_res);
+		}
+
+		$this->terminateWithSuccess($res);
+	}
+
+	public function getProfilUpdateWithPermission($status = null)
+	{
+		// early return if no status has been passed as argument
+		if (!isset($status)) {
+			echo json_encode($this->ProfilUpdateModel->getProfilUpdateWithPermission());
+			return;
+		}
+
+		// get the sprache of the user
+		$sprachenIndex = $this->SpracheModel->loadWhere(["sprache" => getUserLanguage()]);
+		$sprachenIndex = hasData($sprachenIndex) ? getData($sprachenIndex)[0]->index : null;
+
+		if (isset($sprachenIndex) && isset($status)) {
+			// get the corresponding status kurz_bz primary key out of the translation
+			$status = $this->ProfilUpdateStatusModel->execReadOnlyQuery("select * from public.tbl_profil_update_status where ? = ANY(bezeichnung_mehrsprachig)", [$status]);
+			$status = hasData($status) ? getData($status)[0]->status_kurzbz : null;
+			$res = $this->ProfilUpdateModel->getProfilUpdateWithPermission(isset($status) ? ['status' => $status] : null);
+
+			echo json_encode($res);
+		}
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Private methods
+
+
+	private function sendEmail_onProfilUpdate_insertion($uid, $profil_update_id, $topic)
+	{
+		if($this->config->item('cis_send_profil_update_mails') === false)
+		{
+			return;
+		}
+
+		$this->load->helper('hlp_sancho_helper');
+		$emails = [];
+
+		$is_mitarbeiter = $this->MitarbeiterModel->isMitarbeiter($uid);
+		if (isError($is_mitarbeiter)) {
+			$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_mitarbeiterCheck_error'));
+		}
+		$is_mitarbeiter = $this->getDataOrTerminateWithError($is_mitarbeiter);
+
+		//! if the $uid is a mitarbeiter and student, only the hr is notified by email
+		if ($is_mitarbeiter) {
+			//? user is not a student therefore he is a mitarbeiter, send email to Personalverwaltung
+			//? use constant variable MAIL_GST to mail to the personalverwaltung
+			$this->MitarbeiterModel->addSelect([TRUE]);
+			$this->MitarbeiterModel->addJoin("public.tbl_benutzer", "public.tbl_benutzer.uid = public.tbl_mitarbeiter.mitarbeiter_uid");
+			//? check if the the userID is a mitarbeiter and if the benutzer is active
+			$res = $this->MitarbeiterModel->loadWhere(["public.tbl_mitarbeiter.mitarbeiter_uid" => $uid, "public.tbl_benutzer.aktiv" => TRUE]);
+			if (isError($res)) {
+				$this->terminateWithError("was not able to query the mitarbeiter and benutzer by the uid: " . $uid);
+			}
+			if (hasData($res)) {
+				array_push($emails, MAIL_GST);
+			} else {
+				$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_mitarbeiterCheck_error'));
+			}
+		} else {
+			//? if it is not a mitarbeiter, check whether it is a student and send email to studiengang
+			$is_student = $this->StudentModel->isStudent($uid);
+			if (isError($is_student)) {
+				$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_studentCheck_error'));
+			}
+			$is_student = $this->getDataOrTerminateWithError($is_student);
+			if ($is_student) {
+				//? Send email to the Studiengangsassistentinnen
+				$this->StudentModel->addSelect(["public.tbl_studiengang.email"]);
+				$this->StudentModel->addJoin("public.tbl_benutzer", "public.tbl_benutzer.uid = public.tbl_student.student_uid");
+				$this->StudentModel->addJoin("public.tbl_prestudent", "public.tbl_benutzer.person_id = public.tbl_prestudent.person_id");
+				$this->StudentModel->addJoin("public.tbl_prestudentstatus", "public.tbl_prestudentstatus.prestudent_id = public.tbl_prestudent.prestudent_id");
+				$this->StudentModel->addJoin("public.tbl_studiengang", "public.tbl_studiengang.studiengang_kz = public.tbl_prestudent.studiengang_kz");
+				//* check if the benutzer itself is active
+				//* check if the student status is Student or Diplomand (active students)
+				$this->StudentModel->db->where_in("public.tbl_prestudentstatus.status_kurzbz", ['Student', 'Diplomand']);
+				$res = $this->StudentModel->loadWhere(["public.tbl_benutzer.aktiv" => TRUE, "public.tbl_student.student_uid" => $uid]);
+				if (isError($res)) {
+					$this->terminateWithError(getError($res));
+				} else {
+					$res = $this->getDataOrTerminateWithError($res);
+					foreach ($res as $emailObj) {
+						array_push($emails, $emailObj->email);
+					}
+				}
+			}
+		}
+		$mail_res = [];
+		//? sending email
+		foreach ($emails as $email) {
+			array_push($mail_res, sendSanchoMail("profil_update", ['uid' => $uid, 'topic' => $topic, 'href' => APP_ROOT . 'Cis/ProfilUpdate/id/' . $profil_update_id], $email, ("Profil Änderung von " . $uid)));
+		}
+		foreach ($mail_res as $m_res) {
+			if (!$m_res) {
+				$this->addError($this->p->t('profilUpdate', 'profilUpdate_email_error'));
+			}
+		}
+
+	}
+	
+	private function sendEmail_onProfilUpdate_response($uid, $topic, $status)
+	{
+		if($this->config->item('cis_send_profil_update_mails') === false)
+		{
+			return;
+		}
+
+		$this->load->helper('hlp_sancho_helper');
+		$email = $uid . "@" . DOMAIN;
+
+
+		function languageQuery($language)
+		{
+			return "select index from public.tbl_sprache where sprache = '" + $language + "'";
+		}
+
+		$this->ProfilUpdateStatusModel->addSelect(["bezeichnung_mehrsprachig[(" . languageQuery('German') . ")] as status_de", "bezeichnung_mehrsprachig[(" . languageQuery('English') . ")] as status_en"]);
+		
+		$status_translation = $this->ProfilUpdateStatusModel->loadWhere(["status_kurzbz" => $status]);
+		
+		if (isError($status_translation)) {
+			$this->terminateWithError($this->p->t('profilUpdate', 'ProfilUpdateStatusTranslationError'));
+		}
+
+		$status_translation = hasData($status_translation) ? getData($status_translation)[0] : null;
+
+		if (isset($status_translation)) {
+			$mail_res = sendSanchoMail("profil_update_response", ['topic' => $topic, 'status_de' => $status_translation->status_de, 'status_en' => $status_translation->status_en, 'href' => APP_ROOT . 'Cis/Profil'], $email, ("Profil Änderung " . $this->p->t('profilUpdate', 'pending')));
+			if (!$mail_res) {
+				$this->addError($this->p->t('profilUpdate', 'profilUpdate_email_error'));
+			}
+		}
+	}
+
+	private function setStatusOnUpdateRequest($id, $status, $status_message)
+	{
+		return $this->ProfilUpdateModel->update([$id], ["status" => $status, "status_timestamp" => "NOW()", "status_message" => $status_message]);
+	}
+	
+	private function updateRequestedChange($id, $requested_change)
+	{
+		return $this->ProfilUpdateModel->update([$id], ['requested_change' => json_encode($requested_change)]);
+	}
+	
+	private function deleteOldVersionFile($dms_id)
+	{
+		// starting the transaction
+		$this->db->trans_start();
+		
+		
+		if (!isset($dms_id)) {
+			return;
+		}
+
+		//? delete the file from the profilUpdate first
+		$profilUpdateFileDelete = $this->ProfilUpdateModel->removeFileFromProfilUpdate($dms_id);
+		if(isError($profilUpdateFileDelete)){
+			$this->terminateWithError(getError($profilUpdateFileDelete));
+		}
+		
+		//? delete all the different versions of the dms_file
+		$dmsVersions = $this->DmsVersionModel->loadWhere(["dms_id" => $dms_id]);
+		$dmsVersions = $this->getDataOrTerminateWithError($dmsVersions);
+		
+		
+		
+		$dms_versions = array_map(function ($item) {
+			return $item->version;
+		}, $dmsVersions);
+
+
+		$test_array = array();
+		foreach ($dms_versions as $version) {
+			
+			$delete_result = $this->dmslib->removeVersion($dms_id, $version);
+			array_push($test_array, $delete_result);
+			
+			if(isError($delete_result)){
+				$this->addError(getError($delete_result));
+			}
+		}
+
+		// transaction complete
+		$this->db->trans_complete();
+		
+		if ($this->db->trans_status() === FALSE)
+		{
+			return false;
+		}
+		else
+		{
+			return true;
+		}
+		
+	}
+	
+	
+	private function getOE_from_student($student_uid)
+	{
+		//? returns the oe_einheit eines Studenten 
+		$query = "SELECT public.tbl_studiengang.oe_kurzbz
+		FROM public.tbl_student
+		JOIN public.tbl_studiengang ON tbl_student.studiengang_kz = public.tbl_studiengang.studiengang_kz
+		WHERE public.tbl_student.student_uid = ?;";
+
+		$res = $this->StudentModel->execReadOnlyQuery($query, [$student_uid]);
+		$res = $this->getDataOrTerminateWithError($res, $this->p->t('profilUpdate', 'profilUpdate_loadingOE_error'));	
+		$res = array_map(
+			function ($item) {
+				return $item->oe_kurzbz;
+			},
+			$res
+		);
+		return $res;
+	}
+
+	private function handleAdresse($requested_change, $personID)
+	{
+		$this->AdressenTypModel->addSelect(["adressentyp_kurzbz"]);
+		$adr_kurzbz = $this->AdressenTypModel->loadWhere(["bezeichnung" => $requested_change['typ']]);
+		$adr_kurzbz = $this->getDataOrTerminateWithError($adr_kurzbz)[0]->adressentyp_kurzbz;
+
+		//? replace the address_typ with its correct kurzbz foreign key
+		$requested_change['typ'] = $adr_kurzbz;
+
+		$adresse_id = $requested_change["adresse_id"];
+
+		//? removes the adresse_id because we don't want to update the kontakt_id in the database
+		unset($requested_change["adresse_id"]);
+
+		//! ADD
+		if (array_key_exists('add', $requested_change) && $requested_change['add']) {
+
+			//? removes add flag
+			unset($requested_change['add']);
+			$requested_change['insertamum'] = "NOW()";
+			$requested_change['insertvon'] = getAuthUID();
+			$requested_change['person_id'] = $personID;
+			//TODO: zustelladresse, heimatadresse, rechnungsadresse und nation werden nicht beachtet
+			$insertID = $this->AdresseModel->insert($requested_change);
+			$insert_adresse_id = $insertID;
+			$insert_adresse_id = $this->getDataOrTerminateWithError($insert_adresse_id, $this->p->t('profilUpdate', 'profilUpdate_insertAdresse_error'));
+			if ($insert_adresse_id) {
+				$this->handleDupplicateZustellAdressen($requested_change['zustelladresse'], $insert_adresse_id);
+			}
+		}
+		//! DELETE
+		elseif (array_key_exists('delete', $requested_change) && $requested_change['delete']) {
+			$result = $this->AdresseModel->delete($adresse_id);
+			if (isError($result)) {
+				$this->terminateWithError(getError($result));
+			}
+		}
+		//! UPDATE
+		else {
+			$requested_change['updateamum'] = "NOW()";
+			$requested_change['updatevon'] = getAuthUID();
+			$update_adresse_id = $this->AdresseModel->update($adresse_id, $requested_change);
+			$update_adresse_id = $this->getDataOrTerminateWithError($update_adresse_id, $this->p->t('profilUpdate', 'profilUpdate_updateAdresse_error'));
+			$this->handleDupplicateZustellAdressen($requested_change['zustelladresse'], $update_adresse_id);
+
+		}
+		return $insertID ?? null;
+	}
+
+	private function handleKontakt($requested_change, $personID)
+	{
+		$kontakt_id = $requested_change["kontakt_id"];
+		//? removes the kontakt_id because we don't want to update the kontakt_id in the database
+		unset($requested_change["kontakt_id"]);
+
+		//! ADD
+		if (array_key_exists('add', $requested_change) && $requested_change['add']) {
+			//? removes add flag
+			unset($requested_change['add']);
+			$requested_change['person_id'] = $personID;
+			$requested_change['insertamum'] = "NOW()";
+			$requested_change['insertvon'] = getAuthUID();
+			$insertID = $this->KontaktModel->insert($requested_change);
+			$insert_kontakt_id = $insertID;
+			$insert_kontakt_id = $this->getDataOrTerminateWithError($insert_kontakt_id, $this->p->t('profilUpdate', 'profilUpdate_insertKontakt_error'));
+			if ($insert_kontakt_id) {
+				$this->handleDupplicateZustellKontakte($requested_change['zustellung'], $insert_kontakt_id);
+			}
+		}
+		//! DELETE
+		elseif (array_key_exists('delete', $requested_change) && $requested_change['delete']) {
+			$result = $this->KontaktModel->delete($kontakt_id);
+			if (isError($result)) {
+				$this->terminateWithError(getError($result));
+			}
+		}
+		//! UPDATE
+		else {
+			$requested_change['updateamum'] = "NOW()";
+			$requested_change['updatevon'] = getAuthUID();
+			$update_kontakt_id = $this->KontaktModel->update($kontakt_id, $requested_change);
+			$update_kontakt_id = $this->getDataOrTerminateWithError($update_kontakt_id, $this->p->t('profilUpdate', 'profilUpdate_updateKontakt_error'));
+			if ($update_kontakt_id) {
+				$this->handleDupplicateZustellKontakte($requested_change['zustellung'], $update_kontakt_id);
+			}
+		}
+		return isset($insertID) ? $insertID : null;
+	}
+
+	private function handleDupplicateZustellAdressen($zustellung, $adresse_id)
+	{
+		if ($zustellung) {
+			$this->PersonModel->addSelect("public.tbl_adresse.adresse_id");
+			$this->PersonModel->addJoin("public.tbl_adresse", "public.tbl_adresse.person_id = public.tbl_person.person_id");
+			$zustellAdressenArray = $this->PersonModel->loadWhere(["public.tbl_person.person_id" => $this->pid, "zustelladresse" => TRUE]);
+			if (isError($zustellAdressenArray)) {
+				$this->terminateWithError($this->p->t('profilUpdate', 'profilUpdate_loadingZustellAdressen_error'));
+			}
+			$zustellAdressenArray = $this->getDataOrTerminateWithError($zustellAdressenArray);
+	
+			if (count($zustellAdressenArray) > 0) {
+	
+				$zustellAdressenArray = array_filter($zustellAdressenArray, function ($adresse) use ($adresse_id) {
+	
+					return $adresse->adresse_id != $adresse_id;
+				});
+	
+				// remove the zustelladresse from all other zustelladressen
+				foreach ($zustellAdressenArray as $adresse) {
+					$this->AdresseModel->update($adresse->adresse_id, ["zustelladresse" => FALSE]);
+				}
+	
+			}
+		}
+	}
+
+	private function handleDupplicateZustellKontakte($zustellung, $kontakt_id)
+	{
+		if ($zustellung) {
+			$this->PersonModel->addSelect("public.tbl_kontakt.kontakt_id");
+			$this->PersonModel->addJoin("public.tbl_kontakt", "public.tbl_kontakt.person_id = public.tbl_person.person_id");
+			$zustellKontakteArray = $this->PersonModel->loadWhere(["public.tbl_person.person_id" => $this->pid, "zustellung" => TRUE]);
+			if (!isSuccess($zustellKontakteArray)) {
+				return error($this->p->t('profilUpdate', 'profilUpdate_loadingZustellkontakte_error'));
+			}
+			$zustellKontakteArray = hasData($zustellKontakteArray) ? getData($zustellKontakteArray) : null;
+
+			if ($zustellung && count($zustellKontakteArray) > 0) {
+				$zustellKontakteArray = array_filter($zustellKontakteArray, function ($kontakt) use ($kontakt_id) {
+					return $kontakt->kontakt_id != $kontakt_id;
+				});
+				foreach ($zustellKontakteArray as $kontakt) {
+					$this->KontaktModel->update($kontakt->kontakt_id, ["zustellung" => FALSE]);
+				}
+
+			}
+		}
+	}
+	
+}
+
+

application/controllers/api/frontend/v1/Searchbar.php

@@ -0,0 +1,69 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the SearchBarLib (back-end)
+ * Provides data to the ajax get calls about the searchbar component
+ * This controller works with JSON calls on the HTTP GET and the output is always JSON
+ */
+class Searchbar extends FHCAPI_Controller
+{
+	const SEARCHSTR_PARAM = 'searchstr';
+	const TYPES_PARAM = 'types';
+
+	/**
+	 * Object initialization
+	 */
+	public function __construct()
+	{
+		// NOTE(chris): additional permission checks will be done in SearchBarLib
+		parent::__construct([
+			'search' => self::PERM_LOGGED
+		]);
+
+		// Load the library SearchBarLib
+		$this->load->library('SearchBarLib');
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * Gets a JSON body via HTTP POST and provides the parameters
+	 */
+	public function search()
+	{
+		$this->load->library('form_validation');
+
+		// Checks if the searchstr and the types parameters are in the POSTed JSON
+		$this->form_validation->set_rules(self::SEARCHSTR_PARAM, null, 'required');
+		$this->form_validation->set_rules(self::TYPES_PARAM . '[]', null, 'required');
+
+		if (!$this->form_validation->run())
+			$this->terminateWithError(SearchBarLib::ERROR_WRONG_JSON, self::ERROR_TYPE_GENERAL);
+
+		// Convert to json the result from searchbarlib->search
+		$result = $this->searchbarlib->search($this->input->post(self::SEARCHSTR_PARAM), $this->input->post(self::TYPES_PARAM));
+		if (property_exists($result, 'error'))
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		$this->terminateWithSuccess($result);
+	}
+}
+

application/controllers/api/frontend/v1/Stundenplan.php

@@ -0,0 +1,564 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+class Stundenplan extends FHCAPI_Controller
+{
+
+	/**
+	 * Object initialization
+	 */
+	public function __construct()
+	{
+
+		parent::__construct([
+			'getRoomplan' => self::PERM_LOGGED,
+            'Stunden' => self::PERM_LOGGED,
+            'Reservierungen' => self::PERM_LOGGED,
+			'getStundenplan' => self::PERM_LOGGED,
+			'getLehreinheitStudiensemester' => self::PERM_LOGGED,
+		]);
+
+        $this->load->library('LogLib');
+        $this->loglib->setConfigs(array(
+			'classIndex' => 5,
+			'functionIndex' => 5,
+			'lineIndex' => 4,
+			'dbLogType' => 'API', // required
+			'dbExecuteUser' => 'RESTful API'
+		));
+
+        $this->load->library('form_validation');
+
+		//load models
+		$this->load->model('ressource/Stundenplan_model', 'StundenplanModel');
+		$this->load->model('ressource/Reservierung_model', 'ReservierungModel');
+
+
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+    /**
+     * fetches Stunden layout from database
+     * @access public
+     *
+     */
+    public function Stunden()
+	{
+		$this->load->model('ressource/Stunde_model', 'StundeModel');
+
+		$stunden = $this->StundeModel->load();
+
+        $stunden = $this->getDataOrTerminateWithError($stunden);
+
+		$this->terminateWithSuccess($stunden);
+	}
+
+    /**
+     * fetches room events from a certain date
+     * @access public
+     *
+     */
+	public function getRoomplan()
+	{
+        // form validation
+        $this->load->library('form_validation');
+        $this->form_validation->set_data($_GET);
+        $this->form_validation->set_rules('ort_kurzbz',"Ort","required");
+        $this->form_validation->set_rules('start_date',"start_date","required");
+        $this->form_validation->set_rules('end_date',"end_date","required");
+        if($this->form_validation->run() === FALSE) $this->terminateWithValidationErrors($this->form_validation->error_array());
+
+        // storing the get parameter in local variables
+        $ort_kurzbz = $this->input->get('ort_kurzbz', TRUE);
+        $start_date = $this->input->get('start_date', TRUE);
+        $end_date = $this->input->get('end_date', TRUE);
+
+		$roomplan_data = $this->StundenplanModel->stundenplanGruppierung($this->StundenplanModel->getRoomQuery($ort_kurzbz, $start_date, $end_date));
+
+        $roomplan_data = $this->getDataOrTerminateWithError($roomplan_data);
+
+		$this->expand_object_information($roomplan_data);
+
+		$this->terminateWithSuccess($roomplan_data);
+
+	}
+
+	/**
+	 * fetches stundenplan events from a UID and start/end date
+	 * @access public
+	 *
+	 */
+	//TODO: getStundenplan fuer Mitarbeiter anpassen
+	public function getStundenplan(){
+
+		$this->load->model('ressource/Mitarbeiter_model','MitarbeiterModel');
+		$this->load->model('organisation/Studiensemester_model','StudiensemesterModel');
+		$this->load->model('education/Studentlehrverband_model', 'StudentlehrverbandModel');
+		$this->load->model('person/Benutzergruppe_model','BenutzergruppeModel');
+
+		// form validation
+		$this->load->library('form_validation');
+		$this->form_validation->set_data($_GET);
+		$this->form_validation->set_rules('start_date', "start_date", "required");
+		$this->form_validation->set_rules('end_date', "end_date", "required");
+		if ($this->form_validation->run() === FALSE)
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		// storing the get parameter in local variables
+		$start_date = $this->input->get('start_date', TRUE);
+		$end_date = $this->input->get('end_date', TRUE);
+
+		$student_uid = getAuthUID();
+		if(is_null($student_uid))
+		{
+			$this->terminateWithError("No UID");
+		}
+
+		$is_mitarbeiter = getData($this->MitarbeiterModel->isMitarbeiter($student_uid));
+		if($is_mitarbeiter)
+		{
+			$this->terminateWithError("Not possible to look at the Student Calendar as a Mitarbeiter");
+		}
+		
+		$semester_range = $this->studienSemesterErmitteln($start_date,$end_date);
+
+		$this->sortStudienSemester($semester_range);
+
+		$this->applyLoadUeberSemesterHaelfte($semester_range);
+		
+		// getting the gruppen_kurzbz of the student in the different studiensemester
+		$benutzer_gruppen = $this->fetchBenutzerGruppenFromStudiensemester($semester_range);
+		
+		// getting the student_lehrverbaende of the student in the different studiensemester
+		$student_lehrverband = $this->fetchStudentlehrverbandFromStudiensemester($semester_range);
+		
+		$stundenplan_query = $this->StundenplanModel->getStundenplanQuery($start_date, $end_date, $semester_range, $benutzer_gruppen, $student_lehrverband);
+		if(!$stundenplan_query)
+		{
+			$this->terminateWithSuccess([]);
+		}
+		$stundenplan_data = $this->StundenplanModel->stundenplanGruppierung($stundenplan_query);
+		$stundenplan_data = $this->getDataOrTerminateWithError($stundenplan_data) ?? [];
+
+		$this->expand_object_information($stundenplan_data);
+
+		$this->terminateWithSuccess($stundenplan_data);
+	}
+
+	// gets the reservierungen of a room if the ort_kurzbz parameter is supplied otherwise gets the reservierungen of the stundenplan of a student
+    public function Reservierungen($ort_kurzbz = null)
+	{
+		//form validation
+		$this->load->library('form_validation');
+		$this->form_validation->set_data($_GET);
+		$this->form_validation->set_rules('start_date', "StartDate", "required");
+		$this->form_validation->set_rules('end_date', "EndDate", "required");
+		if($this->form_validation->run() == FALSE) $this->terminateWithValidationErrors($this->form_validation->error_array());
+
+        // storing the get parameter in local variables
+        $start_date = $this->input->get('start_date', TRUE);
+        $end_date = $this->input->get('end_date', TRUE);
+
+		// querying the reservierungen
+		$reservierungen = $this->ReservierungModel->getReservierungen($start_date, $end_date, $ort_kurzbz);
+
+        $reservierungen = $this->getDataOrTerminateWithError($reservierungen) ?? [];
+
+		$this->expand_object_information($reservierungen);
+
+		$this->terminateWithSuccess($reservierungen);
+
+	}
+
+	public function getLehreinheitStudiensemester($lehreinheit_id){
+		$this->load->model('education/Lehreinheit_model', 'LehreinheitModel');
+		$this->LehreinheitModel->addSelect(["studiensemester_kurzbz"]);
+		$result = $this->LehreinheitModel->load($lehreinheit_id);
+		$result = current($this->getDataOrTerminateWithError($result))->studiensemester_kurzbz;
+		$this->terminateWithSuccess($result);
+	}
+
+	// ################# Private Functions
+
+	private function expand_object_information($data){
+
+		foreach ($data as $item)
+		{
+
+			$lektor_obj_array = array();
+			$gruppe_obj_array = array();
+
+			// load lektor object
+			foreach ($item->lektor as $lv_lektor)
+			{
+				$this->StundenplanModel->addLimit(1);
+				$lektor_object = $this->StundenplanModel->execReadOnlyQuery("
+				SELECT mitarbeiter_uid, vorname, nachname, kurzbz
+				FROM public.tbl_mitarbeiter
+				JOIN public.tbl_benutzer benutzer ON benutzer.uid = mitarbeiter_uid
+				JOIN public.tbl_person person ON person.person_id = benutzer.person_id
+				WHERE kurzbz = ?", [$lv_lektor]);
+				if (isError($lektor_object)) {
+					$this->show_error(getError($lektor_object));
+				}
+				$lektor_object = $this->getDataOrTerminateWithError($lektor_object);
+				if(count($lektor_object) == 0)
+				{
+					$this->terminateWithError("No lektor object");
+				}
+				$lektor_object = current($lektor_object);
+				// only provide needed information of the mitarbeiter object
+				$lektor_obj_array[] = $lektor_object;
+			}
+
+			// load gruppe object
+			foreach ($item->gruppe as $lv_gruppe)
+			{
+				$lv_gruppe = strtr($lv_gruppe, ['(' => '', ')' => '', '"' => '']);
+				$lv_gruppe_array = explode(",", $lv_gruppe);
+				list($gruppe, $verband, $semester, $studiengang_kz, $gruppen_kuerzel) = $lv_gruppe_array;
+
+				$lv_gruppe_object = new stdClass();
+				$lv_gruppe_object->gruppe = $gruppe;
+				$lv_gruppe_object->verband = $verband;
+				$lv_gruppe_object->semester = $semester;
+				$lv_gruppe_object->studiengang_kz = $studiengang_kz;
+				$lv_gruppe_object->kuerzel = $gruppen_kuerzel;
+
+				$gruppe_obj_array[] = $lv_gruppe_object;
+			}
+
+			$item->gruppe = $gruppe_obj_array;
+			$item->lektor = $lektor_obj_array;
+
+		}
+	}
+
+	// function used to sort an array of studiensemester strings
+	private function sortStudienSemester(&$semester_range){
+		usort(
+			$semester_range,
+			function($first,$second)
+			{
+				$sem_first = null;
+				$year_first = null;
+				$match_first = null;
+
+				$sem_second = null;
+				$year_second = null;
+				$match_second = null;
+
+				preg_match('/([WS]+)([0-9]+)/',$first,$match_first);
+				preg_match('/([WS]+)([0-9]+)/',$second,$match_second);
+				
+				$sem_first = $match_first[1];
+				$year_first = intval($match_first[2]);
+
+				$sem_second = $match_second[1];
+				$year_second = intval($match_second[2]);
+
+				if($year_first < $year_second)
+				{
+					return -1;
+				}
+				else if($year_first > $year_second)
+				{
+					return 1;
+				}
+				else if($year_first == $year_second && $sem_first > $sem_second)
+				{
+					return 1;
+				}
+				else if($year_first == $year_second && $sem_first < $sem_second)
+				{
+					return -1;
+				}
+				return 0;
+			} 
+		);
+	}
+
+	
+
+	private function fetchBenutzerGruppenFromStudiensemester($semester_range){
+		$student_uid = getAuthUID();
+		$benutzer_gruppen = [];
+		// for each studiensemester fetch the benutzer gruppen and add them to an associate $bentuzer_gruppen array
+		/*
+		[
+			['WS2023'] => [['gruppe1_SS2023','gruppe2_SS2023'],['gruppe1_WS2023','gruppe2_WS2023']],
+			['SS2024'] => [['gruppe1_WS2023','gruppe2_WS2023'],['gruppe1_SS2024','gruppe2_SS2024']],
+			['WS2024'] => [['gruppe1_SS2024','gruppe2_SS2024'],['gruppe1_WS2024','gruppe2_WS2024']],
+		]
+		*/ 
+		foreach($semester_range as $semester_key => $semester_array)
+		{
+			$benutzer_gruppen[$semester_key] = [];
+			// each semester could have ajoint semesters that need to be checked
+			foreach($semester_array as $semester=>$semester_date_range)
+			{
+				// for each active semester query the benutzer_gruppen associated to the semester
+				$benutzer_query = $this->BenutzergruppeModel->execReadOnlyQuery("
+				SELECT * FROM tbl_benutzergruppe where uid = ? AND studiensemester_kurzbz = ?",[$student_uid, $semester]);
+				$benutzer_query_result = $this->getDataOrTerminateWithError($benutzer_query);
+				array_push(
+					$benutzer_gruppen[$semester_key],
+					 array_map(
+						function($item)
+						{
+							return "'".$item->gruppe_kurzbz. "'";
+						},
+						$benutzer_query_result
+					)
+				);
+			}
+		}
+		
+		// merge the gruppen of each studiensemester together for the original studiensemester
+		/*
+		[
+			['WS2023'] => ['gruppe1_SS2023','gruppe2_SS2023','gruppe1_WS2023','gruppe2_WS2023'],
+			['SS2024'] => ['gruppe1_WS2023','gruppe2_WS2023','gruppe1_SS2024','gruppe2_SS2024'],
+			['WS2024'] => ['gruppe1_SS2024','gruppe2_SS2024','gruppe1_WS2024','gruppe2_WS2024'],
+		]
+		*/ 
+		$benutzer_gruppen = array_map(
+			function($gruppe)
+			{
+				$merged_gruppe = [];
+				foreach($gruppe as $gruppen_array)
+				{
+					$merged_gruppe = array_merge($merged_gruppe, $gruppen_array);
+				}
+				return $merged_gruppe;
+			},
+			$benutzer_gruppen
+		);
+
+		return $benutzer_gruppen;
+	}
+
+	private function fetchStudentlehrverbandFromStudiensemester($semester_range){
+		$student_uid = getAuthUID();
+		$student_lehrverband = [];
+		// for each studiensemester fetch the studentlehrverbaende and add them to an associate $student_lehrverband array
+		/*
+		[
+			['WS2023'] => [ [ ['stg_kz'=>298,'semester'=>1,'verband'=>"A",'gruppe'=>""] ] ],
+			['SS2024'] => [ [ ['stg_kz'=>298,'semester'=>1,'verband'=>"A",'gruppe'=>""] ], [ ['stg_kz'=>298,'semester'=>2,'verband'=>"A",'gruppe'=>""] ] ],
+			['WS2024'] => [ [ ['stg_kz'=>298,'semester'=>2,'verband'=>"A",'gruppe'=>""] ], [ ['stg_kz'=>298,'semester'=>3,'verband'=>"A",'gruppe'=>""] ] ],
+		]
+		*/ 
+		foreach($semester_range as $semester_key => $semester_array)
+		{
+			$student_lehrverband[$semester_key] = [];
+			foreach($semester_array as $semester=>$semester_date_range)
+			{
+				// for each active semester query the student_lehrverband associated to the semester
+				$lehrverband_query = $this->BenutzergruppeModel->execReadOnlyQuery("
+				SELECT * FROM tbl_studentlehrverband where student_uid = ? AND studiensemester_kurzbz = ?", [$student_uid, $semester]);
+				$lehrverband_query_result = $this->getDataOrTerminateWithError($lehrverband_query);
+				array_push($student_lehrverband[$semester_key], array_map(
+					function ($item)
+					{
+						$result = new stdClass();
+						$result->studiengang_kz = $item->studiengang_kz;
+						$result->semester = $item->semester;
+						$result->verband = $item->verband;
+						$result->gruppe = $item->gruppe;
+						return $result;
+					},
+					$lehrverband_query_result)); 
+			}
+		}
+
+		// merge the studentlehrverband of each studiensemester together for the original studiensemester
+		/*
+		[
+			['WS2023'] => [ ['stg_kz'=>298,'semester'=>1,'verband'=>"A",'gruppe'=>""] ],
+			['SS2024'] => [ ['stg_kz'=>298,'semester'=>1,'verband'=>"A",'gruppe'=>""], ['stg_kz'=>298,'semester'=>2,'verband'=>"A",'gruppe'=>""] ],
+			['WS2024'] => [ ['stg_kz'=>298,'semester'=>2,'verband'=>"A",'gruppe'=>""], ['stg_kz'=>298,'semester'=>3,'verband'=>"A",'gruppe'=>""] ],
+		]
+		*/
+		$student_lehrverband = array_map(
+			function($studentlehrverband)
+			{	
+				$merged_studentlehrverband = [];
+				foreach($studentlehrverband as $studentlehrverband_array)
+				{
+					$merged_studentlehrverband = array_merge($merged_studentlehrverband, $studentlehrverband_array);
+				}
+				return $merged_studentlehrverband;
+			},
+			$student_lehrverband
+		);
+
+		return $student_lehrverband;
+	}
+
+	private function applyLoadUeberSemesterHaelfte(&$semester_range){
+		/*
+		@var($semester_collection)
+		convert the array of studiensemester into an associative array with the studiensemester as the key 
+		and the values of each key are the studiensemester needed for the query associated to that studiensemester
+		example:
+
+		#INPUT:
+		['WS2023','SS2024','WS2024']
+		#OUTPUT:
+		[
+			'WS2023' => ['SS2023','WS2023']
+			'SS2024' => ['WS2023','SS2024']
+			'WS2024' => ['SS2024','WS2024']
+		]
+		*/
+		$semester_collection = [];
+		foreach($semester_range as $studiensemester)
+		{
+			$previous_studiensemester = $this->StudiensemesterModel->getPreviousFrom($studiensemester);
+			$previous_studiensemester = $this->getDataOrTerminateWithError($previous_studiensemester);
+			if (count($previous_studiensemester) == 0) {
+				$this->terminateWithError("No previous semester");
+			}
+			$previous_studiensemester = current($previous_studiensemester)->studiensemester_kurzbz;
+			$semester_collection[$studiensemester] = [$previous_studiensemester, $studiensemester];
+		}
+
+		/*
+		@var($studienSemesterDateRanges)
+		fetches for each studiensemester the start and end date, (SS) summer studiensemester are extended by 1 month to cover the summerbreak
+		based on the LVPLAN_LOAD_UEBER_SEMESTERHAELFTE constant it will load both the semester and the previous semester with the full date range 
+		or the semester with the full date range and the previous semester with the half date range:
+
+		#INPUT:
+		[
+			'WS2023' => ['SS2023','WS2023']
+			'SS2024' => ['WS2023','SS2024']
+			'WS2024' => ['SS2024','WS2024']
+		]
+		#OUTPUT: depends whether LVPLAN_LOAD_UEBER_SEMESTERHAELFTE is true or false
+		~ if LVPLAN_LOAD_UEBER_SEMESTERHAELFTE == true
+		[
+			"SS2024": [
+				"WS2023": [
+					"start"=> "2024-02-03",
+					"ende"=> "2024-08-31"
+				],
+				"SS2024": [
+					"start"=> "2024-02-03",
+					"ende"=> "2024-08-31"
+				]
+			]
+		]
+		~ if LVPLAN_LOAD_UEBER_SEMESTERHAELFTE == false
+		[
+			"SS2024": [
+				"WS2023": [
+					"start"=> "2024-02-03",
+					"ende"=> "2024-05-17"
+				],
+				"SS2024": [
+					"start"=> "2024-02-03",
+					"ende"=> "2024-08-31"
+				]
+			]
+		]
+		*/
+		$studienSemesterDateRanges=[]; 
+		foreach($semester_collection as $semester_original => $semester_adjoint)
+		{
+			$semester_start_ende = $this->StudiensemesterModel->getStartEndeFromStudiensemester($semester_original);
+			$semester_start_ende = current($this->getDataOrTerminateWithError($semester_start_ende)); 
+				
+			// initialize empty arrays to add key value pairs
+			$studienSemesterDateRanges[$semester_original] = [];
+
+			// check if the studiensemester is a summer semester and add 1 month to bridge the school summer break
+			$match = null;
+			preg_match("/^(SS)([0-9]+)/",$semester_original,$match);
+			if(count($match) >0)
+			{
+				$one_month = new DateInterval('P1M');
+				$one_day = DateInterval::createFromDateString('1 days');
+				$summer_studiensemester_end_date = DateTime::createFromFormat('Y-m-d',$semester_start_ende->ende);
+				$summer_studiensemester_end_date->add($one_month);
+				$summer_studiensemester_end_date->sub($one_day);
+				$semester_start_ende->ende = date_format($summer_studiensemester_end_date,'Y-m-d');
+			}
+			if (defined('LVPLAN_LOAD_UEBER_SEMESTERHAELFTE') && LVPLAN_LOAD_UEBER_SEMESTERHAELFTE === true)
+			{
+				foreach($semester_adjoint as $adjoint)
+				{
+					$studienSemesterDateRanges[$semester_original][$adjoint]=$semester_start_ende;
+				}
+			}
+			else
+			{
+				//TODO: half of a DateInterval might not be correctly calculated
+				// calculate the half of the studiensemester
+				$studiensemester_start_date = DateTime::createFromFormat('Y-m-d',$semester_start_ende->start);
+				$studiensemester_end_date = DateTime::createFromFormat('Y-m-d',$semester_start_ende->ende);
+				$studiensemester_time_difference = $studiensemester_start_date->diff($studiensemester_end_date);
+				$half_dateNumber = ceil($studiensemester_time_difference->d/2)+ceil(($studiensemester_time_difference->m*30)/2);
+				$half_dateInterval = new DateInterval('P'.strval($half_dateNumber) .'D');
+				$studiensemester_half = date_format($studiensemester_start_date->add($half_dateInterval),'Y-m-d');
+				
+				$first_half = new stdClass();
+				$first_half->start = $semester_start_ende->start;
+				$first_half->ende = $studiensemester_half;
+
+				$studienSemesterDateRanges[$semester_original][$semester_adjoint[0]] = $first_half;
+				$studienSemesterDateRanges[$semester_original][$semester_adjoint[1]] = $semester_start_ende;
+			}
+			$semester_range = $studienSemesterDateRanges;
+		}
+	}
+
+	private function studienSemesterErmitteln($start_date,$end_date){
+		
+		// gets all studiensemester from the student from start_date to end_date
+		$semester_range = $this->StudiensemesterModel->getByDate($start_date,$end_date);
+		$semester_range = array_map( 
+			function($sem)
+			{
+				return $sem->studiensemester_kurzbz;
+			},
+			$this->getDataOrTerminateWithError($semester_range)
+		);
+
+		// if no studiensemester is found for the given timespan, get the nearest studiensemester
+		if(count($semester_range) == 0)
+		{
+			$aktuelle_studiensemester = $this->StudiensemesterModel->getNearest();
+			$aktuelle_studiensemester = $this->getDataOrTerminateWithError($aktuelle_studiensemester);
+			if (count($aktuelle_studiensemester) == 0) {
+				$this->terminateWithError("No aktuelles semester");
+			}
+			$aktuelle_studiensemester = current($aktuelle_studiensemester)->studiensemester_kurzbz;
+			// push aktuelles semester in active semester array
+			array_push($semester_range, $aktuelle_studiensemester);
+
+		}
+		return $semester_range;
+	}
+
+}

application/controllers/api/frontend/v1/Udf.php

@@ -0,0 +1,133 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the UDFLib (back-end)
+ * Provides data to the ajax get calls about the Udf component
+ * Listens to ajax post calls to change the Udf data
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ */
+class Udf extends FHCAPI_Controller
+{
+	/**
+	 * Calls the parent's constructor and prepares the UDFLib
+	 */
+	public function __construct()
+	{
+		// NOTE: UdfLib has its own permissions checks
+		parent::__construct([
+			'load' => self::PERM_LOGGED,
+			'save' => self::PERM_LOGGED
+		]);
+
+		// Libraries
+		$this->load->library('form_validation');
+		$this->load->library('UDFLib');
+		
+		// Models
+		$this->load->model($this->getTargetModelPath(), 'TargetModel');
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * Load all UDFs for a dataset
+	 *
+	 * @return void
+	 */
+	public function load()
+	{
+		$pks = $this->TargetModel->getPks();
+		foreach ($pks as $id)
+			$this->form_validation->set_rules($id, $id, 'required');
+		
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+
+		$id = [];
+		foreach ($pks as $pk)
+			$id[$pk] = $this->input->post($pk);
+		if (!is_array($this->TargetModel->getPk()))
+			$id = current($id);
+
+		$result = $this->udflib->getFieldArray($this->TargetModel, $id);
+
+		$fields = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($fields);
+	}
+
+	/**
+	 * Saves UDFs to a dataset
+	 *
+	 * @return void
+	 */
+	public function save()
+	{
+		$pks = $this->TargetModel->getPks();
+		foreach ($pks as $id)
+			$this->form_validation->set_rules($id, $id, 'required');
+
+		$result = $this->udflib->getCiValidations($this->TargetModel, $this->input->post());
+		
+		$fieldValidations = $this->getDataOrTerminateWithError($result);
+
+		$this->form_validation->set_rules($fieldvalidations);
+
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+
+		$id = [];
+		$fields = $this->input->post();
+		foreach ($pks as $pk) {
+			$id[$pk] = $fields[$pk];
+			unset($fields[$pk]);
+		}
+		if (!is_array($this->TargetModel->getPk()))
+			$id = current($id);
+
+		$result = $this->TargetModel->update($id, $fields);
+
+		$this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess(array_fill_keys(array_keys($fields), ''));
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Private methods
+
+	/**
+	 * Get the path to the target model from the url
+	 *
+	 * @return string
+	 */
+	private function getTargetModelPath()
+	{
+		$ci_model_path = array_slice($this->uri->rsegments, 2);
+		if ($ci_model_path)
+			$ci_model_path[] = ucfirst(array_pop($ci_model_path)) . '_model';
+		return implode(DIRECTORY_SEPARATOR, $ci_model_path);
+	}
+}

application/controllers/api/frontend/v1/betriebsmittel/BetriebsmittelP.php

@@ -0,0 +1,387 @@
+<?php
+
+
+if (!defined('BASEPATH')) exit('No direct script access allowed');
+use \DateTime as DateTime;
+
+class BetriebsmittelP extends FHCAPI_Controller
+{
+	private $person_id = null;
+
+	public function __construct()
+	{
+		parent::__construct([
+			'getAllBetriebsmittel' => ['admin:r', 'assistenz:r'],
+			'addNewBetriebsmittel' => self::PERM_LOGGED,
+			'updateBetriebsmittel' => self::PERM_LOGGED,
+			'loadBetriebsmittel' => ['admin:r', 'assistenz:r'],
+			'deleteBetriebsmittel' => self::PERM_LOGGED,
+			'getTypenBetriebsmittel' => ['admin:r', 'assistenz:r'],
+			'loadInventarliste' => ['admin:r', 'assistenz:r']
+		]);
+
+		//Load Models
+		$this->load->model('ressource/Betriebsmittel_model', 'BetriebsmittelModel');
+		$this->load->model('ressource/Betriebsmittelperson_model', 'BetriebsmittelpersonModel');
+
+		// Additional Permission Checks
+		if ($this->router->method == 'addNewBetriebsmittel') {
+			$this->person_id = current(array_slice($this->uri->rsegments, 2));
+			
+			$this->checkPermissionsForPerson(
+				$this->person_id,
+				['admin:rw', 'mitarbeiter:rw', 'basis/betriebsmittel:rw'],
+				['admin:rw', 'assistenz:rw', 'basis/betriebsmittel:rw']
+			);
+		} elseif ($this->router->method == 'updateBetriebsmittel' || $this->router->method == 'deleteBetriebsmittel') {
+			$betriebsmittelperson_id = current(array_slice($this->uri->rsegments, 2));
+			$result = $this->BetriebsmittelpersonModel->load($betriebsmittelperson_id);
+			if (!hasData($result))
+				show_404();
+			$this->person_id = current(getData($result))->person_id;
+			
+			$this->checkPermissionsForPerson(
+				$this->person_id,
+				['admin:rw', 'mitarbeiter:rw', 'basis/betriebsmittel:rw'],
+				['admin:rw', 'assistenz:rw', 'basis/betriebsmittel:rw']
+			);
+		}
+
+		// Load Libraries
+		$this->load->library('VariableLib', ['uid' => getAuthUID()]);
+		$this->load->library('form_validation');
+
+		// Load language phrases
+		$this->loadPhrases([
+			'ui',
+			'wawi'
+		]);
+	}
+
+	public function getAllBetriebsmittel($type_id, $id)
+	{
+		$result = $this->BetriebsmittelpersonModel->getBetriebsmittelData($id, $type_id);
+
+		if (isError($result)) {
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+
+		$this->terminateWithSuccess((getData($result) ?: []));
+	}
+
+	protected function validateNewOrUpdate()
+	{
+		$this->form_validation->set_rules('betriebsmitteltyp', 'Typ', 'required', [
+			'required' => $this->p->t('ui', 'error_fieldRequired')
+		]);
+
+		$this->form_validation->set_rules('kaution', 'Kaution', 'numeric|less_than_equal_to[9999.99]', [
+			'numeric' => $this->p->t('ui', 'error_fieldNotNumeric')
+		]);
+
+		$this->form_validation->set_rules('ausgegebenam', 'Ausgegeben am', 'required|is_valid_date', [
+			'required' => $this->p->t('ui', 'error_fieldRequired')
+		]);
+
+		if ($this->input->post('ausgegebenam') && $this->input->post('retouram')) {
+			$this->form_validation->set_rules('retouram', 'Retour am', [
+				'is_valid_date',
+				['is_not_before_ausgegebenam', function ($value) {
+					return (new DateTime($value) >= new DateTime($this->input->post('ausgegebenam')));
+				}]
+			], [
+				'is_not_before_ausgegebenam' => $this->p->t('wawi', 'error_retourdatumVorAusgabe')
+			]);
+		} else {
+			$this->form_validation->set_rules('retouram', 'Retour am', 'is_valid_date');
+		}
+
+		$this->form_validation->set_rules('anmerkung', 'Anmerkung', 'max_length[256]');
+
+		if ($this->input->post('betriebsmitteltyp') == 'Inventar') {
+			// Inventar
+			$this->form_validation->set_rules('betriebsmittel_id', 'Inventarnummer', 'required');
+		} elseif ($this->input->post('betriebsmitteltyp') == 'Zutrittskarte') {
+			// Zutrittskarte
+			if ($this->input->post('nummer') === null && $this->input->post('nummer') === null) {
+				$this->form_validation->set_rules('nummer', 'Nummer', 'required', [
+					'required' => $this->p->t('wawi', 'error_zutrittskarteOhneNummer')
+				]);
+				$this->form_validation->set_rules('nummer2', 'Nummer2', 'required', [
+					'required' => $this->p->t('wawi', 'error_zutrittskarteOhneNummer')
+				]);
+			} else {
+				if ($this->input->post('nummer') === null) {
+					$result = $this->BetriebsmittelpersonModel->loadViewWhere([
+						'betriebsmitteltyp' => $this->input->post('betriebsmitteltyp'),
+						'nummer2' => $this->input->post('nummer2'),
+						'person_id !=' => $this->person_id,
+						'retouram IS NULL' => null
+					]);
+					if (hasData($result))
+						$this->form_validation->set_rules('nummer2', 'Nummer2', 'is_array', [
+							'is_array' => $this->p->t('wawi', 'error_bmZutrittskarteOccupied', (array)current(getData($result)))
+						]);
+				} else {
+					$result = $this->BetriebsmittelpersonModel->loadViewWhere([
+						'betriebsmitteltyp' => $this->input->post('betriebsmitteltyp'),
+						'nummer' => $this->input->post('nummer'),
+						'person_id !=' => $this->person_id,
+						'retouram IS NULL' => null
+					]);
+					if (hasData($result))
+						$this->form_validation->set_rules('nummer', 'Nummer', 'is_array', [
+							'is_array' => $this->p->t('wawi', 'error_bmZutrittskarteOccupied', (array)current(getData($result)))
+						]);
+				}
+			}
+		}
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+	}
+
+	public function addNewBetriebsmittel($person_id)
+	{
+		$this->form_validation->set_rules('uid', 'UID', [
+			['uid_in_person', function ($value) use ($person_id) {
+				if ($value === null)
+					return true;
+				$this->load->model('person/Benutzer_model', 'BenutzerModel');
+				$result = $this->BenutzerModel->loadWhere([
+					'uid' => $value,
+					'person_id' => $person_id
+				]);
+
+				return hasData($result);
+			}]
+		], [
+			'uid_in_person' => $this->p->t('person', 'error_uidNotInPerson')
+		]);
+		$this->validateNewOrUpdate();
+
+		$betriebsmitteltyp = $this->input->post('betriebsmitteltyp');
+		$nummer = $this->input->post('nummer');
+		$nummer2 = $this->input->post('nummer2');
+		$beschreibung = $this->input->post('beschreibung');
+		$betriebsmittel_id = $this->input->post('betriebsmittel_id');
+		$anmerkung = $this->input->post('anmerkung');
+		$kaution = $this->input->post('kaution');
+		$ausgegebenam = $this->input->post('ausgegebenam');
+		$retouram = $this->input->post('retouram');
+		$uid = $this->input->post('uid');
+
+		// NOTE(chris): transform_kartennummer
+		if ($betriebsmitteltyp == 'Zutrittskarte' && $nummer)
+			$nummer = is_numeric($nummer) ? ltrim($nummer, "0") : hexdec(implode("", array_reverse(str_split(trim($nummer)))));
+
+		$this->db->trans_start();
+
+		if ($betriebsmitteltyp != 'Inventar') {
+			$this->BetriebsmittelModel->addOrder('updateamum', 'DESC');
+			if ($betriebsmitteltyp == 'Zutrittskarte' && $nummer === null) {
+				$result = $this->BetriebsmittelModel->loadWhere([
+					'betriebsmitteltyp' => $betriebsmitteltyp,
+					'nummer2' => $nummer2
+				]);
+			} else {
+				$result = $this->BetriebsmittelModel->loadWhere([
+					'betriebsmitteltyp' => $betriebsmitteltyp,
+					'nummer' => $nummer
+				]);
+			}
+			$data = $this->getDataOrTerminateWithError($result);
+
+			if ($data) {
+				$data = current($data);
+				if ($data->nummer !== $nummer || $data->nummer2 !== $nummer2 || $data->beschreibung !== $beschreibung) {
+					$result = $this->BetriebsmittelModel->update($data->betriebsmittel_id, [
+						'nummer' => $nummer,
+						'nummer2' => $nummer2,
+						'beschreibung' => $beschreibung,
+						'updateamum' => date('c'),
+						'updatevon' => getAuthUID()
+					]);
+					$this->getDataOrTerminateWithError($result);
+				}
+				$betriebsmittel_id = $data->betriebsmittel_id;
+			} else {
+				$result = $this->BetriebsmittelModel->insert([
+					'betriebsmitteltyp' => $betriebsmitteltyp,
+					'nummer' => $nummer,
+					'nummer2' => $nummer2,
+					'beschreibung' => $beschreibung,
+					'reservieren' => false,
+					'ort_kurzbz' => null,
+					'insertamum' => date('c'),
+					'insertvon' => getAuthUID(),
+				]);
+				$betriebsmittel_id = $this->getDataOrTerminateWithError($result);
+			}
+		}
+
+		$result = $this->BetriebsmittelpersonModel->insert([
+			'person_id' => $person_id,
+			'betriebsmittel_id' => $betriebsmittel_id,
+			'anmerkung' => $anmerkung,
+			'kaution' => $kaution,
+			'ausgegebenam' => $ausgegebenam,
+			'retouram' => $retouram,
+			'uid' => $uid,
+			'insertamum' => date('c'),
+			'insertvon' => getAuthUID()
+		]);
+
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->db->trans_complete();
+
+		$this->terminateWithSuccess(true);
+	}
+
+	public function updateBetriebsmittel($betriebsmittelperson_id)
+	{
+		$this->validateNewOrUpdate();
+
+		$betriebsmitteltyp = $this->input->post('betriebsmitteltyp');
+		$nummer = $this->input->post('nummer');
+		$nummer2 = $this->input->post('nummer2');
+		$beschreibung = $this->input->post('beschreibung');
+		$betriebsmittel_id = $this->input->post('betriebsmittel_id');
+		$anmerkung = $this->input->post('anmerkung');
+		$kaution = $this->input->post('kaution');
+		$ausgegebenam = $this->input->post('ausgegebenam');
+		$retouram = $this->input->post('retouram');
+
+		// NOTE(chris): transform_kartennummer
+		if ($betriebsmitteltyp == 'Zutrittskarte' && $nummer)
+			$nummer = is_numeric($nummer) ? ltrim($nummer, "0") : hexdec(implode("", array_reverse(str_split(trim($nummer)))));
+
+		$this->db->trans_start();
+
+		if ($betriebsmitteltyp != 'Inventar') {
+			$found = false;
+			if ($nummer !== null && $betriebsmittel_id !== null) {
+				$result = $this->BetriebsmittelModel->load($betriebsmittel_id);
+				$data = $this->getDataOrTerminateWithError($result);
+				if ($data && current($data)->nummer == $nummer) {
+					$found = true;
+				}
+			}
+
+			if (!$found) {
+				$this->BetriebsmittelModel->addOrder('updateamum', 'DESC');
+				if ($betriebsmitteltyp == 'Zutrittskarte' && $nummer === null) {
+					$result = $this->BetriebsmittelModel->loadWhere([
+						'betriebsmitteltyp' => $betriebsmitteltyp,
+						'nummer2' => $nummer2
+					]);
+				} else {
+					$result = $this->BetriebsmittelModel->loadWhere([
+						'betriebsmitteltyp' => $betriebsmitteltyp,
+						'nummer' => $nummer
+					]);
+				}
+				$data = $this->getDataOrTerminateWithError($result);
+			}
+
+			if ($data) {
+				$data = current($data);
+				if ($data->nummer !== $nummer || $data->nummer2 !== $nummer2 || $data->beschreibung !== $beschreibung) {
+					$result = $this->BetriebsmittelModel->update($data->betriebsmittel_id, [
+						'nummer' => $nummer,
+						'nummer2' => $nummer2,
+						'beschreibung' => $beschreibung,
+						'updateamum' => date('c'),
+						'updatevon' => getAuthUID()
+					]);
+					$this->getDataOrTerminateWithError($result);
+				}
+				$betriebsmittel_id = $data->betriebsmittel_id;
+			} else {
+				$result = $this->BetriebsmittelModel->insert([
+					'betriebsmitteltyp' => $betriebsmitteltyp,
+					'nummer' => $nummer,
+					'nummer2' => $nummer2,
+					'beschreibung' => $beschreibung,
+					'reservieren' => false,
+					'ort_kurzbz' => null,
+					'insertamum' => date('c'),
+					'insertvon' => getAuthUID(),
+				]);
+				$betriebsmittel_id = $this->getDataOrTerminateWithError($result);
+			}
+		}
+
+		$result = $this->BetriebsmittelpersonModel->update($betriebsmittelperson_id, [
+			'betriebsmittel_id' => $betriebsmittel_id,
+			'anmerkung' => $anmerkung,
+			'kaution' => $kaution,
+			'ausgegebenam' => $ausgegebenam,
+			'retouram' => $retouram,
+			'updateamum' => date('c'),
+			'updatevon' => getAuthUID()
+		]);
+
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->db->trans_complete();
+
+		$this->terminateWithSuccess(true);
+	}
+
+	public function loadBetriebsmittel($betriebsmittelperson_id)
+	{
+		$result = $this->BetriebsmittelpersonModel->getBetriebsmittelData($betriebsmittelperson_id, 'betriebsmittelperson_id');
+
+		if (isError($result)) {
+			$this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+
+		if (!hasData($result)) {
+			$this->terminateWithError($this->p->t('ui', 'error_missingId', ['id' => 'Betriebsmittelperson_id']), self::ERROR_TYPE_GENERAL);
+		}
+
+		$this->terminateWithSuccess(current(getData($result)));
+	}
+
+	public function deleteBetriebsmittel($betriebsmittelperson_id)
+	{
+		$result = $this->BetriebsmittelpersonModel->delete(
+			array('betriebsmittelperson_id' => $betriebsmittelperson_id,
+			)
+		);
+
+		if (isError($result)) {
+			return $this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+		if (!hasData($result)) {
+			return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id' => 'Betriebsmittelperson_id']), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->outputJsonSuccess(current(getData($result)));
+	}
+
+	public function getTypenBetriebsmittel()
+	{
+		$this->load->model('ressource/Betriebsmitteltyp_model', 'BetriebsmitteltypModel');
+
+		$this->BetriebsmitteltypModel->addOrder('beschreibung', 'ASC');
+		$result = $this->BetriebsmitteltypModel->load(); // load All
+
+		if (isError($result)) {
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->terminateWithSuccess(getData($result) ?: []);
+	}
+
+	public function loadInventarliste($searchString)
+	{
+		$result = $this->BetriebsmittelModel->loadInventarliste($searchString);
+
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($data);
+	}
+}
+
+

application/controllers/api/frontend/v1/checkperson/CheckPerson.php

@@ -0,0 +1,141 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+class CheckPerson extends FHCAPI_Controller
+{
+	public function __construct()
+	{
+		parent::__construct([
+			'updatePersonUnrulyStatus' => array('basis/mitarbeiter:rw', 'student/antragfreigabe:rw', 'student/studierendenantrag:rw'),
+			'filterPerson' => array('basis/mitarbeiter:rw', 'student/antragfreigabe:rw', 'student/studierendenantrag:rw'),
+			'checkUnruly' => array('basis/mitarbeiter:r', 'student/antragfreigabe:r', 'student/studierendenantrag:r', 'infocenter:r'),
+			'checkDuplicate' => array('infocenter:r'),
+		]);
+
+		$this->_ci =& get_instance();
+		$this->_ci->load->model('person/Person_model', 'PersonModel');
+	}
+
+	public function updatePersonUnrulyStatus()
+	{
+		$data = json_decode($this->input->raw_input_stream, true);
+
+		$person_id = $data['person_id'];
+		$unruly = $data['unruly'];
+
+		$result = $this->_ci->PersonModel->updateUnruly($person_id, $unruly);
+
+		if(isError($result)) {
+			$this->terminateWithError($result);
+		} else if (isSuccess($result)) {
+			$this->terminateWithSuccess($result);
+		}
+
+	}
+
+	public function checkDuplicate() {
+
+		$person_id = $this->input->post('person_id');
+
+		$result = $this->_ci->PersonModel->checkDuplicate($person_id);
+
+		if (isSuccess($result))
+			$this->terminateWithSuccess($result);
+		else
+			$this->terminateWithError('Error when searching for person');
+
+	}
+
+	// performs strict check over vorname, nachname, gebdatum
+	public function checkUnruly() {
+
+		$vorname = $this->input->post('vorname');
+		$nachname = $this->input->post('nachname');
+		$gebdatum = $this->input->post('gebdatum');
+
+		$result = $this->_ci->PersonModel->checkUnruly($vorname, $nachname, $gebdatum);
+
+		if (isSuccess($result))
+			$this->terminateWithSuccess($result);
+		else
+			$this->terminateWithError('Error when searching for person');
+	}
+
+	// filters nachname on similarity and vorname/gebdatum are optional
+	public function filterPerson() {
+		$payload = json_decode($this->input->raw_input_stream, TRUE);
+
+		$nachnameString = '';
+		$vornameString = '';
+		$filterUnruly = true;
+		$birthdateString = '';
+
+		if(array_key_exists( 'nachname', $payload) ) {
+			$nachnameString = $payload['nachname'];
+		}
+
+		if(array_key_exists('vorname', $payload)) {
+			$vornameString = $payload['vorname'];
+		}
+
+		if(array_key_exists('unruly', $payload)){
+			$filterUnruly = $payload['unruly'];
+		}
+
+		if(array_key_exists('gebdatum', $payload)) {
+			// TODO: enable if gebdatum filter for unrulys is desired
+//				$birthdateString = $payload['gebdatum'];
+		}
+
+		$parametersArray = array($nachnameString);
+		$where ="p.nachname~* ? ";
+		if (mb_strlen($nachnameString) == 2)
+		{
+			$where = "p.nachname=? ";
+		}
+
+		if(isset($vornameString) && $vornameString != '')
+		{
+			$where.= " AND p.vorname~*?";
+			$parametersArray[] = $vornameString;
+		}
+
+		if(isset($birthdateString) && $birthdateString != '')
+		{
+			$where.=" AND p.gebdatum=?";
+			$parametersArray[] = $birthdateString;
+		}
+
+		if(isset($filterUnruly))
+		{
+			$where.=" AND p.unruly=?";
+			$parametersArray[] = $filterUnruly;
+		}
+
+		$result = $this->_ci->PersonModel->checkUnrulyWhere($where, $parametersArray);
+
+		if (isSuccess($result))
+			$this->terminateWithSuccess($result);
+		else
+			$this->terminateWithError('Error when searching for person');
+
+
+	}
+}

application/controllers/api/frontend/v1/education/Lehrveranstaltung.php

@@ -0,0 +1,65 @@
+<?php
+/**
+ * FH-Complete
+ *
+ * @package		FHC-API
+ * @author		FHC-Team
+ * @copyright	Copyright (c) 2016, fhcomplete.org
+ * @license		GPLv3
+ * @link		http://fhcomplete.org
+ * @since		Version 1.0
+ * @filesource
+ */
+// ------------------------------------------------------------------------
+
+if (!defined('BASEPATH')) exit('No direct script access allowed');
+
+class Lehrveranstaltung extends FHCAPI_Controller
+{
+	/**
+	 * Lehrveranstaltung API constructor.
+	 */
+	public function __construct()
+	{
+		parent::__construct(array(
+			'getTemplateLvTree' => array(
+			    'lehre/lehrveranstaltung:rw'
+			)
+		));
+
+		// Load model LehrveranstaltungModel
+		$this->load->model('education/Lehrveranstaltung_model', 'LehrveranstaltungModel');
+	}
+
+	/**
+	 * Get all Templates and union with all Lehrveranstaltungen of given Studiensemester and Oes of given Berechtigung,
+	 * that are assigned to a template. This data structure can be used for nested tabulators' data tree.
+	 *
+	 * @param null|string $studiensemester_kurzbz
+	 * @param null|string $berechtigung
+	 * @return array|stdClass|null
+	 */
+	public function getTemplateLvTree()
+	{
+		$studiensemester_kurzbz = $this->input->get('studiensemester_kurzbz');
+		$berechtigung = $this->input->get('berechtigung');
+
+		if ($berechtigung)
+		{
+			$oe_permissions = $this->permissionlib->getOE_isEntitledFor($berechtigung);
+			if(!$oe_permissions) $oe_permissions = [];
+
+			$result = $this->LehrveranstaltungModel->getTemplateLvTree($studiensemester_kurzbz, $oe_permissions);
+		}
+		else
+		{
+			$result = $this->LehrveranstaltungModel->getTemplateLvTree($studiensemester_kurzbz);
+		}
+
+		if (isError($result)) {
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_DB);
+		}
+
+		$this->terminateWithSuccess((getData($result) ?: []));
+	}
+}

application/controllers/api/frontend/v1/notiz/NotizPerson.php

@@ -0,0 +1,51 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+use \DateTime as DateTime;
+
+class NotizPerson extends Notiz_Controller
+{
+	public function __construct()
+	{
+		parent::__construct([
+			'getUid' => ['admin:r', 'assistenz:r'],
+			'getNotizen' => ['admin:r', 'assistenz:r'],
+			'loadNotiz' => ['admin:r', 'assistenz:r'],
+			'addNewNotiz' => ['admin:rw', 'assistenz:rw'],
+			'updateNotiz' => ['admin:rw', 'assistenz:rw'],
+			'deleteNotiz' => ['admin:rw', 'assistenz:rw'],
+			'loadDokumente' => ['admin:r', 'assistenz:r'],
+			'getMitarbeiter' => ['admin:r', 'assistenz:r'],
+			'isBerechtigt' => ['admin:r', 'assistenz:r'],
+		]);
+	}
+
+	public function isBerechtigt($id, $typeId)
+	{
+		if($typeId != "person_id")
+		{
+			return $this->terminateWithError($this->p->t('ui', 'error_typeNotizIdIncorrect'), self::ERROR_TYPE_GENERAL);
+		}
+
+		//TODO define permission
+		if (!$this->permissionlib->isBerechtigt('admin', 'suid') && !$this->permissionlib->isBerechtigt('assistenz', 'suid'))
+		{
+			$result =  $this->p->t('lehre', 'error_keineSchreibrechte');
+
+			return $this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+
+		return $this->outputJsonSuccess(true);
+	}
+
+	public function loadDokumente()
+	{
+		$notiz_id = $this->input->post('notiz_id');
+
+		// TODO(chris): make CI variant of endpoint
+		$this->NotizModel->addSelect($this->NotizModel->escape(base_url('content/notizdokdownload.php?id=')) . ' || campus.tbl_dms_version.dms_id AS preview');
+		
+		return parent::loadDokumente();
+	}
+}

application/controllers/api/frontend/v1/organisation/Studiensemester.php

@@ -0,0 +1,118 @@
+<?php
+/**
+ * FH-Complete
+ *
+ * @package		FHC-API
+ * @author		FHC-Team
+ * @copyright	Copyright (c) 2016, fhcomplete.org
+ * @license		GPLv3
+ * @link		http://fhcomplete.org
+ * @since		Version 1.0
+ * @filesource
+ */
+// ------------------------------------------------------------------------
+
+if (!defined('BASEPATH')) exit('No direct script access allowed');
+
+class Studiensemester extends FHCAPI_Controller
+{
+	/**
+	 * Studiensemester API constructor.
+	 */
+	public function __construct()
+	{
+		parent::__construct(
+			array(
+				'getAll' => self::PERM_LOGGED,
+				'getAktNext' => self::PERM_LOGGED
+			)
+		);
+		// Load model StudiensemesterModel
+		$this->load->model('organisation/studiensemester_model', 'StudiensemesterModel');
+	}
+
+	/**
+	 * Get all Studiensemester.
+	 *
+	 * @param null|string $order Sorting order for the Studiensemester, 'asc' or 'desc'. Defaults to 'asc'.
+	 * @param null|string $start Start date of the displayed Studiensemester in the format 'YYYY-MM-DD'.
+	 * 	If provided, only Studiensemester starting from this date onwards will be returned.
+	 *  eg. '2020-09-01' will start with WS2020.
+	 */
+	public function getAll()
+	{
+		$order = $this->input->get('order');
+		$start = $this->input->get('start');
+
+		if (strcasecmp($order, 'DESC') == 0)
+		{
+			$this->StudiensemesterModel->addOrder('ende', 'DESC');
+		}
+		else
+		{
+			$this->StudiensemesterModel->addOrder('ende', 'ASC');
+		}
+
+		if ($start)
+		{
+			$result = $this->StudiensemesterModel->loadWhere([
+				'start >= ' => $start
+			]);
+		}
+		else
+		{
+			$result = $this->StudiensemesterModel->load();
+		}
+
+		if (isError($result)) {
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_DB);
+		}
+
+		$this->terminateWithSuccess((getData($result) ?: []));
+	}
+
+	/**
+	 * @return void
+	 */
+	public function getAktNext()
+	{
+		$semester = $this->input->get('semester');
+
+		$result = null;
+
+		if (!is_numeric($semester))
+		{
+			$result = $this->StudiensemesterModel->loadWhere(array('start <=' => 'NOW()', 'ende >=' => 'NOW()'));
+		}
+
+		if (!hasData($result))
+		{
+			$this->StudiensemesterModel->addOrder('ende');
+			$this->StudiensemesterModel->addLimit(1);
+
+			$whereArray = array('ende >=' => 'NOW()');
+
+			if (is_numeric($semester))
+			{
+				if ($semester % 2 == 0)
+				{
+					$ss = 'SS';
+				}
+				else
+				{
+					$ss = 'WS';
+				}
+
+				$whereArray['SUBSTRING(studiensemester_kurzbz FROM 1 FOR 2) ='] = $ss;
+			}
+
+			$result = $this->StudiensemesterModel->loadWhere($whereArray);
+		}
+
+		if (isError($result)) {
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_DB);
+		}
+
+		$this->terminateWithSuccess((getData($result) ?: ''));
+	}
+}

application/controllers/api/frontend/v1/studstatus/Abmeldung.php

@@ -0,0 +1,187 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+use \REST_Controller as REST_Controller;
+use \Studierendenantrag_model as Studierendenantrag_model;
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the AntragLib (back-end)
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ */
+class Abmeldung extends FHCAPI_Controller
+{
+
+	/**
+	 * Calls the parent's constructor and loads the AntragLib
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'getDetailsForNewAntrag' => self::PERM_LOGGED,
+			'getDetailsForAntrag' => self::PERM_LOGGED,
+			'createAntrag' => self::PERM_LOGGED,
+			'cancelAntrag' => self::PERM_LOGGED
+		]);
+
+		// Libraries
+		$this->load->library('AntragLib');
+
+		// Load language phrases
+		$this->loadPhrases([
+			'studierendenantrag'
+		]);
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * Retrieves data of the current studiengang for the current user
+	 */
+
+	public function getDetailsForNewAntrag($prestudent_id)
+	{
+		if (!$this->antraglib->isEntitledToCreateAntragFor($prestudent_id, true))
+			$this->terminateWithError('Forbidden', self::ERROR_TYPE_AUTH, REST_Controller::HTTP_FORBIDDEN);
+
+		$result = $this->antraglib->getPrestudentAbmeldeBerechtigt($prestudent_id);
+		$result = $this->getDataOrTerminateWithError($result);
+		
+		if (!$result) {
+			$this->terminateWithError(
+				$this->p->t('studierendenantrag', 'error_no_student'),
+				self::ERROR_TYPE_AUTH,
+				REST_Controller::HTTP_FORBIDDEN
+			);
+		} elseif ($result == -3) {
+			$this->terminateWithError(
+				$this->p->t('studierendenantrag', 'error_stg_blacklist'),
+				self::ERROR_TYPE_AUTH,
+				REST_Controller::HTTP_FORBIDDEN
+			);
+		} elseif ($result == -1) {
+			$result = $this->antraglib->getDetailsForLastAntrag(
+                $prestudent_id,
+                [
+                    Studierendenantrag_model::TYP_ABMELDUNG,
+                    Studierendenantrag_model::TYP_ABMELDUNG_STGL
+                ]
+            );
+
+			$data = $this->getDataOrTerminateWithError($result);
+			
+			$data->canCancel = (
+				$data->status == Studierendenantragstatus_model::STATUS_CREATED &&
+				$this->antraglib->isEntitledToCancelAntrag($data->studierendenantrag_id)
+			);
+
+			$this->terminateWithSuccess($data);
+		}
+
+		$result = $this->antraglib->getDetailsForNewAntrag($prestudent_id);
+
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($data);
+	}
+
+	public function getDetailsForAntrag($studierendenantrag_id)
+	{
+		if (!$this->antraglib->isEntitledToShowAntrag($studierendenantrag_id))
+			return show_404();
+
+		$result = $this->antraglib->getDetailsForAntrag($studierendenantrag_id);
+		
+		$data = $this->getDataOrTerminateWithError($result);
+
+		if ($data->typ !== Studierendenantrag_model::TYP_ABMELDUNG_STGL && $data->typ !== Studierendenantrag_model::TYP_ABMELDUNG)
+			return show_404();
+
+		$data->canCancel = (
+			$data->status == Studierendenantragstatus_model::STATUS_CREATED &&
+			$this->antraglib->isEntitledToCancelAntrag($data->studierendenantrag_id)
+		);
+
+		$this->terminateWithSuccess($data);
+	}
+
+	public function createAntrag()
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules('studiensemester', 'Studiensemester', 'required');
+		$this->form_validation->set_rules('prestudent_id', 'Prestudent ID', 'required');
+		$this->form_validation->set_rules('grund', 'Grund', 'required');
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$grund = $this->input->post('grund');
+		$studiensemester = $this->input->post('studiensemester');
+		$prestudent_id = $this->input->post('prestudent_id');
+
+		$result = $this->antraglib->getPrestudentAbmeldeBerechtigt($prestudent_id);
+		$result = $this->getDataOrTerminateWithError($result);
+		if (!$result)
+			$this->terminateWithError($this->p->t('studierendenantrag', 'error_no_student'), self::ERROR_TYPE_GENERAL);
+		elseif ($result == -3)
+			$this->terminateWithError($this->p->t('studierendenantrag', 'error_stg_blacklist'), self::ERROR_TYPE_GENERAL);
+		elseif ($result < 0)
+			$this->terminateWithError($this->p->t('studierendenantrag', 'error_antrag_exists'), self::ERROR_TYPE_GENERAL);
+
+		$result = $this->antraglib->createAbmeldung($prestudent_id, $studiensemester, getAuthUID(), $grund);
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$result = $this->antraglib->getDetailsForAntrag($data);
+		if (!hasData($result))
+			return $this->terminateWithSuccess(true);
+
+		$data = getData($result);
+		$data->canCancel = (boolean)$this->antraglib->isEntitledToCancelAntrag($data->studierendenantrag_id);
+
+		$this->terminateWithSuccess($data);
+	}
+
+	public function cancelAntrag()
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules('antrag_id', 'Antrag ID', 'required');
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$antrag_id = $this->input->post('antrag_id');
+
+		if (!$this->antraglib->isEntitledToCancelAntrag($antrag_id))
+			$this->terminateWithError('Forbidden', self::ERROR_TYPE_AUTH, REST_Controller::HTTP_FORBIDDEN);
+
+		$result = $this->antraglib->cancelAntrag($antrag_id, getAuthUID());
+		$this->getDataOrTerminateWithError($result);
+
+		$result = $this->antraglib->getDetailsForAntrag($antrag_id);
+		if (!hasData($result))
+			$this->terminateWithSuccess($antrag_id);
+		
+		$data = getData($result);
+		
+		$this->terminateWithSuccess($data);
+	}
+}

application/controllers/api/frontend/v1/studstatus/Leitung.php

@@ -0,0 +1,429 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+use \stdClass as stdClass;
+use \Studierendenantrag_model as Studierendenantrag_model;
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the AntragLib (back-end)
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ */
+class Leitung extends FHCAPI_Controller
+{
+
+	/**
+	 * Calls the parent's constructor and loads the AntragLib
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'getActiveStgs' => ['student/antragfreigabe:r', 'student/studierendenantrag:r'],
+			'getAntraege' => ['student/antragfreigabe:r', 'student/studierendenantrag:r'],
+			'getHistory' => ['student/antragfreigabe:r', 'student/studierendenantrag:r'],
+			'getPrestudents' => 'student/studierendenantrag:w',
+			'approveAntrag' => 'student/antragfreigabe:w',
+			'rejectAntrag' => 'student/antragfreigabe:w',
+			'reopenAntrag' => 'student/studierendenantrag:w',
+			'pauseAntrag' => ['student/antragfreigabe:w', 'student/studierendenantrag:w'],
+			'unpauseAntrag' => ['student/antragfreigabe:w', 'student/studierendenantrag:w'],
+			'objectAntrag' => ['student/antragfreigabe:w', 'student/studierendenantrag:w'],
+			'approveObjection' => ['student/antragfreigabe:w', 'student/studierendenantrag:w'],
+			'denyObjection' => ['student/antragfreigabe:w', 'student/studierendenantrag:w']
+		]);
+
+		// Libraries
+		$this->load->library('AntragLib');
+
+		// Load language phrases
+		$this->loadPhrases([
+			'studierendenantrag',
+			'lehre'
+		]);
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	public function getActiveStgs()
+	{
+		$studiengaenge = $this->permissionlib->getSTG_isEntitledFor('student/antragfreigabe') ?: [];
+		$studiengaenge = array_merge($studiengaenge, $this->permissionlib->getSTG_isEntitledFor('student/studierendenantrag') ?: []);
+		
+		$result = $this->StudierendenantragModel->loadStgsWithAntraege($studiengaenge);
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($data);
+	}
+
+	public function getAntraege($studiengang = null, $extra = null)
+	{
+		if ($studiengang && $studiengang == 'todo') {
+			$studiengang = $extra;
+			$extra = true;
+		} else {
+			$extra = false;
+		}
+
+		$studiengaenge = $this->permissionlib->getSTG_isEntitledFor('student/antragfreigabe');
+		if(!is_array($studiengaenge))
+			$studiengaenge = [];
+
+
+		$stgsNeuanlage = $this->permissionlib->getSTG_isEntitledFor('student/studierendenantrag');
+		if(!is_array($stgsNeuanlage))
+			$stgsNeuanlage = [];
+
+		$studiengaenge = array_unique(array_merge($studiengaenge, $stgsNeuanlage));
+
+		if ($studiengang) {
+			if (!in_array($studiengang, $studiengaenge))
+				$this->terminateWithError(
+					'Forbidden',
+					self::ERROR_TYPE_AUTH,
+					REST_Controller::HTTP_FORBIDDEN
+				);
+			$studiengaenge = [$studiengang];
+		}
+
+		$antraege = [];
+		if ($studiengaenge) {
+			$result = $extra
+				? $this->StudierendenantragModel->loadActiveForStudiengaenge($studiengaenge)
+				: $this->StudierendenantragModel->loadForStudiengaenge($studiengaenge);
+
+			$antraege = $this->getDataOrTerminateWithError($result);
+		}
+
+		$this->terminateWithSuccess($antraege ?: []);
+	}
+
+	public function getHistory($studierendenantrag_id)
+	{
+		if (!$this->antraglib->isEntitledToSeeHistoryForAntrag($studierendenantrag_id))
+			$this->terminateWithError(
+				'Forbidden',
+				self::ERROR_TYPE_AUTH,
+				REST_Controller::HTTP_FORBIDDEN
+			);
+
+		$result = $this->antraglib->getAntragHistory($studierendenantrag_id);
+		$data = $this->getDataOrTerminateWithError($result);
+		
+		$this->terminateWithSuccess($data ?: []);
+	}
+
+	public function getPrestudents()
+	{
+		$query = $this->input->post('query');
+
+		$studiengaenge = $this->permissionlib->getSTG_isEntitledFor('student/studierendenantrag');
+
+		$result = $this->antraglib->getAktivePrestudentenInStgs($studiengaenge, $query);
+		$result = $this->getDataOrTerminateWithError($result);
+
+		return $this->terminateWithSuccess($result ?: []);
+	}
+
+	public function approveAntrag()
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules(
+			'studierendenantrag_id',
+			'Studierenden Antrag',
+			[
+				'required',
+				['isEntitledToApproveAntrag', [$this->antraglib, 'isEntitledToApproveAntrag']],
+			],
+			[
+				'isEntitledToApproveAntrag' => $this->p->t('studierendenantrag', 'error_no_right')
+			]
+		);
+		$this->form_validation->set_rules(
+			'typ',
+			'Typ',
+			'required|in_list[' . implode(',', [
+				Studierendenantrag_model::TYP_ABMELDUNG,
+				Studierendenantrag_model::TYP_ABMELDUNG_STGL,
+				Studierendenantrag_model::TYP_UNTERBRECHUNG,
+				Studierendenantrag_model::TYP_WIEDERHOLUNG
+			]) . ']'
+		);
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
+		switch ($this->input->post('typ')) {
+			case Studierendenantrag_model::TYP_ABMELDUNG:
+			case Studierendenantrag_model::TYP_ABMELDUNG_STGL:
+				$result = $this->antraglib->approveAbmeldung([$studierendenantrag_id], getAuthUID());
+				break;
+			case Studierendenantrag_model::TYP_UNTERBRECHUNG:
+				$result = $this->antraglib->approveUnterbrechung([$studierendenantrag_id], getAuthUID());
+				break;
+			case Studierendenantrag_model::TYP_WIEDERHOLUNG:
+				$result = $this->antraglib->approveWiederholung($studierendenantrag_id, getAuthUID());
+				break;
+		}
+		$this->getDataOrTerminateWithError($result);
+
+		return $this->terminateWithSuccess($studierendenantrag_id);
+	}
+
+	public function rejectAntrag()
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules(
+			'studierendenantrag_id',
+			'Studierenden Antrag',
+			[
+				'required',
+				['isEntitledToRejectAntrag', [$this->antraglib, 'isEntitledToRejectAntrag']],
+			],
+			[
+				'isEntitledToRejectAntrag' => $this->p->t('studierendenantrag', 'error_no_right')
+			]
+		);
+		$this->form_validation->set_rules('grund', 'Grund', 'required');
+		$this->form_validation->set_rules(
+			'typ',
+			'Typ',
+			'required|in_list[' . implode(',', [
+				Studierendenantrag_model::TYP_UNTERBRECHUNG
+			]) . ']'
+		);
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
+		$grund = $this->input->post('grund');
+
+		$result = $this->antraglib->rejectUnterbrechung([$studierendenantrag_id], getAuthUID(), $grund);
+		$this->getDataOrTerminateWithError($result);
+
+		return $this->terminateWithSuccess($studierendenantrag_id);
+	}
+
+	public function reopenAntrag()
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules(
+			'studierendenantrag_id',
+			'Studierenden Antrag',
+			[
+				'required',
+				['isEntitledToReopenAntrag', [$this->antraglib, 'isEntitledToReopenAntrag']],
+			],
+			[
+				'isEntitledToReopenAntrag' => $this->p->t('studierendenantrag', 'error_no_right')
+			]
+		);
+		$this->form_validation->set_rules(
+			'typ',
+			'Typ',
+			'required|in_list[' . implode(',', [
+				Studierendenantrag_model::TYP_WIEDERHOLUNG
+			]) . ']'
+		);
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
+
+		$result = $this->antraglib->reopenWiederholung($studierendenantrag_id, getAuthUID());
+		$this->getDataOrTerminateWithError($result);
+
+		return $this->terminateWithSuccess($studierendenantrag_id);
+	}
+
+	public function pauseAntrag()
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules(
+			'studierendenantrag_id',
+			'Studierenden Antrag',
+			[
+				'required',
+				['isEntitledToPauseAntrag', [$this->antraglib, 'isEntitledToPauseAntrag']],
+				['antragCanBeManualPaused', [$this->antraglib, 'antragCanBeManualPaused']]
+			],
+			[
+				'isEntitledToPauseAntrag' => $this->p->t('studierendenantrag', 'error_no_right'),
+				'antragCanBeManualPaused' => $this->p->t(
+					'studierendenantrag',
+					'error_not_pauseable',
+					['id' => $this->input->post('studierendenantrag_id')]
+				)
+			]
+		);
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
+
+		$result = $this->antraglib->pauseAntrag($studierendenantrag_id, getAuthUID());
+		$this->getDataOrTerminateWithError($result);
+
+		return $this->terminateWithSuccess($studierendenantrag_id);
+	}
+
+	public function unpauseAntrag()
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules(
+			'studierendenantrag_id',
+			'Studierenden Antrag',
+			[
+				'required',
+				['isEntitledToUnpauseAntrag', [$this->antraglib, 'isEntitledToUnpauseAntrag']],
+				['antragCanBeManualUnpaused', [$this->antraglib, 'antragCanBeManualUnpaused']]
+			],
+			[
+				'isEntitledToUnpauseAntrag' => $this->p->t('studierendenantrag', 'error_no_right'),
+				'antragCanBeManualUnpaused' => $this->p->t(
+					'studierendenantrag',
+					'error_not_paused',
+					['id' => $this->input->post('studierendenantrag_id')]
+				)
+			]
+		);
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
+
+		$result = $this->antraglib->unpauseAntrag($studierendenantrag_id, getAuthUID());
+		$this->getDataOrTerminateWithError($result);
+
+		return $this->terminateWithSuccess($studierendenantrag_id);
+	}
+
+	public function objectAntrag()
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules(
+			'studierendenantrag_id',
+			'Studierenden Antrag',
+			[
+				'required',
+				['isEntitledToObjectAntrag', [$this->antraglib, 'isEntitledToObjectAntrag']],
+				['canBeObjected', function ($a) {
+					return $this->antraglib->hasType($a, Studierendenantrag_model::TYP_ABMELDUNG_STGL);
+				}]
+			],
+			[
+				'isEntitledToObjectAntrag' => $this->p->t('studierendenantrag', 'error_no_right'),
+				'canBeObjected' => $this->p->t(
+					'studierendenantrag',
+					'error_no_objection'
+				)
+			]
+		);
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
+
+		$result = $this->antraglib->objectAbmeldung($studierendenantrag_id, getAuthUID());
+		$this->getDataOrTerminateWithError($result);
+
+		return $this->terminateWithSuccess($studierendenantrag_id);
+	}
+
+	public function approveObjection()
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules(
+			'studierendenantrag_id',
+			'Studierenden Antrag',
+			[
+				'required',
+				['isEntitledToObjectAntrag', [$this->antraglib, 'isEntitledToObjectAntrag']],
+				['isObjected', function ($a) {
+					return $this->antraglib->hasStatus($a, Studierendenantragstatus_model::STATUS_OBJECTED);
+				}]
+			],
+			[
+				'isEntitledToObjectAntrag' => $this->p->t('studierendenantrag', 'error_no_right'),
+				'isObjected' => $this->p->t(
+					'studierendenantrag',
+					'error_not_objected'
+				)
+			]
+		);
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
+		
+		$result = $this->antraglib->cancelAntrag($studierendenantrag_id, getAuthUID());
+		$this->getDataOrTerminateWithError($result);
+
+		return $this->terminateWithSuccess($studierendenantrag_id);
+	}
+
+	public function denyObjection()
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules(
+			'studierendenantrag_id',
+			'Studierenden Antrag',
+			[
+				'required',
+				['isEntitledToObjectAntrag', [$this->antraglib, 'isEntitledToObjectAntrag']],
+				['isObjected', function ($a) {
+					return $this->antraglib->hasStatus($a, Studierendenantragstatus_model::STATUS_OBJECTED);
+				}]
+			],
+			[
+				'isEntitledToObjectAntrag' => $this->p->t('studierendenantrag', 'error_no_right'),
+				'isObjected' => $this->p->t(
+					'studierendenantrag',
+					'error_not_objected'
+				)
+			]
+		);
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
+		$grund = $this->input->post('grund');
+
+		$result = $this->antraglib->denyObjectionAbmeldung($studierendenantrag_id, getAuthUID(), $grund);
+		$this->getDataOrTerminateWithError($result);
+
+		return $this->terminateWithSuccess($studierendenantrag_id);
+	}
+}

application/controllers/api/frontend/v1/studstatus/Unterbrechung.php

@@ -1,4 +1,20 @@
 <?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
 
 if (! defined('BASEPATH')) exit('No direct script access allowed');
 
@@ -6,23 +22,28 @@ use \Studierendenantrag_model as Studierendenantrag_model;
 use \DateTime as DateTime;
 
 /**
- *
+ * This controller operates between (interface) the JS (GUI) and the AntragLib (back-end)
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
  */
-class Unterbrechung extends FHC_Controller
+class Unterbrechung extends FHCAPI_Controller
 {
 
 	/**
-	 * Calls the parent's constructor and loads the FilterCmptLib
+	 * Calls the parent's constructor and loads the AntragLib
 	 */
 	public function __construct()
 	{
-		parent::__construct();
+		parent::__construct([
+			'getDetailsForNewAntrag' => self::PERM_LOGGED,
+			'getDetailsForAntrag' => self::PERM_LOGGED,
+			'createAntrag' => self::PERM_LOGGED,
+			'cancelAntrag' => self::PERM_LOGGED
+		]);
 
 		// Configs
 		$this->load->config('studierendenantrag');
 
 		// Libraries
-		$this->load->library('AuthLib');
 		$this->load->library('AntragLib');
 
 		// Load language phrases
@@ -38,74 +59,62 @@ class Unterbrechung extends FHC_Controller
 
 	public function getDetailsForNewAntrag($prestudent_id)
 	{
-		if (!$this->antraglib->isEntitledToCreateAntragFor($prestudent_id, false)) {
-			$this->output->set_status_header(403);
-			return $this->outputJsonError('Forbidden');
-		}
+		if (!$this->antraglib->isEntitledToCreateAntragFor($prestudent_id, false))
+			$this->terminateWithError('Forbidden', self::ERROR_TYPE_AUTH, REST_Controller::HTTP_FORBIDDEN);
+
 		$result = $this->antraglib->getPrestudentUnterbrechungsBerechtigt($prestudent_id);
-		if (isError($result)) {
-			$this->output->set_status_header(500);
-			return $this->outputJsonError(getError($result));
-		}
-		$result = $result->retval;
+		$result = $this->getDataOrTerminateWithError($result);
+
 		if (!$result) {
-			$this->output->set_status_header(403);
-			return $this->outputJsonError($this->p->t('studierendenantrag', 'error_no_student'));
-		}
-		elseif ($result == -1)
-		{
+			$this->terminateWithError(
+				$this->p->t('studierendenantrag', 'error_no_student'),
+				self::ERROR_TYPE_AUTH,
+				REST_Controller::HTTP_FORBIDDEN
+			);
+		} elseif ($result == -1) {
 			$result = $this->antraglib->getDetailsForLastAntrag($prestudent_id, Studierendenantrag_model::TYP_UNTERBRECHUNG);
-			if (isError($result)) {
-				return $this->outputJsonError(getError($result));
-			}
+			
+			$data = $this->getDataOrTerminateWithError($result);
 
-			return $this->outputJsonSuccess(getData($result));
-		}
-		elseif ($result == -2)
-		{
+			return $this->terminateWithSuccess($data);
+		} elseif ($result == -2) {
 			$result = $this->antraglib->getDetailsForLastAntrag($prestudent_id);
-			if (isError($result)) {
-				return $this->outputJsonError(getError($result));
-			}
 
-			$result = getData($result);
-			$this->output->set_status_header(400);
-			return $this->outputJsonError($this->p->t('studierendenantrag', 'error_antrag_pending', [
+			$data = $this->getDataOrTerminateWithError($result);
+
+			return $this->terminateWithError($this->p->t('studierendenantrag', 'error_antrag_pending', [
                 'typ' => $this->p->t('studierendenantrag', 'antrag_typ_' . $result->typ)
             ]));
-		}
-		elseif ($result == -3)
-		{
-			$this->output->set_status_header(403);
-			return $this->outputJsonError($this->p->t('studierendenantrag', 'error_stg_blacklist'));
-		}
-		$result = $this->antraglib->getDetailsForNewAntrag($prestudent_id);
-		if (isError($result)) {
-			return $this->outputJsonError(getError($result));
+		} elseif ($result == -3) {
+			$this->terminateWithError(
+				$this->p->t('studierendenantrag', 'error_stg_blacklist'),
+				self::ERROR_TYPE_AUTH,
+				REST_Controller::HTTP_FORBIDDEN
+			);
 		}
 
-		$data = getData($result);
+		$result = $this->antraglib->getDetailsForNewAntrag($prestudent_id);
+
+		$data = $this->getDataOrTerminateWithError($result);
 
 		$data->studiensemester = $this->antraglib->getSemesterForUnterbrechung($prestudent_id, null);
 
-		$this->outputJsonSuccess($data);
+		$this->terminateWithSuccess($data);
 	}
 
 	public function getDetailsForAntrag($studierendenantrag_id)
 	{
-		if (!$this->antraglib->isEntitledToShowAntrag($studierendenantrag_id))	return show_404();
+		if (!$this->antraglib->isEntitledToShowAntrag($studierendenantrag_id))
+			return show_404();
 
 		$result = $this->antraglib->getDetailsForAntrag($studierendenantrag_id);
-		if (isError($result)) {
-			return $this->outputJsonError(getError($result));
-		}
 
-		$data = getData($result);
+		$data = $this->getDataOrTerminateWithError($result);
 
 		if ($data->typ !== Studierendenantrag_model::TYP_UNTERBRECHUNG)
 			return show_404();
 
-		$this->outputJsonSuccess($data);
+		$this->terminateWithSuccess($data);
 	}
 
 	public function createAntrag()
@@ -125,9 +134,8 @@ class Unterbrechung extends FHC_Controller
 			]
 		);
 
-		if ($this->form_validation->run() == false)
-		{
-			return $this->outputJsonError($this->form_validation->error_array());
+		if (!$this->form_validation->run()) {
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
 		}
 
 		$grund = $this->input->post('grund');
@@ -137,25 +145,17 @@ class Unterbrechung extends FHC_Controller
 		$dms_id = null;
 
 		$result = $this->antraglib->getPrestudentUnterbrechungsBerechtigt($prestudent_id, $studiensemester, $datum_wiedereinstieg);
-		if (isError($result)) {
-			return $this->outputJsonError(['db' => getError($result)]);
-		}
-		$result = $result->retval;
-		if (!$result)
-		{
-			return $this->outputJsonError(['db' => $this->p->t('studierendenantrag', 'error_no_student')]);
-		}
-		elseif ($result == -3)
-		{
-			return $this->outputJsonError(['db' => $this->p->t('studierendenantrag', 'error_stg_blacklist')]);
-		}
-		elseif ($result < 0)
-		{
-			return $this->outputJsonError(['db' => $this->p->t('studierendenantrag', 'error_antrag_exists')]);
-		}
 
-		if(isset($_FILES['attachment']) && (!isset($_FILES['attachment']['error']) || $_FILES['attachment']['error'] != UPLOAD_ERR_NO_FILE))
-		{
+		$result = $this->getDataOrTerminateWithError($result);
+		
+		if (!$result)
+			$this->terminateWithError($this->p->t('studierendenantrag', 'error_no_student'), self::ERROR_TYPE_GENERAL);
+		elseif ($result == -3)
+			$this->terminateWithError($this->p->t('studierendenantrag', 'error_stg_blacklist'), self::ERROR_TYPE_GENERAL);
+		elseif ($result < 0)
+			$this->terminateWithError($this->p->t('studierendenantrag', 'error_antrag_exists'), self::ERROR_TYPE_GENERAL);
+		
+		if (isset($_FILES['attachment']) && (!isset($_FILES['attachment']['error']) || $_FILES['attachment']['error'] != UPLOAD_ERR_NO_FILE)) {
 			$this->load->library('DmsLib');
 
 			$dms = $this->config->item('unterbrechung_dms');
@@ -167,53 +167,46 @@ class Unterbrechung extends FHC_Controller
 
 			$allowed_filetypes = $this->config->item('unterbrechung_dms_filetypes') ?: ['*'];
 			$result = $this->dmslib->upload($dms, 'attachment', $allowed_filetypes);
-			if(isError($result))
-			{
-				return $this->outputJsonError(['db' => getError($result)]);
-			}
-			$dms_id = getData($result)['dms_id'];
+
+			$data = $this->getDataOrTerminateWithError($result);
+			
+			$dms_id = $data['dms_id'];
 		}
 
 		$result = $this->antraglib->createUnterbrechung($prestudent_id, $studiensemester, getAuthUID(), $grund, $datum_wiedereinstieg, $dms_id);
-		if(isError($result))
-		{
-			return $this->outputJsonError(['db' => getError($result)]);
-		}
 
-		$antragId = getData($result);
+		$antragId = $this->getDataOrTerminateWithError($result);
+		
 		$result = $this->antraglib->getDetailsForAntrag($antragId);
 
-		if(!hasData($result))
-			return $this->outputJsonSuccess($antragId);
-		$this->outputJsonSuccess(getData($result));
+		if (!hasData($result))
+			$this->terminateWithSuccess($antragId);
+
+		$this->terminateWithSuccess(getData($result));
 	}
 
 	public function cancelAntrag()
 	{
 		$this->load->library('form_validation');
 
-		$_POST = json_decode($this->input->raw_input_stream, true);
-
 		$this->form_validation->set_rules('antrag_id', 'Antrag ID', 'required');
 
-		if ($this->form_validation->run() == false)
-		{
-			return $this->outputJsonError($this->form_validation->error_array());
+		if (!$this->form_validation->run()) {
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
 		}
 
 		$antrag_id = $this->input->post('antrag_id');
 
 		$result = $this->antraglib->cancelAntrag($antrag_id, getAuthUID());
-		if (isError($result))
-		{
-			return $this->outputJsonError(['db' => getError($result)]);
-		}
+
+		$this->getDataOrTerminateWithError($result);
 
 		$result = $this->antraglib->getDetailsForAntrag($antrag_id);
 
 		if (!hasData($result))
-			return $this->outputJsonSuccess($antrag_id);
-		$this->outputJsonSuccess(getData($result));
+			return $this->terminateWithSuccess($antrag_id);
+	
+		$this->terminateWithSuccess(getData($result));
 	}
 
 	public function isValidDate($date)

application/controllers/api/frontend/v1/studstatus/Wiederholung.php

@@ -0,0 +1,258 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+use \REST_Controller as REST_Controller;
+use \Studierendenantragstatus_model as Studierendenantragstatus_model;
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the AntragLib (back-end)
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ */
+class Wiederholung extends FHCAPI_Controller
+{
+
+	/**
+	 * Calls the parent's constructor and loads the FilterCmptLib
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'getDetailsForNewAntrag' => self::PERM_LOGGED,
+			'createAntrag' => self::PERM_LOGGED,
+			'cancelAntrag' => self::PERM_LOGGED,
+			'getLvs' => self::PERM_LOGGED,
+			'saveLvs' => ['student/studierendenantrag:w']
+		]);
+
+		// Libraries
+		$this->load->library('AntragLib');
+
+		// Load language phrases
+		$this->loadPhrases([
+			'global',
+			'studierendenantrag'
+		]);
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * Retrieves data of the current studiengang for the current user
+	 */
+
+	public function getDetailsForNewAntrag($prestudent_id)
+	{
+		if (!$this->antraglib->isEntitledToCreateAntragFor($prestudent_id, false))
+			$this->terminateWithError('Forbidden', self::ERROR_TYPE_AUTH, REST_Controller::HTTP_FORBIDDEN);
+
+		$result = $this->antraglib->getPrestudentWiederholungsBerechtigt($prestudent_id);
+		$result = $this->getDataOrTerminateWithError($result);
+
+		if (!$result) {
+			$this->terminateWithError(
+				$this->p->t('studierendenantrag', 'error_no_student_no_failed_exam'),
+				self::ERROR_TYPE_AUTH,
+				REST_Controller::HTTP_FORBIDDEN
+			);
+		} elseif ($result == -1) {
+			$result = $this->antraglib->getDetailsForLastAntrag($prestudent_id, Studierendenantrag_model::TYP_WIEDERHOLUNG);
+			$data = $this->getDataOrTerminateWithError($result);
+
+			$result = $this->antraglib->getFailedExamForPrestudent($prestudent_id, $data->datum, $data->studiensemester_kurzbz);
+			// NOTE(chris): error handling for this function should already happenden in antraglib->getPrestudentWiederholungsBerechtigt()
+			$pruefungsdata = current(getData($result));
+
+			$data->studiensemester_kurzbz = $pruefungsdata->studiensemester_kurzbz;
+			$data->lvbezeichnung = $pruefungsdata->lvbezeichnung;
+			$data->pruefungsdatum = $pruefungsdata->datum;
+
+			$this->terminateWithSuccess($data);
+		} elseif ($result == -2) {
+			$result = $this->antraglib->getDetailsForLastAntrag($prestudent_id);
+			$result = $this->getDataOrTerminateWithError($result);
+
+			$this->terminateWithError(
+				$this->p->t('studierendenantrag', 'error_antrag_pending', [
+					'typ' => $this->p->t('studierendenantrag', 'antrag_typ_' . $result->typ)
+				]),
+				self::ERROR_TYPE_GENERAL,
+				REST_Controller::HTTP_BAD_REQUEST
+			);
+		} elseif ($result == -3) {
+			$this->terminateWithError(
+				$this->p->t('studierendenantrag', 'error_stg_blacklist'),
+				self::ERROR_TYPE_GENERAL,
+				REST_Controller::HTTP_BAD_REQUEST
+			);
+		}
+
+		$result = $this->antraglib->getDetailsForNewAntrag($prestudent_id);
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$result = $this->antraglib->getFailedExamForPrestudent($prestudent_id);
+		// NOTE(chris): error handling for this function should already happenden in antraglib->getPrestudentWiederholungsBerechtigt()
+		$pruefungsdata = current(getData($result));
+
+		$data->studiensemester_kurzbz = $pruefungsdata->studiensemester_kurzbz;
+		$data->lvbezeichnung = $pruefungsdata->lvbezeichnung;
+		$data->pruefungsdatum = $pruefungsdata->datum;
+
+		$this->terminateWithSuccess($data);
+	}
+
+	public function createAntrag()
+	{
+		$this->createAntragWithStatus(true);
+	}
+
+	public function cancelAntrag()
+	{
+		$this->createAntragWithStatus(false);
+	}
+
+	protected function createAntragWithStatus($repeat)
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules('prestudent_id', 'Prestudent ID', 'required');
+		$this->form_validation->set_rules('studiensemester', 'Studiensemester', 'required');
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$prestudent_id = $this->input->post('prestudent_id');
+		$studiensemester = $this->input->post('studiensemester');
+
+		$result = $this->antraglib->getPrestudentWiederholungsBerechtigt($prestudent_id);
+		$result = $this->getDataOrTerminateWithError($result);
+
+		if (!$result) {
+			$this->terminateWithError($this->p->t('studierendenantrag', 'error_no_student'), self::ERROR_TYPE_GENERAL);
+		} elseif ($result == -1) {
+			$result = $this->PrestudentstatusModel->getLastStatus($prestudent_id);
+			$result = $this->getDataOrTerminateWithError($result);
+			if (!$result)
+				$this->terminateWithError($this->p->t('studierendenantrag', 'error_no_prestudentstatus', [
+					'prestudent_id' => $prestudent_id
+				]), self::ERROR_TYPE_GENERAL);
+			if (!in_array(current($result)->status_kurzbz, $this->config->item('antrag_prestudentstatus_whitelist')))
+				$this->terminateWithError($this->p->t('studierendenantrag', 'error_no_student'), self::ERROR_TYPE_GENERAL);
+		} elseif ($result == -2) {
+			$this->terminateWithError($this->p->t('studierendenantrag', 'error_antrag_exists'), self::ERROR_TYPE_GENERAL);
+		} elseif ($result == -3) {
+			$this->terminateWithError($this->p->t('studierendenantrag', 'error_stg_blacklist'), self::ERROR_TYPE_GENERAL);
+		}
+
+		$result = $this->antraglib->createWiederholung($prestudent_id, $studiensemester, getAuthUID(), $repeat);
+		$antragId = $this->getDataOrTerminateWithError($result);
+
+		$result = $this->antraglib->getDetailsForAntrag($antragId);
+
+		if (!hasData($result))
+			$this->terminateWithSuccess(true);
+
+		$data = getData($result);
+
+		$result = $this->antraglib->getFailedExamForPrestudent($prestudent_id);
+		// NOTE(chris): error handling for this function should already happenden in antraglib->getPrestudentWiederholungsBerechtigt()
+		$pruefungsdata = current(getData($result));
+
+		$data->studiensemester_kurzbz = $pruefungsdata->studiensemester_kurzbz;
+		$data->lvbezeichnung = $pruefungsdata->lvbezeichnung;
+		$data->pruefungsdatum = $pruefungsdata->datum;
+
+		$this->terminateWithSuccess($data);
+	}
+
+
+	public function getLvs($antrag_id)
+	{
+		$result = $this->antraglib->getLvsForAntrag($antrag_id);
+		if (isError($result)) {
+			$error = getError($result);
+			if ($error == 'Forbidden')
+				$this->terminateWithError(
+					$error,
+					self::ERROR_TYPE_AUTH,
+					REST_Controller::HTTP_FORBIDDEN
+				);
+			$this->terminateWithError(
+				$error,
+				self::ERROR_TYPE_GENERAL
+			);
+		}
+		$lvs = getData($result);
+
+		$this->terminateWithSuccess($lvs);
+	}
+
+	public function saveLvs()
+	{
+		$forbiddenLvs = $this->input->post('forbiddenLvs');
+		$mandatoryLvs = $this->input->post('mandatoryLvs');
+		$antragsLvs = array_merge($forbiddenLvs, $mandatoryLvs);
+
+		if (!$antragsLvs)
+			$this->terminateWithError($this->p->t('studierendenantrag', 'error_no_lv'), self::ERROR_TYPE_GENERAL);
+
+		$insert = array_map(function ($lv) {
+			return [
+				'studierendenantrag_id' => $lv['studierendenantrag_id'],
+				'lehrveranstaltung_id' => $lv['lehrveranstaltung_id'],
+				'note' => $lv['zugelassen']
+                    ? ($lv['zugelassen'] == 1 ? 0 : $this->config->item('wiederholung_note_angerechnet'))
+                    : $this->config->item('wiederholung_note_nicht_zugelassen'),
+				'anmerkung' => $lv['anmerkung'],
+				'insertvon' => getAuthUID(),
+				'studiensemester_kurzbz' => $lv['studiensemester_kurzbz']
+			];
+		}, $antragsLvs);
+
+		$antrag_ids = array_unique(array_map(function ($lv) {
+			return $lv['studierendenantrag_id'];
+		}, $insert));
+
+		foreach ($antrag_ids as $antrag_id) {
+			$result = $this->StudierendenantragModel->loadIdAndStatusWhere([
+				'studierendenantrag_id' => $antrag_id
+			]);
+			$antrag = $this->getDataOrTerminateWithError($result);
+			if (!$antrag)
+				$this->terminateWithError(
+					$this->p->t('studierendenantrag', 'error_no_antrag_found', ['id' => $antrag_id]),
+					self::ERROR_TYPE_GENERAL
+				);
+			$antrag = current($antrag);
+
+			if ($antrag->status != Studierendenantragstatus_model::STATUS_CREATED
+				&& $antrag->status != Studierendenantragstatus_model::STATUS_LVSASSIGNED)
+				$this->terminateWithError(
+					$this->p->t('studierendenantrag', 'error_antrag_locked'),
+					self::ERROR_TYPE_GENERAL
+				);
+		}
+
+		$result = $this->antraglib->saveLvs($insert);
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($data);
+	}
+}

application/controllers/api/frontend/v1/stv/Address.php

@@ -0,0 +1,66 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the back-end
+ * Provides data to the ajax get calls about addresses
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ */
+class Address extends FHCAPI_Controller
+{
+	public function __construct()
+	{
+		parent::__construct([
+			'getNations' => self::PERM_LOGGED,
+			'getPlaces' => self::PERM_LOGGED
+		]);
+	}
+
+	public function getNations()
+	{
+		$this->load->model('codex/Nation_model', 'NationModel');
+
+		$this->NationModel->addOrder('kurztext');
+
+		$result = $this->NationModel->load();
+		$data = $this->getDataOrTerminateWithError($result);
+		
+		$this->terminateWithSuccess($data);
+	}
+
+	public function getPlaces($plz)
+	{
+		$this->load->model('codex/Gemeinde_model', 'GemeindeModel');
+
+		$this->load->library('form_validation');
+		
+		$this->form_validation->set_data(['address.plz' => $plz]);
+
+		$this->form_validation->set_rules('address.plz', 'PLZ', 'numeric|less_than[10000]');
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$result = $this->GemeindeModel->getGemeindeByPlz($plz);
+		$data = $this->getDataOrTerminateWithError($result);
+		
+		$this->terminateWithSuccess($data);
+	}
+}

application/controllers/api/frontend/v1/stv/Config.php

@@ -0,0 +1,233 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (!defined('BASEPATH')) exit('No direct script access allowed');
+
+use CI3_Events as Events;
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the back-end
+ * Provides data to the ajax get calls about the StV Config
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ */
+class Config extends FHCAPI_Controller
+{
+
+
+	public function __construct()
+	{
+		// TODO(chris): permissions
+		parent::__construct([
+			'student' => ['admin:r', 'assistenz:r'],
+			'students' => ['admin:r', 'assistenz:r']
+		]);
+
+
+		// Load Phrases
+		$this->loadPhrases([
+			'global',
+			'person',
+			'lehre',
+			'stv',
+			'konto'
+		]);
+	}
+
+	public function student()
+	{
+		$result = [];
+		$result['details'] = [
+			'title' => $this->p->t('stv', 'tab_details'),
+			'component' => './Stv/Studentenverwaltung/Details/Details.js'
+		];
+		$result['notes'] = [
+			'title' => $this->p->t('stv', 'tab_notes'),
+			'component' => './Stv/Studentenverwaltung/Details/Notizen.js'
+		];
+		$result['contact'] = [
+			'title' => $this->p->t('stv', 'tab_contact'),
+			'component' => './Stv/Studentenverwaltung/Details/Kontakt.js',
+			'config' => [
+				'showBankaccount' => $this->permissionlib->isBerechtigt('mitarbeiter/bankdaten')
+					|| $this->permissionlib->isBerechtigt('student/bankdaten')
+			]
+		];
+		$result['prestudent'] = [
+			'title' => $this->p->t('stv', 'tab_prestudent'),
+			'component' => './Stv/Studentenverwaltung/Details/Prestudent.js'
+		];
+		$result['status'] = [
+			'title' => 'Status',
+			'component' => './Stv/Studentenverwaltung/Details/MultiStatus.js'
+		];
+		$result['banking'] = [
+			'title' => $this->p->t('stv', 'tab_banking'),
+			'component' => './Stv/Studentenverwaltung/Details/Konto.js',
+			'config' => [
+				'showZahlungsbestaetigung' => (defined('ZAHLUNGSBESTAETIGUNG_ANZEIGEN') && ZAHLUNGSBESTAETIGUNG_ANZEIGEN),
+				'showBuchungsnr' => $this->permissionlib->isBerechtigt('admin'),
+				'showMahnspanne' => (!defined('FAS_KONTO_SHOW_MAHNSPANNE') || FAS_KONTO_SHOW_MAHNSPANNE===true),
+				'showCreditpoints' => (defined('FAS_KONTO_SHOW_CREDIT_POINTS') && FAS_KONTO_SHOW_CREDIT_POINTS == 'true'),
+				'columns' => $this->kontoColumns(),
+				'additionalCols' => []
+			]
+		];
+		$result['resources'] = [
+			'title' => $this->p->t('stv', 'tab_resources'),
+			'component' => './Stv/Studentenverwaltung/Details/Betriebsmittel.js'
+		];
+		/* TODO(chris): Ausgeblendet für Testing
+		$result['grades'] = [
+			'title' => $this->p->t('stv', 'tab_grades'),
+			'component' => './Stv/Studentenverwaltung/Details/Noten.js'
+		];
+		*/
+
+		Events::trigger('stv_conf_student', function & () use (&$result) {
+			return $result;
+		});
+
+		$this->terminateWithSuccess($result);
+	}
+
+	public function students()
+	{
+		$result = [];
+		$result['banking'] = [
+			'title' => $this->p->t('stv', 'tab_banking'),
+			'component' => './Stv/Studentenverwaltung/Details/Konto.js',
+			'config' => [
+				'showZahlungsbestaetigung' => (defined('ZAHLUNGSBESTAETIGUNG_ANZEIGEN') && ZAHLUNGSBESTAETIGUNG_ANZEIGEN),
+				'showBuchungsnr' => $this->permissionlib->isBerechtigt('admin'),
+				'showMahnspanne' => (!defined('FAS_KONTO_SHOW_MAHNSPANNE') || FAS_KONTO_SHOW_MAHNSPANNE===true),
+				'showCreditpoints' => (defined('FAS_KONTO_SHOW_CREDIT_POINTS') && FAS_KONTO_SHOW_CREDIT_POINTS == 'true'),
+				'columns' => $this->kontoColumnsMultiPerson(),
+				'additionalCols' => []
+			]
+		];
+		$result['status'] = [
+			'title' => 'Status',
+			'component' => './Stv/Studentenverwaltung/Details/MultiStatus.js',
+			'config' => [
+				'changeStatusToAbbrecherStgl' => $this->permissionlib->isBerechtigt('admin'),
+				'changeStatusToAbbrecherStud' => $this->permissionlib->isBerechtigt('admin'),
+				'changeStatusToUnterbrecher' => $this->permissionlib->isBerechtigt('admin'),
+				'changeStatusToDiplomand' => $this->permissionlib->isBerechtigt('admin'),
+				'changeStatusToAbsolvent' => $this->permissionlib->isBerechtigt('admin')
+			]
+		];
+
+		Events::trigger('stv_conf_students', function & () use (&$result) {
+			return $result;
+		});
+
+		$this->terminateWithSuccess($result);
+	}
+
+	protected function kontoColumns()
+	{
+		return [
+			'buchungsdatum' => [
+				'field' => "buchungsdatum",
+				'title' => $this->p->t('konto', 'buchungsdatum')
+			],
+			'buchungstext' => [
+				'field' => "buchungstext",
+				'title' => $this->p->t('konto', 'buchungstext')
+			],
+			'betrag' => [
+				'field' => "betrag",
+				'title' => $this->p->t('konto', 'betrag')
+			],
+			'studiensemester_kurzbz' => [
+				'field' => "studiensemester_kurzbz",
+				'title' => $this->p->t('lehre', 'studiensemester')
+			],
+			'buchungstyp_kurzbz' => [
+				'field' => "buchungstyp_kurzbz",
+				'title' => $this->p->t('konto', 'buchungstyp'),
+				'visible' => false
+			],
+			'buchungsnr' => [
+				'field' => "buchungsnr",
+				'title' => $this->p->t('konto', 'buchungsnr'),
+				'visible' => false
+			],
+			'insertvon' => [
+				'field' => "insertvon",
+				'title' => $this->p->t('global', 'insertvon'),
+				'visible' => false
+			],
+			'insertamum' => [
+				'field' => "insertamum",
+				'title' => $this->p->t('global', 'insertamum'),
+				'visible' => false
+			],
+			'kuerzel' => [
+				'field' => "kuerzel",
+				'title' => $this->p->t('lehre', 'studiengang'),
+				'visible' => false
+			],
+			'anmerkung' => [
+				'field' => "anmerkung",
+				'title' => $this->p->t('global', 'anmerkung')
+			],
+			'actions' => [
+				'title' => $this->p->t('global', 'actions'),
+				'frozen' => true
+			]
+		];
+	}
+	protected function kontoColumnsMultiPerson()
+	{
+		return [
+			'person_id' => [
+				'field' => "person_id",
+				'title' => $this->p->t('person', 'person_id')
+			],
+			'anrede' => [
+				'field' => "anrede",
+				'title' => $this->p->t('person', 'anrede'),
+				'visible' => false
+			],
+			'titelpost' => [
+				'field' => "titelpost",
+				'title' => $this->p->t('person', 'titelpost'),
+				'visible' => false
+			],
+			'titelpre' => [
+				'field' => "titelpre",
+				'title' => $this->p->t('person', 'titelpre'),
+				'visible' => false
+			],
+			'vorname' => [
+				'field' => "vorname",
+				'title' => $this->p->t('person', 'vorname')
+			],
+			'vornamen' => [
+				'field' => "vornamen",
+				'title' => $this->p->t('person', 'vornamen'),
+				'visible' => false
+			],
+			'nachname' => [
+				'field' => "nachname",
+				'title' => $this->p->t('person', 'nachname')
+			]
+		] + $this->kontoColumns();
+	}
+}

application/controllers/api/frontend/v1/stv/Favorites.php

@@ -0,0 +1,71 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the back-end
+ * Provides data to the ajax get calls about favorite verbände
+ * Listens to ajax post calls to change the favorite verbände data
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ */
+class Favorites extends FHCAPI_Controller
+{
+	public function __construct()
+	{
+		parent::__construct([
+			'index' => self::PERM_LOGGED,
+			'set' => self::PERM_LOGGED
+		]);
+
+		// Load models
+		$this->load->model('system/Variable_model', 'VariableModel');
+
+		// TODO(chris): variable table might be to small to store favorites!
+	}
+
+	public function index()
+	{
+		$result = $this->VariableModel->getVariables(getAuthUID(), ['stv_favorites']);
+
+		$data = $this->getDataOrTerminateWithError($result);
+
+		if (!$data)
+			$this->terminateWithSuccess(null);
+		else
+			$this->terminateWithSuccess($data['stv_favorites']);
+	}
+
+	public function set()
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules('favorites', 'Favorites', 'required');
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$favorites = $this->input->post('favorites');
+
+		$result = $this->VariableModel->setVariable(getAuthUID(), 'stv_favorites', $favorites);
+
+		$this->getDataOrTerminateWithError($result);
+		
+		$this->terminateWithSuccess(true);
+	}
+}

application/controllers/api/frontend/v1/stv/Filter.php

@@ -0,0 +1,84 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (!defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the back-end
+ * Provides data to the ajax get calls about the Studiengang filter
+ * Listens to ajax post calls to change the Studiengang filter data
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ */
+class Filter extends FHCAPI_Controller
+{
+	/**
+	 * Calls the parent's constructor and prepares libraries and phrases
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'getStg' => self::PERM_LOGGED,
+			'setStg' => self::PERM_LOGGED
+		]);
+
+		// Load models
+		$this->load->model('system/Variable_model', 'VariableModel');
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * Get current setting
+	 *
+	 * @return void
+	 */
+	public function getStg()
+	{
+		$result = $this->VariableModel->getVariables(getAuthUID(), ['kontofilterstg']);
+
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($data['kontofilterstg'] == 'true');
+	}
+
+	/**
+	 * Set current setting
+	 *
+	 * @return void
+	 */
+	public function setStg()
+	{
+		$this->load->library('form_validation');
+
+		$studiengang_kz = $this->input->post('studiengang_kz');
+
+		if ($studiengang_kz === null) {
+			$this->form_validation->set_rules('studiengang_kz', 'Studiengang', 'required');
+
+			if (!$this->form_validation->run())
+				$this->terminateWithValidationErrors($this->form_validation->error_array());
+		}
+
+		$result = $this->VariableModel->setVariable(getAuthUID(), 'kontofilterstg', $studiengang_kz ? 'true' : 'false');
+
+		$this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess(true);
+	}
+}

application/controllers/api/frontend/v1/stv/Kontakt.php

@@ -0,0 +1,754 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+use \DateTime as DateTime;
+
+class Kontakt extends FHCAPI_Controller
+{
+	public function __construct()
+	{
+		parent::__construct([
+			'getAdressen' => ['admin:r', 'assistenz:r'],
+			'addNewAddress' => ['admin:rw', 'assistenz:rw'],
+			'addNewContact' => ['admin:rw', 'assistenz:rw'],
+			'addNewBankverbindung' => ['mitarbeiter/bankdaten:rw', 'student/bankdaten:rw'],
+			'updateAddress' => ['admin:rw', 'assistenz:rw'],
+			'updateContact' => ['admin:rw', 'assistenz:rw'],
+			'updateBankverbindung' => ['mitarbeiter/bankdaten:rw', 'student/bankdaten:rw'],
+			'loadAddress' => ['admin:r', 'assistenz:r'],
+			'loadContact' => ['admin:r', 'assistenz:r'],
+			'loadBankverbindung' => ['mitarbeiter/bankdaten:r', 'student/bankdaten:r'],
+			'deleteAddress' => ['admin:rw', 'assistenz:rw'],
+			'deleteContact' => ['admin:rw','assistenz:rw'],
+			'deleteBankverbindung' => ['mitarbeiter/bankdaten:rw','astudent/bankdaten:rw'],
+			'getAdressentypen' => ['admin:r', 'assistenz:r'],
+			'getKontakttypen' => ['admin:r', 'assistenz:r'],
+			'getFirmen' => ['admin:r', 'assistenz:r'],
+			'getStandorte' => ['admin:r', 'assistenz:r'],
+			'getStandorteByFirma' => ['admin:r', 'assistenz:r'],
+			'getKontakte' => ['admin:r', 'assistenz:r'],
+			'getBankverbindung' => ['mitarbeiter/bankdaten:r', 'student/bankdaten:r']
+		]);
+
+		// Load Libraries
+		$this->load->library('VariableLib', ['uid' => getAuthUID()]);
+		$this->load->library('form_validation');
+
+		// Load language phrases
+		$this->loadPhrases([
+			'ui',
+			'person'
+		]);
+
+		// Load models
+		$this->load->model('person/Adresse_model', 'AdresseModel');
+		$this->load->model('organisation/standort_model', 'StandortModel');
+		$this->load->model('ressource/firma_model', 'FirmaModel');
+		$this->load->model('person/Kontakt_model', 'KontaktModel');
+
+		// Extra Permissionchecks
+		$permsMa = [];
+		$permsStud = [];
+		switch ($this->router->method) {
+			case 'getBankverbindung':
+			case 'loadBankverbindung':
+				$permsMa = ['mitarbeiter/bankdaten:r'];
+				$permsStud = ['student/bankdaten:r'];
+				break;
+			case 'addNewBankverbindung':
+			case 'updateBankverbindung':
+			case 'deleteBankverbindung':
+				$permsMa = ['mitarbeiter/bankdaten:rw'];
+				$permsStud = ['student/bankdaten:rw'];
+				break;
+			case 'getAdressen':
+			case 'getKontakte':
+			case 'loadAddress':
+			case 'loadContact':
+				$permsMa = $permsStud = ['admin:r', 'assistenz:r'];
+				break;
+			case 'addNewAddress':
+			case 'addNewContact':
+			case 'updateAddress':
+			case 'updateContact':
+			case 'deleteAddress':
+			case 'deleteContact':
+				$permsMa = $permsStud = ['admin:rw', 'assistenz:rw'];
+				break;
+		}
+		if ($this->router->method == 'getAdressen'
+			|| $this->router->method == 'getKontakte'
+			|| $this->router->method == 'getBankverbindung'
+			|| $this->router->method == 'addNewAddress'
+			|| $this->router->method == 'addNewContact'
+			|| $this->router->method == 'addNewBankverbindung'
+		) {
+			$person_id = current(array_slice($this->uri->rsegments, 2));
+			
+			$this->checkPermissionsForPerson($person_id, $permsMa, $permsStud);
+		} elseif ($this->router->method == 'loadAddress'
+			|| $this->router->method == 'loadContact'
+			|| $this->router->method == 'loadBankverbindung'
+			|| $this->router->method == 'updateAddress'
+			|| $this->router->method == 'updateContact'
+			|| $this->router->method == 'updateBankverbindung'
+			|| $this->router->method == 'deleteAddress'
+			|| $this->router->method == 'deleteContact'
+			|| $this->router->method == 'deleteBankverbindung'
+		) {
+			$id = current(array_slice($this->uri->rsegments, 2));
+
+			$model = 'person/Adresse_model';
+			if ($this->router->method == 'loadContact'
+				|| $this->router->method == 'updateContact'
+				|| $this->router->method == 'deleteContact'
+			) {
+				$model = 'person/Kontakt_model';
+			} elseif ($this->router->method == 'loadBankverbindung'
+				|| $this->router->method == 'updateBankverbindung'
+				|| $this->router->method == 'deleteBankverbindung'
+			) {
+				$model = 'person/Bankverbindung_model';
+			}
+
+			$this->load->model($model, 'TempModel');
+			$result = $this->TempModel->load($id);
+			$data = $this->getDataOrTerminateWithError($result);
+			if (!$result)
+				show_404();
+
+			$person_id = current($data)->person_id;
+			
+			$this->checkPermissionsForPerson($person_id, $permsMa, $permsStud);
+		}
+	}
+	public function getAdressen($person_id)
+	{
+		$this->AdresseModel->addSelect('public.tbl_adresse.*');
+		$this->AdresseModel->addSelect('t.*');
+		$this->AdresseModel->addSelect('f.firma_id');
+		$this->AdresseModel->addSelect('f.name as firmenname');
+		$this->AdresseModel->addJoin('public.tbl_adressentyp t', 'ON (t.adressentyp_kurzbz = public.tbl_adresse.typ)');
+		$this->AdresseModel->addJoin('public.tbl_firma f', 'ON (f.firma_id = public.tbl_adresse.firma_id)', 'LEFT');
+
+		$result = $this->AdresseModel->loadWhere(
+			array('person_id' => $person_id)
+		);
+		if (isError($result)) {
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		$this->terminateWithSuccess((getData($result) ?: []));
+	}
+
+	public function addNewAddress($person_id)
+	{
+		$this->form_validation->set_rules('plz', 'PLZ', 'required|numeric', [
+			'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'PLZ']),
+			'numeric' => $this->p->t('ui', 'error_fieldNotNumeric', ['field' => 'PLZ'])
+		]);
+
+		if(isset($_POST['gemeinde']) && isset($_POST['ort']))
+		$this->form_validation->set_rules('plz', 'Postleitzahl', 'callback_validateLocationCombination', [
+			'validateLocationCombination' => $this->p->t('ui', 'error_location_combination')
+		]);
+
+		if ($this->form_validation->run() == false)
+		{
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+		}
+
+		$uid = getAuthUID();
+		$co_name = isset($_POST['co_name']) ? $_POST['co_name'] : null;
+		$strasse = isset($_POST['strasse']) ? $_POST['strasse'] : null;
+		$ort = isset($_POST['ort']) ? $_POST['ort'] : null;
+		$gemeinde = isset($_POST['gemeinde']) ? $_POST['gemeinde'] : null;
+		$nation = isset($_POST['nation']) ? $_POST['nation'] : null;
+		$name = isset($_POST['name']) ? $_POST['name'] : null;
+		$typ = isset($_POST['typ']) ? $_POST['typ'] : null;
+		$anmerkung = isset($_POST['anmerkung']) ? $_POST['anmerkung'] : null;
+
+		if(isset($_POST['firma']))
+		{
+			$firma_id = $_POST['firma']['firma_id'];
+		}
+		else
+			$firma_id = null;
+
+		$result = $this->AdresseModel->insert(
+			[
+				'person_id' => $person_id,
+				'strasse' =>  $strasse,
+				'insertvon' => $uid,
+				'insertamum' => date('c'),
+				'plz' => $_POST['plz'],
+				'ort' => $ort,
+				'gemeinde' => $gemeinde,
+				'nation' => $nation,
+				'heimatadresse' => $_POST['heimatadresse'],
+				'zustelladresse' => $_POST['zustelladresse'],
+				'co_name' => $co_name,
+				'typ' => $typ,
+				'firma_id' => $firma_id,
+				'name' => $name,
+				'rechnungsadresse' => $_POST['rechnungsadresse'],
+				'anmerkung' => $anmerkung
+
+			]
+		);
+		if (isError($result))
+		{
+			return $this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->outputJsonSuccess(true);
+	}
+
+	public function updateAddress($address_id)
+	{
+		$uid = getAuthUID();
+		$this->form_validation->set_rules('plz', 'PLZ', 'required|numeric', [
+			'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'PLZ']),
+			'numeric' => $this->p->t('ui', 'error_fieldNotNumeric', ['field' => 'PLZ'])
+		]);
+
+		if(isset($_POST['gemeinde']) && isset($_POST['ort']))
+			$this->form_validation->set_rules('plz', 'Postleitzahl', 'callback_validateLocationCombination', [
+				'validateLocationCombination' => $this->p->t('ui', 'error_location_combination')
+			]);
+
+		if ($this->form_validation->run() == false)
+		{
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+		}
+
+		$this->load->model('person/Adresse_model', 'AdresseModel');
+
+		if(!$address_id)
+		{
+			return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Adresse_id']), self::ERROR_TYPE_GENERAL);
+		}
+
+		if(isset($_POST['firma']))
+		{
+			$firma_id = $_POST['firma']['firma_id'];
+		}
+		elseif(isset($_POST['firma_id']))
+		{
+			$firma_id = $_POST['firma_id'];
+		}
+		else
+			$firma_id = null;
+
+		$person_id = isset($_POST['person_id']) ? $_POST['person_id'] : null;
+		$co_name = isset($_POST['co_name']) ? $_POST['co_name'] : null;
+		$strasse = isset($_POST['strasse']) ? $_POST['strasse'] : null;
+		$ort = isset($_POST['ort']) ? $_POST['ort'] : null;
+		$gemeinde = isset($_POST['gemeinde']) ? $_POST['gemeinde'] : null;
+		$nation = isset($_POST['nation']) ? $_POST['nation'] : null;
+		$name = isset($_POST['name']) ? $_POST['name'] : null;
+		$typ = isset($_POST['typ']) ? $_POST['typ'] : null;
+		$anmerkung = isset($_POST['anmerkung']) ? $_POST['anmerkung'] : null;
+
+		$result = $this->AdresseModel->update(
+			[
+				'adresse_id' => $address_id
+			],
+			[	'person_id' => $person_id,
+				'strasse' =>  $strasse,
+				'updatevon' => $uid,
+				'updateamum' => date('c'),
+				'plz' => $_POST['plz'],
+				'ort' => $ort,
+				'gemeinde' => $gemeinde,
+				'nation' => $nation,
+				'heimatadresse' => $_POST['heimatadresse'],
+				'zustelladresse' => $_POST['zustelladresse'],
+				'co_name' => $co_name,
+				'typ' => $typ,
+				'firma_id' => $firma_id,
+				'name' => $name,
+				'rechnungsadresse' => $_POST['rechnungsadresse'],
+				'anmerkung' => $anmerkung
+			]
+		);
+
+		if (isError($result))
+		{
+			return $this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->outputJsonSuccess(true);
+	}
+
+	public function loadAddress($adresse_id)
+	{
+		$this->load->model('person/Adresse_model', 'AdresseModel');
+
+		$this->AdresseModel->addSelect('public.tbl_adresse.*');
+		$this->AdresseModel->addSelect('t.*');
+		$this->AdresseModel->addSelect('f.firma_id');
+		$this->AdresseModel->addSelect('f.name as firmenname');
+		$this->AdresseModel->addJoin('public.tbl_adressentyp t', 'ON (t.adressentyp_kurzbz = public.tbl_adresse.typ)');
+		$this->AdresseModel->addJoin('public.tbl_firma f', 'ON (f.firma_id = public.tbl_adresse.firma_id)', 'LEFT');
+
+		$this->AdresseModel->addLimit(1);
+
+		$result = $this->AdresseModel->loadWhere(
+			array('adresse_id' => $adresse_id)
+		);
+		if (isError($result)) {
+			return $this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+
+		if (!hasData($result))
+		{
+			return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Adresse_id']), self::ERROR_TYPE_GENERAL);
+		}
+		$this->terminateWithSuccess(current(getData($result)) ? : null);
+	}
+
+	public function deleteAddress($adresse_id)
+	{
+		$this->load->model('person/Adresse_model', 'AdresseModel');
+		$result = $this->AdresseModel->load([
+			'adresse_id'=> $adresse_id,
+		]);
+		if(isError($result))
+		{
+			return $this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		$result = current(getData($result));
+
+		if($result->heimatadresse)
+
+			$this->terminateWithError($this->p->t('person', 'error_deleteHomeAdress'), self::ERROR_TYPE_GENERAL);
+
+		$result = $this->AdresseModel->delete(
+			array('adresse_id' => $adresse_id)
+		);
+
+		if (isError($result))
+		{
+			return $this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+		if (!hasData($result))
+		{
+			return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Adresse_id']), self::ERROR_TYPE_GENERAL);
+		}
+
+		return $this->terminateWithSuccess(current(getData($result)) ? : null);
+	}
+
+	public function getAdressentypen()
+	{
+		$this->load->model('person/Adressentyp_model', 'AdressentypModel');
+
+		$result = $this->AdressentypModel->load();
+		if (isError($result))
+		{
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		$this->terminateWithSuccess(getData($result) ?: []);
+	}
+
+	public function getFirmen($searchString)
+	{
+		$this->load->model('ressource/firma_model', 'FirmaModel');
+
+		$result = $this->FirmaModel->searchFirmen($searchString);
+		if (isError($result)) {
+			$this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+		$this->terminateWithSuccess($result ?: []);
+	}
+
+	public function getStandorte($searchString)
+	{
+		$this->load->model('organisation/standort_model', 'StandortModel');
+
+		$result = $this->StandortModel->searchStandorte($searchString);
+		if (isError($result)) {
+			$this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+		$this->terminateWithSuccess($result ?: []);
+	}
+
+	public function getStandorteByFirma($firma_id)
+	{
+		$this->load->model('organisation/standort_model', 'StandortModel');
+
+		$result = $this->StandortModel->getStandorteByFirma($firma_id);
+
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($data);
+	}
+
+	public function getKontakte($person_id)
+	{
+		$this->KontaktModel->addSelect("public.tbl_kontakt.*,
+			TO_CHAR (CASE 
+					WHEN public.tbl_kontakt.updateamum >= public.tbl_kontakt.insertamum 
+					THEN public.tbl_kontakt.updateamum 
+					ELSE public.tbl_kontakt.insertamum 
+				END::timestamp, 'DD.MM.YYYY HH24:MI:SS') AS lastUpdate, st.bezeichnung, f.name");
+		$this->StandortModel->addJoin('public.tbl_standort st', 'ON (public.tbl_kontakt.standort_id = st.standort_id)', 'LEFT');
+		$this->FirmaModel->addJoin('public.tbl_firma f', 'ON (f.firma_id = st.firma_id)', 'LEFT');
+		$result = $this->KontaktModel->loadWhere(
+			array('person_id' => $person_id)
+		);
+
+		if (isError($result))
+		{
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		$this->terminateWithSuccess((getData($result) ?: []));
+	}
+
+	public function getKontakttypen()
+	{
+		$this->load->model('person/Kontakttyp_model', 'KontakttypModel');
+
+		$result = $this->KontakttypModel->load();
+		if (isError($result)) {
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		else
+		{
+			$this->terminateWithSuccess(getData($result) ?: []);
+		}
+	}
+
+	public function loadContact($kontakt_id)
+	{
+		$this->load->model('person/Kontakt_model', 'KontaktModel');
+
+		$this->KontaktModel->addSelect('*, public.tbl_kontakt.*');
+		$this->KontaktModel->addSelect('st.kurzbz');
+		$this->KontaktModel->addJoin('public.tbl_standort st', 'ON (public.tbl_kontakt.standort_id = st.standort_id)', 'LEFT');
+		$this->FirmaModel->addJoin('public.tbl_firma f', 'ON (f.firma_id = st.firma_id)', 'LEFT');
+
+		$this->KontaktModel->addLimit(1);
+
+		$result = $this->KontaktModel->loadWhere(
+			array('kontakt_id' => $kontakt_id)
+		);
+		if (isError($result)) {
+			return $this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+		if (!hasData($result))
+		{
+			return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Kontakt_id']), self::ERROR_TYPE_GENERAL);
+		}
+		//	$this->outputJsonSuccess(current(getData($result)));
+		$this->terminateWithSuccess(current(getData($result)));
+	}
+
+	public function addNewContact($person_id)
+	{
+		if(($_POST['kontakttyp'] == 'email' && isset($_POST['kontakt'])))
+		{
+			$this->form_validation->set_rules('kontakt', 'Kontakt', 'required|valid_email', [
+				'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'Kontakt']),
+				'valid_email' => $this->p->t('ui', 'error_fieldNoValidEmail', ['field' => 'Kontakt'])
+			]);
+		}
+		else
+		{
+			$this->form_validation->set_rules('kontakt', 'Kontakt', 'required', [
+				'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'Kontakt'])
+			]);
+		}
+
+		if ($this->form_validation->run() == false)
+		{
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+		}
+
+		$this->load->model('person/Kontakt_model', 'KontaktModel');
+
+		$uid = getAuthUID();
+
+		$kontakttyp = $this->input->post('kontakttyp');
+		$anmerkung = $this->input->post('anmerkung');
+		$kontakt = $this->input->post('kontakt');
+		$ext_id = $this->input->post('ext_id');
+		$standort_id = $this->input->post('standort_id');
+
+		$result = $this->KontaktModel->insert(
+			[
+				'person_id' => $person_id,
+				'kontakttyp' =>  $kontakttyp,
+				'anmerkung' => $anmerkung,
+				'kontakt' => $kontakt,
+				'zustellung' => $_POST['zustellung'],
+				'insertvon' => $uid,
+				'insertamum' => date('c'),
+				'standort_id' => $standort_id,
+				'ext_id' => $ext_id
+			]
+		);
+
+		if (isError($result))
+		{
+			return $this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+		return $this->outputJsonSuccess(true);
+	}
+
+	public function updateContact($kontakt_id)
+	{
+		$this->load->model('person/Kontakt_model', 'KontaktModel');
+
+		if(!$kontakt_id)
+		{
+			return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Kontakt_id']), self::ERROR_TYPE_GENERAL);
+		}
+
+		if(($_POST['kontakttyp'] == 'email' && isset($_POST['kontakt'])))
+		{
+			$this->form_validation->set_rules('kontakt', 'Kontakt', 'required|valid_email', [
+				'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'Kontakt']),
+				'valid_email' => $this->p->t('ui', 'error_fieldNoValidEmail', ['field' => 'Kontakt'])
+			]);
+		}
+		else
+		{
+			$this->form_validation->set_rules('kontakt', 'Kontakt', 'required', [
+				'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'Kontakt'])
+			]);
+		}
+
+		if ($this->form_validation->run() == false)
+		{
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+		}
+
+/*		if(isset($_POST['standort']))
+		{
+			$standort_id = $_POST['standort']['standort_id'];
+		}
+		else
+			$standort_id = null;*/
+
+		$uid = getAuthUID();
+		$kontakttyp = $this->input->post('kontakttyp');
+		$anmerkung = $this->input->post('anmerkung');
+		$kontakt = $this->input->post('kontakt');
+		$ext_id = $this->input->post('ext_id');
+		$person_id = $this->input->post('person_id');
+		$standort_id = $this->input->post('standort_id');
+
+		//return $this->terminateWithError("in update " . $standort_id, self::ERROR_TYPE_GENERAL);
+
+		$result = $this->KontaktModel->update(
+			[
+				'kontakt_id' => $kontakt_id
+			],
+			[
+				'person_id' => $person_id,
+				'kontakttyp' =>  $kontakttyp,
+				'anmerkung' => $anmerkung,
+				'kontakt' => $kontakt,
+				'zustellung' => $_POST['zustellung'],
+				'insertvon' => 	$uid,
+				'insertamum' => date('c'),
+				'standort_id' => $standort_id,
+				'ext_id' => $ext_id
+			]
+		);
+
+		if (isError($result))
+		{
+			return $this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->outputJsonSuccess(true);
+	}
+
+	public function deleteContact($kontakt_id)
+	{
+		$this->load->model('person/Kontakt_model', 'KontaktModel');
+
+		$result = $this->KontaktModel->delete(
+			array('kontakt_id' => $kontakt_id)
+		);
+
+		if (isError($result))
+		{
+			return $this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+		elseif (!hasData($result))
+		{
+			return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Kontakt_id']), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->terminateWithSuccess(current(getData($result)) ? : null);
+	}
+
+	public function getBankverbindung($person_id)
+	{
+		$this->load->model('person/Bankverbindung_model', 'BankverbindungModel');
+
+		$this->BankverbindungModel->addSelect('*');
+
+		$result = $this->BankverbindungModel->loadWhere(
+			array('person_id' => $person_id)
+		);
+		if (isError($result))
+		{
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		$this->terminateWithSuccess((getData($result) ?: []));
+	}
+
+	public function addNewBankverbindung($person_id)
+	{
+		$this->form_validation->set_rules('iban', 'IBAN', 'required', [
+			'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'IBAN'])
+		]);
+
+		$this->form_validation->set_rules('typ', 'TYP', 'required', [
+			'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'TYP'])
+		]);
+
+		if ($this->form_validation->run() == false)
+		{
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+		}
+
+		$this->load->model('person/Bankverbindung_model', 'BankverbindungModel');
+
+		$ext_id = $this->input->post('ext_id');
+		$oe_kurzbz = $this->input->post('oe_kurzbz');
+		$orgform_kurzbz = $this->input->post('orgform_kurzbz');
+		$name = $this->input->post('name');
+		$anschrift = $this->input->post('anschrift');
+		$bic = $this->input->post('bic');
+		$blz  = $this->input->post('blz');
+		$kontonr = $this->input->post('kontonr');
+
+		$result = $this->BankverbindungModel->insert(
+			[
+				'person_id' => $person_id,
+				'name' => $name,
+				'anschrift' => $anschrift,
+				'bic' => $bic,
+				'iban' => $_POST['iban'],
+				'blz' => $blz,
+				'kontonr' => $kontonr,
+				'insertvon' => 'uid',
+				'insertamum' => date('c'),
+				'typ' => $_POST['typ'],
+				'verrechnung' => $_POST['verrechnung'],
+				'ext_id' => $ext_id,
+				'oe_kurzbz' => $oe_kurzbz,
+				'orgform_kurzbz' => $orgform_kurzbz
+			]
+		);
+		if (isError($result))
+		{
+			return $this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+		return $this->outputJsonSuccess(true);
+	}
+
+	public function loadBankverbindung($bankverbindung_id)
+	{
+		$this->load->model('person/Bankverbindung_model', 'BankverbindungModel');
+
+		$this->BankverbindungModel->addSelect('*');
+
+		$this->BankverbindungModel->addLimit(1);
+
+		$result = $this->BankverbindungModel->loadWhere(
+			array('bankverbindung_id' => $bankverbindung_id)
+		);
+		if (isError($result))
+		{
+			$this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+
+		if (!hasData($result))
+		{
+			return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Bankverbindung_id']), self::ERROR_TYPE_GENERAL);
+		}
+		$this->terminateWithSuccess(current(getData($result)));
+	}
+
+	public function updateBankverbindung($bankverbindung_id)
+	{
+		$this->form_validation->set_rules('iban', 'IBAN', 'required', [
+			'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'IBAN'])
+		]);
+
+		$this->form_validation->set_rules('typ', 'TYP', 'required', [
+			'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'TYP'])
+		]);
+
+		if ($this->form_validation->run() == false)
+		{
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+		}
+
+		$this->load->model('person/Bankverbindung_model', 'BankverbindungModel');
+
+		if(!$bankverbindung_id)
+		{
+			return $this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=> 'Bankverbindung_id']), self::ERROR_TYPE_GENERAL);
+		}
+
+		$uid = getAuthUID();
+
+		$result = $this->BankverbindungModel->update(
+			[
+				'bankverbindung_id' => $bankverbindung_id
+			],
+			[
+				'person_id' => $_POST['person_id'],
+				'name' => $_POST['name'],
+				'anschrift' => $_POST['anschrift'],
+				'bic' => $_POST['bic'],
+				'iban' => $_POST['iban'],
+				'blz' => $_POST['blz'],
+				'kontonr' => $_POST['kontonr'],
+				'updatevon' => $uid,
+				'updateamum' => date('c'),
+				'typ' => $_POST['typ'],
+				'verrechnung' => $_POST['verrechnung'],
+				'ext_id' => $_POST['ext_id'],
+				'oe_kurzbz' => $_POST['oe_kurzbz'],
+				'orgform_kurzbz' => $_POST['orgform_kurzbz']
+			]
+		);
+
+		if (isError($result))
+		{
+			return $this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->outputJsonSuccess(true);
+	}
+
+	public function deleteBankverbindung($bankverbindung_id)
+	{
+		$this->load->model('person/Bankverbindung_model', 'BankverbindungModel');
+
+		$result = $this->BankverbindungModel->delete(
+			array('bankverbindung_id' => $bankverbindung_id)
+		);
+
+		if (isError($result))
+		{
+			return $this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+		if (!hasData($result))
+		{
+			$this->outputJson($result);
+		}
+		return $this->terminateWithSuccess(current(getData($result)) ? : null);
+	}
+
+	public function validateLocationCombination()
+	{
+		$this->load->model('codex/Gemeinde_model', 'GemeindeModel');
+
+		return $this->GemeindeModel->checkLocation($_POST['plz'], $_POST['gemeinde'], $_POST['ort']);
+	}
+}

application/controllers/api/frontend/v1/stv/Konto.php

@@ -0,0 +1,495 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (!defined('BASEPATH')) exit('No direct script access allowed');
+
+use CI3_Events as Events;
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the back-end
+ * Provides data to the ajax get calls about a Konto
+ * Listens to ajax post calls to change the Konto data
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ */
+class Konto extends FHCAPI_Controller
+{
+	/**
+	 * Calls the parent's constructor and prepares libraries and phrases
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'get' => 'student/stammdaten:r',
+			'getBuchungstypen' => self::PERM_LOGGED,
+			'checkDoubles' => ['admin:r', 'assistenz:r'],
+			'insert' => ['admin:w', 'assistenz:w'],
+			'counter' => ['admin:w', 'assistenz:w'],
+			'update' => ['admin:w', 'assistenz:w'],
+			'delete' => ['admin:w', 'assistenz:w']
+		]);
+
+		// Load models
+		$this->load->model('crm/Konto_model', 'KontoModel');
+
+		// Load language phrases
+		$this->loadPhrases([
+			'konto'
+		]);
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * Get details for a prestudent
+	 *
+	 * @return void
+	 */
+	public function get()
+	{
+		$this->load->library('form_validation');
+
+		$person_id = $this->input->post('person_id');
+		if (!$person_id || !is_array($person_id)) {
+			$this->form_validation->set_rules('person_id', 'Person ID', 'required');
+
+			if (!$this->form_validation->run())
+				$this->terminateWithValidationErrors($this->form_validation->error_array());
+		}
+
+
+		$studiengang_kz = $this->input->post('studiengang_kz');
+
+		if ($this->input->post('only_open')) {
+			$result = $this->KontoModel->getOffeneBuchungen($person_id, $studiengang_kz);
+		} else {
+			$result = $this->KontoModel->getAlleBuchungen($person_id, $studiengang_kz);
+		}
+
+		$result = $this->getDataOrTerminateWithError($result);
+
+		// sort into tree
+		$childs = [];
+		$data = [];
+		foreach ($result as $entry) {
+			if ($entry->buchungsnr_verweis) {
+				if (isset($data[$entry->buchungsnr_verweis])) {
+					if (!isset($data[$entry->buchungsnr_verweis]->_children))
+						$data[$entry->buchungsnr_verweis]->_children = [];
+					$data[$entry->buchungsnr_verweis]->_children[] = $entry;
+				} else {
+					if (!isset($childs[$entry->buchungsnr_verweis]))
+						$childs[$entry->buchungsnr_verweis] = [];
+					$childs[$entry->buchungsnr_verweis][] = $entry;
+				}
+			} else {
+				$data[$entry->buchungsnr] = $entry;
+				if (isset($childs[$entry->buchungsnr]))
+					$entry->_children = $childs[$entry->buchungsnr];
+			}
+		}
+
+		$this->terminateWithSuccess(array_values($data));
+	}
+
+	/**
+	 * Get list of Buchungstypen
+	 *
+	 * @return void
+	 */
+	public function getBuchungstypen()
+	{
+		$this->load->model('crm/Buchungstyp_model', 'BuchungstypModel');
+
+		$result = $this->BuchungstypModel->load();
+
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($data);
+	}
+
+	/**
+	 * Check double Buchungen
+	 *
+	 * @return void
+	 */
+	public function checkDoubles()
+	{
+		if (!defined('FAS_DOPPELTE_BUCHUNGSTYPEN_CHECK') || !FAS_DOPPELTE_BUCHUNGSTYPEN_CHECK)
+			$this->terminateWithSuccess(false);
+
+		$this->load->library('form_validation');
+
+		$person_ids = $this->input->post('person_id');
+
+		if (!$person_ids || !is_array($person_ids)) {
+			$person_ids = [$person_ids];
+			$this->form_validation->set_rules('person_id', 'Person ID', 'required');
+		}
+		$this->form_validation->set_rules('studiensemester_kurzbz', 'Studiensemester', 'required');
+		$this->form_validation->set_rules('buchungstyp_kurzbz', 'Buchungstyp', 'required');
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+
+		$buchungstypen = unserialize(FAS_DOPPELTE_BUCHUNGSTYPEN_CHECK);
+		$buchung = $this->input->post('buchungstyp_kurzbz');
+		
+		if (!isset($buchungstypen[$buchung]))
+			$this->terminateWithSuccess(false);
+
+		$result = $this->KontoModel->checkDoubleBuchung($person_ids, $this->input->post('studiensemester_kurzbz'), $buchungstypen[$buchung]);
+
+		$result = $this->getDataOrTerminateWithError($result);
+
+		if (!$result)
+			$this->terminateWithSuccess(false);
+
+		$persons = array_map(function ($row) {
+			return $row->nachname . ' ' . $row->vorname;
+		}, $result);
+		
+		$result = $this->p->t('konto', 'confirm_overwrite') . "\n";
+		if (count($persons) > 10) {
+			$result .= "-" . implode("\n-", array_slice($persons, 0, 10)) . "\n";
+			
+			if (count($persons) == 11) {
+				$result .= "\n" . $this->p->t('konto', 'confirm_overwrite_1_add_pers');
+			} else {
+				$result .= "\n" . $this->p->t('konto', 'confirm_overwrite_x_add_pers', [
+					'x' => count($persons) - 10
+				]);
+			}
+		} else {
+			$result .= "-" . implode("\n-", $persons) . "\n";
+		}
+		$result .= $this->p->t('konto', 'confirm_overwrite_proceed');
+
+		$this->addError($result, 'confirm');
+
+		$this->terminateWithSuccess(true);
+	}
+
+
+	/**
+	 * Save Buchung
+	 *
+	 * @return void
+	 */
+	public function insert()
+	{
+		$this->load->library('form_validation');
+
+		$person_ids = $this->input->post('person_id');
+
+		if (!$person_ids || !is_array($person_ids)) {
+			$person_ids = [$person_ids];
+			$this->form_validation->set_rules('person_id', 'Person ID', 'required');
+		}
+		$this->form_validation->set_rules('betrag', 'Betrag', 'numeric');
+		$this->form_validation->set_rules('buchungsdatum', 'Buchungsdatum', 'is_valid_date');
+		$this->form_validation->set_rules('buchungstext', 'Buchungstext', 'max_length[256]');
+		$this->form_validation->set_rules('mahnspanne', 'Mahnspanne', 'integer');
+		$this->form_validation->set_rules('buchungstyp_kurzbz', 'Buchungstyp', 'required|max_length[32]');
+		$this->form_validation->set_rules('studiensemester_kurzbz', 'Studiensemester', 'required|max_length[16]');
+		$this->form_validation->set_rules('studiengang_kz', 'Studiengang', 'required|has_permissions_for_stg[admin:rw,assistenz:rw]');
+		$this->form_validation->set_rules('credit_points', 'Credit Points', 'numeric');
+
+		Events::trigger('konto_insert_validation', $this->form_validation);
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+
+		$allowed = [
+			'betrag',
+			'buchungsdatum',
+			'buchungstext',
+			'mahnspanne',
+			'buchungstyp_kurzbz',
+			'studiensemester_kurzbz',
+			'studiengang_kz',
+			'credit_points',
+			'anmerkung'
+		];
+		$data = [
+			'insertamum' => date('c'),
+			'insertvon' => getAuthUID()
+		];
+		foreach ($allowed as $field)
+			if ($this->input->post($field) !== null)
+				$data[$field] = $this->input->post($field);
+
+		if (defined('FAS_BUCHUNGSTYP_FIXE_KOSTENSTELLE') && isset(unserialize(FAS_BUCHUNGSTYP_FIXE_KOSTENSTELLE)[$data['buchungstyp_kurzbz']])) {
+			$data['kostenstelle'] = unserialize(FAS_BUCHUNGSTYP_FIXE_KOSTENSTELLE)[$data['buchungstyp_kurzbz']];
+		}
+
+		$result = [];
+		foreach ($person_ids as $person_id) {
+			$id = $this->KontoModel->insert(array_merge($data, ['person_id' => $person_id]));
+			if (isError($id)) {
+				$this->addError(getError($id), self::ERROR_TYPE_DB);
+			} else {
+				$kontodata = $this->KontoModel->withAdditionalInfo()->load(getData($id));
+				if (isError($kontodata))
+					$this->addError(getError($kontodata), self::ERROR_TYPE_DB);
+				else
+					$result[] = current(getData($kontodata));
+			}
+		}
+
+		if ($result)
+			$this->terminateWithSuccess($result);
+
+		$this->output->set_status_header(REST_Controller::HTTP_INTERNAL_SERVER_ERROR);
+	}
+
+	/**
+	 * Save Counter Buchung
+	 *
+	 * @return void
+	 */
+	public function counter()
+	{
+		$this->load->library('form_validation');
+
+		$buchungsnrs = $this->input->post('buchungsnr');
+
+		if (!$buchungsnrs || !is_array($buchungsnrs)) {
+			$buchungsnrs = $buchungsnrs ? [$buchungsnrs] : [];
+			$this->form_validation->set_rules('buchungsnr', 'Buchungsnr', 'required');
+		}
+		$this->form_validation->set_rules('buchungsdatum', 'Buchungsdatum', 'is_valid_date');
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$data = [];
+		$rules = [];
+		foreach ($buchungsnrs as $k => $buchungsnr) {
+			$result = $this->KontoModel->load($buchungsnr);
+			if (isError($result)) {
+				$rules[] = [
+					'field' => 'buchung[' . $k . ']',
+					'label' => 'Buchung #' . $buchungsnr,
+					'rules' => 'required',
+					'errors' => [
+						'required' => getError($result)
+					]
+				];
+			} elseif (!hasData($result)) {
+				$rules[] = [
+					'field' => 'buchung[' . $k . ']',
+					'label' => 'Buchung #' . $buchungsnr,
+					'rules' => 'required'
+				];
+			} else {
+				$data[$k] = get_object_vars(current(getData($result)));
+				$rules[] = [
+					'field' => 'buchung[' . $k . '][buchungsnr]',
+					'label' => 'Buchung # ' . $buchungsnr,
+					'rules' => 'required|numeric'
+				];
+				$rules[] = [
+					'field' => 'buchung[' . $k . '][studiengang_kz]',
+					'label' => 'Buchung # ' . $buchungsnr,
+					'rules' => 'required|has_permissions_for_stg[admin:rw,assistenz:rw]'
+				];
+				$rules[] = [
+					'field' => 'buchung[' . $k . '][buchungsnr_verweis]',
+					'label' => 'Buchung # ' . $buchungsnr,
+					'rules' => 'regex_match[/^$/]',
+					'errors' => [
+						'regex_match' => $this->p->t('konto', 'error_counter_level')
+					]
+				];
+			}
+		}
+		
+		$this->form_validation->reset_validation();
+		$this->form_validation->set_data(['buchung' => $data]);
+		$this->form_validation->set_rules($rules);
+		
+		Events::trigger('konto_counter_validation', $this->form_validation);
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$buchungsdatum = $this->input->post('buchungsdatum');
+
+		$newItems = [];
+		foreach ($data as $buchung) {
+			$result = $this->KontoModel->getDifferenz($buchung['buchungsnr']);
+			if (isError($result)) {
+				$this->addError(getError($result), self::ERROR_TYPE_GENERAL);
+				continue;
+			}
+			$betrag = $result->retval;
+			if ($betrag === null) {
+				$this->addError($this->p->t(
+					'konto',
+					'error_missing',
+					$buchung
+				), self::ERROR_TYPE_GENERAL);
+				continue;
+			}
+
+
+			$result = $this->KontoModel->insert([
+				'person_id' => $buchung['person_id'],
+				'studiengang_kz' => $buchung['studiengang_kz'],
+				'studiensemester_kurzbz' => $buchung['studiensemester_kurzbz'],
+				'buchungstext' => $buchung['buchungstext'],
+				'buchungstyp_kurzbz' => $buchung['buchungstyp_kurzbz'],
+				'credit_points' => $buchung['credit_points'],
+				'zahlungsreferenz' => $buchung['zahlungsreferenz'],
+				'betrag' => $betrag,
+				'buchungsdatum' => $buchungsdatum,
+				'mahnspanne' => '0',
+				'buchungsnr_verweis' => $buchung['buchungsnr'],
+				'insertamum' => date('c'),
+				'insertvon' => getAuthUID(),
+				'anmerkung' => ''
+			]);
+			if (isError($result)) {
+				$this->addError(getError($result), self::ERROR_TYPE_GENERAL);
+				continue;
+			}
+
+			$newItems = null;
+			// TODO(chris): get as tree?
+			/*$result = $this->KontoModel->withAdditionalInfo()->load($result->retval);
+			if (!hasData($result))
+				$newItems = null;
+			elseif ($newItems !== null)
+				$newItems[] = current(getData($result));*/
+		}
+
+		$this->terminateWithSuccess($newItems);
+	}
+
+	/**
+	 * Save Buchung
+	 *
+	 * @return void
+	 */
+	public function update()
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules('buchungsnr', 'Buchungsnr', 'required');
+		$this->form_validation->set_rules('betrag', 'Betrag', 'numeric');
+		$this->form_validation->set_rules('buchungsdatum', 'Buchungsdatum', 'is_valid_date');
+		$this->form_validation->set_rules('buchungstext', 'Buchungstext', 'max_length[256]');
+		$this->form_validation->set_rules('mahnspanne', 'Mahnspanne', 'integer');
+		$this->form_validation->set_rules('buchungstyp_kurzbz', 'Buchungstyp', 'required|max_length[32]');
+		$this->form_validation->set_rules('studiensemester_kurzbz', 'Studiensemester', 'required|max_length[16]');
+		$this->form_validation->set_rules('studiengang_kz', 'Studiengang', 'required|has_permissions_for_stg[admin:rw,assistenz:rw]');
+		$this->form_validation->set_rules('credit_points', 'Credit Points', 'numeric');
+
+		Events::trigger('konto_update_validation', $this->form_validation);
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+
+		$id = $this->input->post('buchungsnr');
+		$allowed = [
+			'betrag',
+			'buchungsdatum',
+			'buchungstext',
+			'mahnspanne',
+			'buchungstyp_kurzbz',
+			'studiensemester_kurzbz',
+			'studiengang_kz',
+			'credit_points',
+			'anmerkung'
+		];
+		$data = [
+			'updateamum' => date('c'),
+			'updatevon' => getAuthUID()
+		];
+		foreach ($allowed as $field)
+			if ($this->input->post($field) !== null)
+				$data[$field] = $this->input->post($field);
+
+		$result = $this->KontoModel->update($id, $data);
+
+		$this->getDataOrTerminateWithError($result);
+
+		$result = null;
+		// TODO(chris): get as tree?
+		/*$result = $this->KontoModel->withAdditionalInfo()->load($id);
+		
+		#$result = $this->getDataOrTerminateWithError($result);
+		if (isError($result))
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		$result = $result->retval;*/
+
+		$this->terminateWithSuccess($result);
+	}
+
+	/**
+	 * Delete Buchung
+	 *
+	 * @return void
+	 */
+	public function delete()
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules('buchungsnr', 'Buchungsnr', 'required');
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+
+		$buchungsnr = $this->input->post('buchungsnr');
+
+		$result = $this->KontoModel->load($buchungsnr);
+
+		$result = $this->getDataOrTerminateWithError($result);
+
+		if (!$result)
+			$this->terminateWithError($this->p->t('konto', 'error_missing', [
+				'buchungsnr' => $buchungsnr
+			]));
+
+		$_POST['studiengang_kz'] = current($result)->studiengang_kz;
+
+		$this->form_validation->set_rules('studiengang_kz', 'Studiengang', 'has_permissions_for_stg[admin:rw,assistenz:rw]');
+
+		Events::trigger('konto_delete_validation', $this->form_validation);
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+
+		Events::trigger('konto_delete', $buchungsnr);
+		
+		$result = $this->KontoModel->delete($buchungsnr);
+		if (isError($result)) {
+			if (getCode($result) != 42)
+				$this->terminateWithError(getError($result));
+			$this->terminateWithError($this->p->t('konto', 'error_delete_level'));
+		}
+
+		$this->terminateWithSuccess();
+	}
+}

application/controllers/api/frontend/v1/stv/Lists.php

@@ -0,0 +1,147 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the back-end
+ * Provides data to the ajax get calls about generally used lists
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ */
+class Lists extends FHCAPI_Controller
+{
+	public function __construct()
+	{
+		parent::__construct([
+			'getStudiensemester' => self::PERM_LOGGED,
+			'getStgs' => self::PERM_LOGGED,
+			'getSprachen' => self::PERM_LOGGED,
+			'getGeschlechter' => self::PERM_LOGGED,
+			'getAusbildungen' => self::PERM_LOGGED,
+			'getOrgforms' => self::PERM_LOGGED,
+			'getStati' => self::PERM_LOGGED
+		]);
+	}
+
+	public function getStudiensemester()
+	{
+		$this->load->model('organisation/Studiensemester_model', 'StudiensemesterModel');
+
+		$this->StudiensemesterModel->addOrder('ende');
+
+		$result = $this->StudiensemesterModel->load();
+
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($data);
+	}
+
+	public function getStgs()
+	{
+		$this->load->model('organisation/Studiengang_model', 'StudiengangModel');
+
+		$this->StudiengangModel->addSelect('*');
+		$this->StudiengangModel->addSelect('UPPER(typ || kurzbz) AS kuerzel');
+
+		$this->StudiengangModel->addOrder('typ');
+		$this->StudiengangModel->addOrder('kurzbz');
+
+		$result = $this->StudiengangModel->load();
+
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($data);
+	}
+
+	public function getSprachen()
+	{
+		$this->load->model('system/Sprache_model', 'SpracheModel');
+
+		$this->SpracheModel->addOrder('sprache');
+
+		$result = $this->SpracheModel->load();
+		$data = $this->getDataOrTerminateWithError($result);
+		
+		$this->terminateWithSuccess($data);
+	}
+
+	public function getGeschlechter()
+	{
+		$this->load->model('person/Geschlecht_model', 'GeschlechtModel');
+
+		$this->GeschlechtModel->addOrder('sort');
+		$this->GeschlechtModel->addOrder('geschlecht');
+
+		$this->GeschlechtModel->addSelect('*');
+		#$this->GeschlechtModel->addTranslatedSelect("bezeichnung_mehrsprachig", "bezeichnung");
+		$this->GeschlechtModel->addSelect("bezeichnung_mehrsprachig[(SELECT index FROM public.tbl_sprache WHERE sprache=" . $this->GeschlechtModel->escape(DEFAULT_LANGUAGE) . " LIMIT 1)] AS bezeichnung");
+
+		$result = $this->GeschlechtModel->load();
+		$data = $this->getDataOrTerminateWithError($result);
+		
+		$this->terminateWithSuccess($data);
+	}
+
+	public function getAusbildungen()
+	{
+		$this->load->model('codex/Ausbildung_model', 'AusbildungModel');
+
+		$this->AusbildungModel->addOrder('ausbildungcode');
+
+		$result = $this->AusbildungModel->load();
+		$data = $this->getDataOrTerminateWithError($result);
+		
+		$this->terminateWithSuccess($data);
+	}
+
+	public function getOrgforms()
+	{
+		$this->load->model('codex/Orgform_model', 'OrgformModel');
+
+		$this->OrgformModel->addOrder('bezeichnung');
+
+		$result = $this->OrgformModel->loadWhere(['rolle' => true]);
+		$data = $this->getDataOrTerminateWithError($result);
+		
+		$this->terminateWithSuccess($data);
+	}
+
+	public function getStati()
+	{
+		$lang = getUserLanguage();
+		$this->load->model('crm/Status_model', 'StatusModel');
+
+		$this->StatusModel->addSelect('*');
+		#$this->StatusModel->addTranslatedSelect('bezeichnung_mehrsprachig', 'bezeichnung');
+		$this->StatusModel->addSelect(
+			'bezeichnung_mehrsprachig[(
+				SELECT index
+				FROM public.tbl_sprache
+				WHERE sprache=' . $this->StatusModel->escape($lang) . '
+				LIMIT 1
+			)] AS bezeichnung',
+			false
+		);
+		#$this->StatusModel->addOrder('ext_id');
+
+		$result = $this->StatusModel->load();
+		$data = $this->getDataOrTerminateWithError($result);
+		
+		$this->terminateWithSuccess($data);
+	}
+}

application/controllers/api/frontend/v1/stv/Notiz.php

@@ -0,0 +1,384 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+use \DateTime as DateTime;
+
+class Notiz extends Notiz_Controller
+{
+	public function __construct()
+	{
+		parent::__construct([
+			'getUid' => ['admin:r', 'assistenz:r'],
+			'getNotizen' => ['admin:r', 'assistenz:r'],
+			'loadNotiz' => ['admin:r', 'assistenz:r'], // TODO(manu): self::PERM_LOGGED
+			'addNewNotiz' => ['admin:rw', 'assistenz:rw'], // TODO(manu): self::PERM_LOGGED
+			'updateNotiz' => ['admin:rw', 'assistenz:rw'], // TODO(manu): self::PERM_LOGGED
+			'deleteNotiz' => ['admin:r', 'assistenz:r'],
+			'loadDokumente' => ['admin:r', 'assistenz:r'],
+			'getMitarbeiter' => ['admin:r', 'assistenz:r']
+		]);
+
+		//Load Models
+		$this->load->model('person/Notiz_model', 'NotizModel');
+		$this->load->model('person/Notizzuordnung_model', 'NotizzuordnungModel');
+
+		// Load Libraries
+		$this->load->library('VariableLib', ['uid' => getAuthUID()]);
+
+		// Load language phrases
+		$this->loadPhrases([
+			'ui'
+		]);
+	}
+
+/*	public function getUid()
+	{
+		$this->terminateWithSuccess(getAuthUID());
+	}*/
+
+
+	public function getNotizen($id, $type)
+	{
+
+		//check if valid type
+		$result = $this->NotizzuordnungModel->isValidType($type);
+		if(isError($result))
+			$this->terminateWithError($result->retval, self::ERROR_TYPE_GENERAL);
+
+		//$this->terminateWithError(" after check type not valid", self::ERROR_TYPE_GENERAL);
+		$result = $this->NotizModel->getNotizWithDocEntries($id, $type);
+
+		if (isError($result)) {
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->terminateWithSuccess(getData($result) ?: []);
+
+		//	return $this->terminateWithError("type not valid", self::ERROR_TYPE_GENERAL);
+
+	}
+
+/*	public function loadNotiz()
+	{
+		$_POST = json_decode(utf8_encode($this->input->raw_input_stream), true);
+
+		$notiz_id = $this->input->post('notiz_id');
+
+		//$this->load->model('person/Notiz_model', 'NotizModel');
+		$this->NotizModel->addJoin('public.tbl_notiz_dokument', 'notiz_id', 'LEFT');
+		$this->NotizModel->addSelect('*');
+		$this->NotizModel->addSelect("TO_CHAR(CASE WHEN public.tbl_notiz.updateamum >= public.tbl_notiz.insertamum 
+			THEN public.tbl_notiz.updateamum ELSE public.tbl_notiz.insertamum END::timestamp, 'DD.MM.YYYY HH24:MI:SS') AS lastUpdate");
+		$this->NotizModel->addLimit(1);
+
+		$result = $this->NotizModel->loadWhere(
+			array('notiz_id' => $notiz_id)
+		);
+		if (isError($result))
+		{
+			$this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+		elseif (!hasData($result))
+		{
+			$this->terminateWithError($this->p->t('ui', 'error_missingId', ['id'=>'Notiz_id']), self::ERROR_TYPE_GENERAL);
+		}
+		else
+		{
+			$this->terminateWithSuccess(current(getData($result)));
+		}
+	}
+
+
+	public function updateNotiz()
+	{
+		$this->load->library('form_validation');
+		$this->load->library('DmsLib');
+
+		if (isset($_POST['data']))
+		{
+			$data = json_decode($_POST['data']);
+			unset($_POST['data']);
+			foreach ($data as $k => $v) {
+				$_POST[$k] = $v;
+			}
+		}
+
+		$notiz_id = $this->input->post('notiz_id');
+
+		if(!$notiz_id)
+		{
+			$this->terminateWithError($this->p->t('ui','error_missingId',['id'=>'Notiz_id']), self::ERROR_TYPE_GENERAL);
+		}
+
+		//Form Validation
+		$this->form_validation->set_rules('titel', 'Titel', 'required', [
+			'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'Titel'])
+		]);
+
+		$this->form_validation->set_rules('text', 'Text', 'required', [
+			'required' => $this->p->t('ui', 'error_fieldRequired', ['field' => 'Text'])
+		]);
+
+		if ($this->form_validation->run() == false)
+		{
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+		}
+
+		//update Notiz
+		$uid = getAuthUID();
+		$titel = $this->input->post('titel');
+		$text = $this->input->post('text');
+		$verfasser_uid = $this->input->post('verfasser');
+		$bearbeiter_uid = isset($_POST['bearbeiter']) ? $_POST['bearbeiter'] : $uid;
+		$erledigt = $this->input->post('erledigt');
+		$start = $this->input->post('start');
+		$ende = $this->input->post('ende');
+
+		$result = $this->NotizModel->update(
+			[
+				'notiz_id' => $notiz_id
+			],
+			[
+				'titel' =>  $titel,
+				'updatevon' => $uid,
+				'updateamum' => date('c'),
+				'text' => $text,
+				'verfasser_uid' => $verfasser_uid,
+				'bearbeiter_uid' => $bearbeiter_uid,
+				'start' => $start,
+				'ende' => $ende,
+				'erledigt' => $erledigt
+			]
+		);
+		if (isError($result))
+		{
+			return $this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+
+		//update(1) laden aller bereits mit dieser notiz_id verknüpften DMS-Einträge
+		$this->load->model('person/Notizdokument_model', 'NotizdokumentModel');
+		$this->NotizdokumentModel->addJoin('campus.tbl_dms_version', 'dms_id');
+		$dms_uploaded = null;
+
+		$result = $this->NotizdokumentModel->loadWhere(array('notiz_id' => $notiz_id));
+		if (isError($result))
+		{
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		elseif (!hasData($result))
+		{
+			$dms_id_arr = null;
+		}
+		else
+		{
+			$result = getData($result);
+			foreach($result as $doc) {
+				$dms_id_arr[] = array(
+					'name' => $doc->name,
+					'dms_id' => $doc->dms_id
+				);
+			}
+		}
+
+		foreach ($_FILES as $k => $file)
+		{
+			//update(2) alle neuen files (alle außer type application/x.fhc-dms+json) anhängen
+			if($file["type"] == 'application/x.fhc-dms+json')
+			{
+				$dms_uploaded[] = array(
+					'name' => $file["name"]
+				);
+			}
+			else
+			{
+				$dms = array(
+					'kategorie_kurzbz'  => 'notiz',
+					'version'           => 0,
+					'name'              => $file["name"],
+					'mimetype'          => $file["type"],
+					'insertamum'        => date('c'),
+					'insertvon'         => $uid
+				);
+
+				//Todo(manu) check if filetypes weiter eingeschränkt werden sollen
+				//Todo(manu)check name files: nicht gleiches file 2mal hochladen
+				$result = $this->dmslib->upload($dms, $k, array('*'));
+
+				if (isError($result))
+				{
+					return $this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+				}
+				$dms_id = $result->retval['dms_id'];
+
+				$result = $this->NotizdokumentModel->insert(array('notiz_id' => $notiz_id, 'dms_id' => $dms_id));
+				if (isError($result))
+				{
+					return $this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+				}
+			}
+		}
+
+		//update(3) check if Dateien gelöscht wurden
+		if(count($dms_uploaded) != count($dms_id_arr))
+		{
+			if (count($dms_uploaded) == 0)
+			{
+				$filesDeleted = $dms_id_arr;
+			}
+			else
+			{
+				$upload_new_names = array_column($dms_uploaded, "name");
+
+				$filesDeleted = array_filter($dms_id_arr, function ($file) use ($upload_new_names) {
+					return !in_array($file["name"], $upload_new_names);
+				});
+			}
+
+			foreach ($filesDeleted as $file)
+			{
+				$result = $this->dmslib->removeAll($file['dms_id']);
+
+				if (isError($result))
+				{
+					return $this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+				}
+				else
+					$this->outputJson($result);
+			}
+		}
+		return $this->terminateWithSuccess($result);
+	}*/
+
+
+/*	public function deleteNotiz()
+	{
+		$_POST = json_decode(utf8_encode($this->input->raw_input_stream), true);
+		$notiz_id = $this->input->post('notiz_id');
+		$type = $this->input->post('type_id');
+		$id = $this->input->post('id');
+
+		//dms_id auslesen aus notizdokument wenn vorhanden
+		$dms_id_arr = [];
+		$this->load->model('person/Notizdokument_model', 'NotizdokumentModel');
+
+		$result = $this->NotizdokumentModel->loadWhere(array('notiz_id' => $notiz_id));
+
+		if (isError($result))
+		{
+			return $this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+
+		if(hasData($result))
+		{
+			$result = getData($result);
+			foreach ($result as $doc) {
+				$dms_id_arr[] = $doc->dms_id;
+			}
+		}
+
+		if($dms_id_arr)
+		{
+			$this->load->library('DmsLib');
+			foreach($dms_id_arr as $dms_id)
+			{
+				$result = $this->dmslib->removeAll($dms_id);
+
+				if (isError($result))
+				{
+					return $this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+				}
+
+				$this->outputJson($result);
+			}
+		}
+
+		//delete Notizzuordnung
+		if($type == "software_id")
+		{
+			// Loads extension Model
+			$this->load->model('extensions/FHC-Core-Softwarebereitstellung/Softwarenotizzuordnung_model', 'ExtensionnotizzuordnungModel');
+			$result = $this->ExtensionnotizzuordnungModel->delete([
+				'notiz_id' => $notiz_id,
+				'id' => strval($id)
+				],
+				[
+				'type_id' => $type
+			]);
+
+		}
+		else
+		{
+			//notizzuordnungsid!
+			$result = $this->NotizzuordnungModel->delete(['notiz_id' => $notiz_id, $type => $id]);
+		}
+
+
+		$this->load->model('person/Notiz_model', 'NotizModel');
+		//$this->NotizModel->addJoin('public.tbl_notizzuordnung', 'notiz_id');
+
+		//TODO (erweitern um Type_id) für Extensions, damit auch Notizzuordnung gelöscht werden kann
+
+		//Löschen von Notiz
+		$result = $this->NotizModel->delete(
+			array('notiz_id' => $notiz_id)
+		);
+
+		if (isError($result))
+		{
+			return $this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+		if(!hasData($result))
+		{
+			return $this->terminateWithError($this->p->t('ui','error_missingId', ['id'=> 'Notiz_id']), self::ERROR_TYPE_GENERAL);
+		}
+
+		return $this->terminateWithSuccess(current(getData($result)));
+	}*/
+
+/*	public function loadDokumente()
+	{
+		$_POST = json_decode(utf8_encode($this->input->raw_input_stream), true);
+		$notiz_id = $this->input->post('notiz_id');
+
+		$this->NotizModel->addSelect('campus.tbl_dms_version.*');
+
+		$this->NotizModel->addJoin('public.tbl_notiz_dokument', 'ON (public.tbl_notiz_dokument.notiz_id = public.tbl_notiz.notiz_id)');
+		$this->NotizModel->addJoin('campus.tbl_dms_version', 'ON (public.tbl_notiz_dokument.dms_id = campus.tbl_dms_version.dms_id)');
+
+		$result = $this->NotizModel->loadWhere(
+			array('public.tbl_notiz.notiz_id' => $notiz_id)
+		);
+		if (isError($result)) {
+			return $this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+
+		if(!hasData($result))
+		{
+			return $this->terminateWithError($this->p->t('ui','error_missingId', ['id'=> 'Notiz_id']), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->terminateWithSuccess(getData($result));
+	}*/
+
+/*	public function getMitarbeiter($searchString)
+	{
+		$this->load->model('ressource/Mitarbeiter_model', 'MitarbeiterModel');
+		$result = $this->MitarbeiterModel->searchMitarbeiter($searchString);
+		if (isError($result)) {
+			$this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+		return $this->terminateWithSuccess($result);
+	}*/
+
+	public function isBerechtigt($id, $typeId)
+	{
+		if(!$this->permissionlib->isBerechtigt('admin', 'suid') && !$this->permissionlib->isBerechtigt('assistenz', 'suid'))
+		{
+			$result =  $this->p->t('lehre','error_keineSchreibrechte');
+
+			return $this->terminateWithError($result, self::ERROR_TYPE_GENERAL);
+		}
+		return success("berechtigt in überschreibender Funktion");
+/*		return $this->terminateWithError('keine Berechtigung bro', self::ERROR_TYPE_GENERAL);*/
+	}
+
+}

application/controllers/api/frontend/v1/stv/Prestudent.php

@@ -0,0 +1,299 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+use \DateTime as DateTime;
+
+class Prestudent extends FHCAPI_Controller
+{
+	public function __construct()
+	{
+		parent::__construct([
+			'get' => ['admin:r', 'assistenz:r'],
+			'updatePrestudent' =>  ['admin:rw', 'assistenz:rw'],
+			'getHistoryPrestudents' => ['admin:r', 'assistenz:r'],
+			'getBezeichnungZGV' => ['admin:r', 'assistenz:r'],
+			'getBezeichnungDZgv' => ['admin:r', 'assistenz:r'],
+			'getBezeichnungMZgv' => ['admin:r', 'assistenz:r'],
+			'getAusbildung' => ['admin:r', 'assistenz:r'],
+			'getAufmerksamdurch' => ['admin:r', 'assistenz:r'],
+			'getBerufstaetigkeit' => ['admin:r', 'assistenz:r'],
+			'getTypenStg' => ['admin:r', 'assistenz:r'],
+			'getStudienplaene' => ['admin:r', 'assistenz:r'],
+			'getStudiengang' => ['admin:r', 'assistenz:r']
+		]);
+
+		if ($this->router->method == 'updatePrestudent') {
+			$prestudent_id = current(array_slice($this->uri->rsegments, 2));
+			$this->checkPermissionsForPrestudent($prestudent_id, ['admin:rw', 'assistenz:rw']);
+		} elseif ($this->router->method == 'get'
+			|| $this->router->method == 'getStudienplaene'
+			|| $this->router->method == 'getStudiengang'
+		) {
+			$prestudent_id = current(array_slice($this->uri->rsegments, 2));
+			$this->checkPermissionsForPrestudent($prestudent_id, ['admin:r', 'assistenz:r']);
+		} elseif ($this->router->method == 'getHistoryPrestudents') {
+			$person_id = current(array_slice($this->uri->rsegments, 2));
+			$this->checkPermissionsForPerson($person_id, ['admin:r', 'assistenz:r'], ['admin:r', 'assistenz:r']);
+		}
+
+		// Load Libraries
+		$this->load->library('VariableLib', ['uid' => getAuthUID()]);
+
+		// Load language phrases
+		$this->loadPhrases([
+			'ui', 'studierendenantrag', 'lehre'
+		]);
+	}
+
+	public function get($prestudent_id)
+	{
+		$this->load->model('crm/Prestudent_model', 'PrestudentModel');
+
+		$this->PrestudentModel->addSelect('*');
+		$result = $this->PrestudentModel->loadWhere(['prestudent_id' => $prestudent_id]);
+
+		if (isError($result))
+		{
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		if(!hasData($result))
+		{
+			return show_404();
+		}
+		$this->terminateWithSuccess(current(getData($result)));
+	}
+
+	public function updatePrestudent($prestudent_id)
+	{
+		$this->load->model('crm/Prestudent_model', 'PrestudentModel');
+
+		// UDF
+		$this->load->library('UDFLib');
+		
+		$result = $this->udflib->getCiValidations($this->PrestudentModel, $this->input->post());
+		$udf_field_validations = $this->getDataOrTerminateWithError($result);
+
+		//Form validation
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules($udf_field_validations);
+
+		$this->form_validation->set_rules('priorisierung', 'Priorisierung', 'numeric', [
+			'numeric' => $this->p->t('ui', 'error_fieldNotNumeric', ['field' => 'Priorisierung'])
+		]);
+
+		if ($this->form_validation->run() == false)
+		{
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+		}
+
+		$uid = getAuthUID();
+
+		$array_allowed_props_prestudent = [
+			'aufmerksamdurch_kurzbz',
+			'studiengang_kz',
+			'gsstudientyp_kurzbz',
+			'person_id',
+			'berufstaetigkeit_code',
+			'ausbildungcode',
+			'zgv_code',
+			'zgvort',
+			'zgvdatum',
+			'zgvnation',
+			'zgvmas_code',
+			'zgvmaort',
+			'zgvmadatum',
+			'zgvmanation',
+			'facheinschlberuf',
+			'bismelden',
+			'anmerkung',
+			'dual',
+			'zgvdoktor_code',
+			'zgvdoktorort',
+			'zgvdoktordatum',
+			'zgvdoktornation',
+			'aufnahmegruppe_kurzbz',
+			'priorisierung',
+			'foerderrelevant',
+			'zgv_erfuellt',
+			'zgvmas_erfuellt',
+			'zgvdoktor_erfuellt',
+			'mentor',
+			'aufnahmeschluessel',
+			'standort_code'
+		];
+
+		// add UDFs
+		$result = $this->udflib->getDefinitionForModel($this->PrestudentModel);
+
+		$definitions = $this->getDataOrTerminateWithError($result);
+
+		foreach ($definitions as $def)
+			$array_allowed_props_prestudent[] = $def['name'];
+
+		$update_prestudent = array();
+		foreach ($array_allowed_props_prestudent as $prop)
+		{
+			$val = $this->input->post($prop);
+			if ($val !== null || $prop == 'foerderrelevant') {
+				$update_prestudent[$prop] = $val;
+			}
+		}
+
+		$update_prestudent['updateamum'] = date('c');
+		$update_prestudent['updatevon'] = $uid;
+
+		if (count($update_prestudent))
+		{
+			$result = $this->PrestudentModel->update(
+				$prestudent_id,
+				$update_prestudent
+			);
+			$this->getDataOrTerminateWithError($result);
+
+			return $this->terminateWithSuccess(true);
+		}
+		return $this->terminateWithSuccess(false);
+	}
+
+	public function getHistoryPrestudents($person_id)
+	{
+		$this->load->model('crm/Prestudent_model', 'PrestudentModel');
+
+		$result = $this->PrestudentModel->getHistoryPrestudents($person_id);
+		if (isError($result))
+		{
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		$this->terminateWithSuccess(getData($result) ?: []);
+	}
+
+	public function getBezeichnungZGV()
+	{
+		$this->load->model('codex/Zgv_model', 'ZgvModel');
+
+		$this->ZgvModel->addOrder('zgv_code');
+
+		$result = $this->ZgvModel->load();
+		if (isError($result))
+		{
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->terminateWithSuccess(getData($result) ?: []);
+	}
+
+	public function getBezeichnungDZgv()
+	{
+		$this->load->model('codex/Zgvdoktor_model', 'ZgvdoktorModel');
+
+		$this->ZgvdoktorModel->addOrder('zgvdoktor_code');
+
+		$result = $this->ZgvdoktorModel->load();
+		if (isError($result))
+		{
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->terminateWithSuccess(getData($result) ?: []);
+	}
+
+	public function getBezeichnungMZgv()
+	{
+		$this->load->model('codex/Zgvmaster_model', 'ZgvmasterModel');
+
+		$this->ZgvmasterModel->addOrder('zgvmas_code');
+
+		$result = $this->ZgvmasterModel->load();
+		if (isError($result))
+		{
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->terminateWithSuccess(getData($result) ?: []);
+	}
+
+	public function getAusbildung()
+	{
+		$this->load->model('codex/Ausbildung_model', 'AusbildungModel');
+
+		$this->AusbildungModel->addOrder('ausbildungcode');
+
+		$result = $this->AusbildungModel->load();
+		if (isError($result))
+		{
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->terminateWithSuccess(getData($result) ?: []);
+	}
+
+	public function getAufmerksamdurch()
+	{
+		$this->load->model('codex/Aufmerksamdurch_model', 'AufmerksamdurchModel');
+
+		$this->AufmerksamdurchModel->addOrder('aufmerksamdurch_kurzbz');
+
+		$result = $this->AufmerksamdurchModel->load();
+		if (isError($result))
+		{
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->terminateWithSuccess(getData($result) ?: []);
+	}
+
+	public function getBerufstaetigkeit()
+	{
+		$this->load->model('codex/Berufstaetigkeit_model', 'BerufstaetigkeitModel');
+
+		$this->BerufstaetigkeitModel->addOrder('berufstaetigkeit_code');
+
+		$result = $this->BerufstaetigkeitModel->load();
+		if (isError($result)) {
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->terminateWithSuccess(getData($result) ?: []);
+	}
+
+	public function getTypenStg()
+	{
+		$this->load->model('education/Gsstudientyp_model', 'GsstudientypModel');
+
+		$this->GsstudientypModel->addOrder('gsstudientyp_kurzbz');
+
+		$result = $this->GsstudientypModel->load();
+		if (isError($result)) {
+			$this->terminateWithError(getError($result), self::ERROR_TYPE_GENERAL);
+		}
+		return $this->terminateWithSuccess(getData($result) ?: []);
+	}
+
+	public function getStudienplaene($prestudent_id)
+	{
+		$this->load->model('organisation/Studienplan_model', 'StudienplanModel');
+		$result = $this->StudienplanModel->getStudienplaeneByPrestudents($prestudent_id);
+
+		$data = $this->getDataOrTerminateWithError($result);
+
+		return $this->terminateWithSuccess($data);
+	}
+
+	/**
+	 * Gets details for the Studiengang of the Prestudent
+	 *
+	 * @param integer					$prestudent_id
+	 *
+	 * @return stdClass
+	 */
+	public function getStudiengang($prestudent_id)
+	{
+		$this->load->model('crm/Prestudent_model', 'PrestudentModel');
+
+		$this->PrestudentModel->addSelect('stg.*');
+
+		$this->PrestudentModel->addJoin('public.tbl_studiengang stg', 'studiengang_kz');
+
+		$result = $this->PrestudentModel->load($prestudent_id);
+
+		$stg = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess(current($stg));
+	}
+}

application/controllers/api/frontend/v1/stv/Student.php

@@ -0,0 +1,562 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+use \DateTime as DateTime;
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the back-end
+ * Provides data to the ajax get calls about a Student
+ * Listens to ajax post calls to change the Student data
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ */
+class Student extends FHCAPI_Controller
+{
+	/**
+	 * Calls the parent's constructor and prepares libraries and phrases
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'get' => ['admin:r', 'assistenz:r'],
+			'save' => ['admin:rw', 'assistenz:rw'],
+			'check' => ['admin:rw', 'assistenz:rw'],
+			'add' => ['admin:rw', 'assistenz:rw'] // TODO(chris): extra permissions
+		]);
+
+		// Load Libraries
+		$this->load->library('VariableLib', ['uid' => getAuthUID()]);
+
+		if ($this->router->method == 'get'
+			|| $this->router->method == 'save'
+		) {
+			$prestudent_id = current(array_slice($this->uri->rsegments, 2));
+			if ($this->router->method == 'get')
+				$this->checkPermissionsForPrestudent($prestudent_id, ['admin:r', 'assistenz:r']);
+			else
+				$this->checkPermissionsForPrestudent($prestudent_id, ['admin:rw', 'assistenz:rw']);
+		}
+
+		// Load language phrases
+		$this->loadPhrases([
+			'ui'
+		]);
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 * Get details for a prestudent
+	 *
+	 * @param string			$prestudent_id
+	 * @return void
+	 */
+	public function get($prestudent_id)
+	{
+		$studiensemester_kurzbz = $this->variablelib->getVar('semester_aktuell');
+
+		$this->load->model('crm/Prestudent_model', 'PrestudentModel');
+
+		$this->PrestudentModel->addSelect('p.*');
+		$this->PrestudentModel->addSelect('s.student_uid');
+		$this->PrestudentModel->addSelect('matrikelnr');
+		$this->PrestudentModel->addSelect('b.aktiv');
+		$this->PrestudentModel->addSelect('v.semester');
+		$this->PrestudentModel->addSelect('v.verband');
+		$this->PrestudentModel->addSelect('v.gruppe');
+		$this->PrestudentModel->addSelect('b.alias');
+
+		if (defined('ACTIVE_ADDONS') && strpos(ACTIVE_ADDONS, 'bewerbung') !== false) {
+			$this->PrestudentModel->addSelect(
+				"(
+					SELECT kontakt 
+					FROM public.tbl_kontakt 
+					WHERE kontakttyp='email' 
+					AND person_id=p.person_id 
+					AND zustellung 
+					ORDER BY kontakt_id 
+					LIMIT 1
+				) AS email_privat",
+				false
+			);
+		}
+
+		$this->PrestudentModel->addJoin('public.tbl_student s', 'prestudent_id', 'LEFT');
+		$this->PrestudentModel->addJoin('public.tbl_benutzer b', 'student_uid = uid', 'LEFT');
+		$this->PrestudentModel->addJoin(
+			'public.tbl_studentlehrverband v',
+			'b.uid = v.student_uid AND v.studiensemester_kurzbz = ' . $this->PrestudentModel->escape($studiensemester_kurzbz),
+			'LEFT'
+		);
+		$this->PrestudentModel->addJoin('public.tbl_person p', 'p.person_id = tbl_prestudent.person_id');
+
+		$result = $this->PrestudentModel->loadWhere(['prestudent_id' => $prestudent_id]);
+		
+		$student = $this->getDataOrTerminateWithError($result);
+		
+		if (!$student)
+			return show_404();
+
+		$this->terminateWithSuccess(current($student));
+	}
+
+	/**
+	 * Saves data to a prestudent
+	 *
+	 * @param string			$prestudent_id
+	 * @return void
+	 */
+	public function save($prestudent_id)
+	{
+		$studiensemester_kurzbz = $this->variablelib->getVar('semester_aktuell');
+
+		$this->load->model('person/Person_model', 'PersonModel');
+		$this->load->model('crm/Student_model', 'StudentModel');
+		$this->load->model('crm/Prestudent_model', 'PrestudentModel');
+		$this->load->model('education/Studentlehrverband_model', 'StudentlehrverbandModel');
+
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules('gebdatum', 'Geburtsdatum', 'is_valid_date');
+
+		$this->form_validation->set_rules('semester', 'Semester', 'integer');
+
+		$this->load->library('UDFLib');
+		
+		$result = $this->udflib->getCiValidations($this->PersonModel, $this->input->post());
+
+		//TODO(Manu) check with Chris: input number not allowed
+		$udf_field_validations = $this->getDataOrTerminateWithError($result);
+
+		$this->form_validation->set_rules($udf_field_validations);
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$result = $this->StudentModel->loadWhere(['prestudent_id' => $prestudent_id]);
+		
+		$student = $this->getDataOrTerminateWithError($result);
+
+		$uid = $student ? current($student)->student_uid : null;
+
+		$result = $this->PrestudentModel->loadWhere(['prestudent_id' => $prestudent_id]);
+
+		$person = $this->getDataOrTerminateWithError($result);
+
+		$person_id = $person ? current($person)->person_id : null;
+
+		
+		$array_allowed_props_lehrverband = ['verband', 'semester', 'gruppe'];
+		$update_lehrverband = array();
+		foreach ($array_allowed_props_lehrverband as $prop) {
+			$val = $this->input->post($prop);
+			if ($val !== null) {
+				$update_lehrverband[$prop] = $val;
+			}
+		}
+
+		$array_allowed_props_person = [
+			'anrede',
+			'bpk',
+			'titelpre',
+			'titelpost',
+			'nachname',
+			'vorname',
+			'vornamen',
+			'wahlname',
+			'gebdatum',
+			'gebort',
+			'geburtsnation',
+			'svnr',
+			'ersatzkennzeichen',
+			'staatsbuergerschaft',
+			'matr_nr',
+			'sprache',
+			'geschlecht',
+			'familienstand',
+			'foto',
+			'anmerkung',
+			'homepage'
+		];
+		
+		// add UDFs
+		$result = $this->udflib->getDefinitionForModel($this->PersonModel);
+
+		$definitions = $this->getDataOrTerminateWithError($result);
+
+		foreach ($definitions as $def)
+			$array_allowed_props_person[] = $def['name'];
+
+		$update_person = array();
+		foreach ($array_allowed_props_person as $prop) {
+			$val = $this->input->post($prop);
+			if ($val !== null) {
+				$update_person[$prop] = $val;
+			}
+		}
+
+		$array_allowed_props_student = ['matrikelnr'];
+		$update_student = array();
+		foreach ($array_allowed_props_student as $prop) {
+			$val = $this->input->post($prop);
+			if ($val !== null) {
+				$update_student[$prop] = $val;
+			}
+		}
+
+		// Check PKs
+		if (count($update_lehrverband) + count($update_student) && $uid === null) {
+			// TODO(chris): phrase
+			$this->terminateWithValidationErrors(['' => "Kein/e StudentIn vorhanden!"]);
+		}
+		if (count($update_person) && $person_id === null) {
+			// TODO(chris): phrase
+			$this->terminateWithValidationErrors(['' => "Keine Person vorhanden!"]);
+		}
+
+		// Do Updates
+		if (count($update_lehrverband)) {
+			$result = $this->StudentlehrverbandModel->update([
+				'studiensemester_kurzbz' => $studiensemester_kurzbz,
+				'student_uid' => $uid
+			], $update_lehrverband);
+			$this->getDataOrTerminateWithError($result);
+		}
+
+		if (count($update_person)) {
+			$result = $this->PersonModel->update(
+				$person_id,
+				$update_person
+			);
+			$this->getDataOrTerminateWithError($result);
+		}
+
+
+		if (count($update_student)) {
+			$result = $this->StudentModel->update(
+				[$uid],
+				$update_student
+			);
+			$this->getDataOrTerminateWithError($result);
+		}
+
+		$this->terminateWithSuccess(array_fill_keys(array_merge(
+			array_keys($update_lehrverband),
+			array_keys($update_person),
+			array_keys($update_student)
+		), ''));
+	}
+
+	public function check()
+	{
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules('gebdatum', 'Geburtsdatum', 'is_valid_date');
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		$vorname = $this->input->post('vorname');
+		$nachname = $this->input->post('nachname');
+		$gebdatum = $this->input->post('gebdatum');
+
+		if (!$vorname && !$nachname && !$gebdatum)
+			$this->terminateWithValidationErrors(['At least one of vorname, nachname or gebdatum must be set']);
+
+		$this->load->model('person/Person_model', 'PersonModel');
+
+		if ($gebdatum)
+			$this->PersonModel->db->where('gebdatum', (new DateTime($gebdatum))->format('Y-m-d'));
+		if ($vorname && $nachname) {
+			$this->PersonModel->db->or_group_start();
+			$this->PersonModel->db->where('LOWER(nachname)', 'LOWER(' . $this->PersonModel->db->escape($nachname) . ')', false);
+			$this->PersonModel->db->where('LOWER(vorname)', 'LOWER(' . $this->PersonModel->db->escape($vorname) . ')', false);
+			$this->PersonModel->db->group_end();
+		} elseif ($nachname) {
+			$this->PersonModel->db->or_where('LOWER(nachname)', 'LOWER(' . $this->PersonModel->escape($nachname) . ')', false);
+		}
+
+		$result = $this->PersonModel->load();
+
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($data);
+	}
+
+	public function add()
+	{
+		if (!$this->input->post('person_id')) {
+			if (!isset($_POST['address']) || !is_array($_POST['address']))
+				$_POST['address'] = [];
+			$_POST['address']['func'] = 1;
+		}
+		if ($this->input->post('incoming')) {
+			$_POST['ausbildungssemester'] = 0;
+		}
+
+		$this->load->library('form_validation');
+
+		$this->form_validation->set_rules('nachname', 'Nachname', 'callback_requiredIfNotPersonId', [
+			'requiredIfNotPersonId' => $this->p->t('ui', 'error_required')
+		]);
+		$this->form_validation->set_rules('geschlecht', 'Geschlecht', 'callback_requiredIfNotPersonId', [
+			'requiredIfNotPersonId' => $this->p->t('ui', 'error_required')
+		]);
+		$this->form_validation->set_rules('gebdatum', 'Geburtsdatum', 'callback_isValidDate', [
+			'isValidDate' => $this->p->t('ui', 'error_invalid_date')
+		]);
+		$this->form_validation->set_rules('address[func]', 'Address', 'required|integer|less_than[2]|greater_than[-2]');
+		$this->form_validation->set_rules('address[plz]', 'PLZ', 'callback_requiredIfAddressFunc', [
+			'requiredIfAddressFunc' => $this->p->t('ui', 'error_required')
+		]);
+		$this->form_validation->set_rules('address[gemeinde]', 'Gemeinde', 'callback_requiredIfAddressFunc', [
+			'requiredIfAddressFunc' => $this->p->t('ui', 'error_required')
+		]);
+		$this->form_validation->set_rules('address[ort]', 'Ort', 'callback_requiredIfAddressFunc', [
+			'requiredIfAddressFunc' => $this->p->t('ui', 'error_required')
+		]);
+		$this->form_validation->set_rules('address[address]', 'Adresse', 'callback_requiredIfAddressFunc', [
+			'requiredIfAddressFunc' => $this->p->t('ui', 'error_required')
+		]);
+		$this->form_validation->set_rules('email', 'E-Mail', 'valid_email');
+		$this->form_validation->set_rules('studiengang_kz', 'Studiengang', 'required');
+		$this->form_validation->set_rules('studiensemester_kurzbz', 'Studiensemester', 'required');
+		$this->form_validation->set_rules('ausbildungssemester', 'Ausbildungssemester', 'required|integer|less_than[9]|greater_than[-1]');
+		// TODO(chris): validate studienplan with studiengang, semester and orgform?
+		// TODO(chris): validate person_id, studiengang_kz, studiensemester_kurzbz, orgform_kurzbz, nation, gemeinde, ort, geschlecht?
+
+		if (!$this->form_validation->run())
+			$this->terminateWithValidationErrors($this->form_validation->error_array());
+
+		// TODO(chris): This should be in a library
+		$this->load->model('crm/Prestudent_model', 'PrestudentModel');
+		$this->load->model('crm/Prestudentstatus_model', 'PrestudentstatusModel');
+
+		$this->db->trans_start();
+
+		$result = $this->addInteressent();
+
+		$this->db->trans_complete();
+
+		if ($this->db->trans_status() === FALSE)
+			$this->terminateWithError('TODO(chris): TEXT', self::ERROR_TYPE_GENERAL);
+
+		$this->terminateWithSuccess($result);
+	}
+
+	protected function addInteressent()
+	{
+		// Person anlegen wenn nötig
+		$person_id = $this->input->post('person_id');
+		if (!$person_id) {
+			$this->load->model('person/Person_model', 'PersonModel');
+			
+			$data = [
+				'nachname' => $this->input->post('nachname'),
+				'insertamum' => date('c'),
+				'insertvon' => getAuthUID(),
+				'zugangscode' => uniqid(),
+				'aktiv' => true
+			];
+			if ($this->input->post('anrede'))
+				$data['anrede'] = $this->input->post('anrede');
+			if ($this->input->post('titelpre'))
+				$data['titelpre'] = $this->input->post('titelpre');
+			if ($this->input->post('titelpost'))
+				$data['titelpost'] = $this->input->post('titelpost');
+			if ($this->input->post('vorname'))
+				$data['vorname'] = $this->input->post('vorname');
+			if ($this->input->post('vornamen'))
+				$data['vornamen'] = $this->input->post('vornamen');
+			if ($this->input->post('wahlname'))
+				$data['wahlname'] = $this->input->post('wahlname');
+			if ($this->input->post('geschlecht'))
+				$data['geschlecht'] = $this->input->post('geschlecht');
+			if ($this->input->post('gebdatum'))
+				$data['gebdatum'] = (new DateTime($this->input->post('datum_obj')))->format('Y-m-d');
+			if ($this->input->post('geburtsnation'))
+				$data['geburtsnation'] = $this->input->post('geburtsnation');
+			if ($this->input->post('staatsbuergerschaft'))
+				$data['staatsbuergerschaft'] = $this->input->post('staatsbuergerschaft');
+
+			$result = $this->PersonModel->insert($data);
+			$person_id = $this->getDataOrTerminateWithError($result);
+		}
+
+		// Addresse anlegen
+		$anlegen = $this->input->post('address[func]');
+		if ($anlegen) {
+			$this->load->model('person/Adresse_model', 'AdresseModel');
+
+			$data = [
+				'nation' => $this->input->post('address[nation]'),
+				'strasse' => $this->input->post('address[address]'),
+				'plz' => $this->input->post('address[plz]'),
+				'ort' => $this->input->post('address[ort]'),
+				'gemeinde' => $this->input->post('address[gemeinde]'),
+				'typ' => 'h',
+				'zustelladresse' => true,
+			];
+			if ($anlegen < 0) { // Überschreiben
+				$this->AdresseModel->addOrder('zustelladresse', 'DESC');
+				$this->AdresseModel->addOrder('sort');
+				$result = $this->AdresseModel->loadWhere([
+					'person_id' => $person_id
+				]);
+				$address = $this->getDataOrTerminateWithError($result);
+				if ($address) {
+					$address = current($address);
+
+					$data['updateamum'] = date('c');
+					$data['updatevon'] = getAuthUID();
+
+					$result = $this->AdresseModel->update($address->adresse_id, $data);
+					$this->getDataOrTerminateWithError($result);
+				} else {
+					//Wenn keine Adrese vorhanden ist dann eine neue Anlegen
+					$anlegen = 1;
+					$data['heimatadresse'] = true;
+				}
+			}
+			if ($anlegen > 0) {
+				$data['person_id'] = $person_id;
+				$data['insertamum'] = date('c');
+				$data['insertvon'] = getAuthUID();
+				if (!isset($data['heimatadresse']))
+					$data['heimatadresse'] = !$this->input->post('person_id');
+				
+				$result = $this->AdresseModel->insert($data);
+				$this->getDataOrTerminateWithError($result);
+			}
+		}
+		
+		// Kontaktdaten
+		$kontaktdaten = [];
+		foreach (['email', 'telefon', 'mobil'] as $k) {
+			$v = $this->input->post($k);
+			if ($v)
+				$kontaktdaten[$k] = $v;
+		}
+		if (count($kontaktdaten)) {
+			$this->load->model('person/Kontakt_model', 'KontaktModel');
+
+			foreach ($kontaktdaten as $typ => $kontakt) {
+				$data = [
+					'person_id' => $person_id,
+					'kontakttyp' => $typ,
+					'kontakt' => $kontakt,
+					'zustellung' => true,
+					'insertamum' => date('c'),
+					'insertvon' => getAuthUID()
+				];
+				$result = $this->KontaktModel->insert($data);
+				$this->getDataOrTerminateWithError($result);
+			}
+		}
+
+		// Prestudent anlegen
+		$data = [
+			'aufmerksamdurch_kurzbz' => 'k.A.',
+			'person_id' => $person_id,
+			'studiengang_kz' => $this->input->post('studiengang_kz'),
+			'ausbildungcode' => $this->input->post('letzteausbildung'),
+			'anmerkung' => $this->input->post('anmerkungen'),
+			'reihungstestangetreten' => false,
+			'bismelden' => true
+		];
+		$ausbildungsart = $this->input->post('ausbildungsart');
+		if ($ausbildungsart)
+			$data['anmerkung'] .= ' Ausbildungsart:' . $ausbildungsart;
+		// Incomings und ausserordentliche sind bei Meldung nicht förderrelevant
+		$incoming = $this->input->post('incoming');
+		if ($incoming || substr($data['studiengang_kz'], 0, 1) == '9')
+			$data['foerderrelevant'] = false;
+		// Wenn die Person schon im System erfasst ist, dann die ZGV des Datensatzes uebernehmen
+		$this->PrestudentModel->addOrder('zgvmas_code');
+		$this->PrestudentModel->addOrder('zgv_code', 'DESC');
+		$this->PrestudentModel->addLimit(1);
+		$result = $this->PrestudentModel->loadWhere([
+			'person_id' => $person_id
+		]);
+		$prestudent = $this->getDataOrTerminateWithError($result);
+		if ($prestudent) {
+			$prestudent = current($prestudent);
+			if ($prestudent->zgv_code) {
+				$data['zgv_code'] = $prestudent->zgv_code;
+				$data['zgvort'] = $prestudent->zgvort;
+				$data['zgvdatum'] = $prestudent->zgvdatum;
+
+				$data['zgvmas_code'] = $prestudent->zgvmas_code;
+				$data['zgvmaort'] = $prestudent->zgvmaort;
+				$data['zgvmadatum'] = $prestudent->zgvmadatum;
+			}
+		}
+		// Prestudent speichern
+		$result = $this->PrestudentModel->insert($data);
+		$prestudent_id = $this->getDataOrTerminateWithError($result);
+
+		// Prestudent Rolle Anlegen
+		$data = [
+			'prestudent_id' => $prestudent_id,
+			'status_kurzbz' => $incoming ? 'Incoming' : 'Interessent',
+			'studiensemester_kurzbz' => $this->input->post('studiensemester_kurzbz'),
+			'ausbildungssemester' => $this->input->post('ausbildungssemester') ?: 0,
+			'orgform_kurzbz' => $this->input->post('orgform_kurzbz') ?: null,
+			'studienplan_id' => $this->input->post('studienplan_id') ?: null,
+			'datum' => date('Y-m-d'),
+			'insertamum' => date('c'),
+			'insertvon' => getAuthUID()
+		];
+		$result = $this->PrestudentstatusModel->insert($data);
+		$this->getDataOrTerminateWithError($result);
+
+		if ($incoming) {
+			// TODO(chris): IMPLEMENT!
+			//Matrikelnummer und UID generieren
+			//Benutzerdatensatz anlegen
+			//Studentendatensatz anlegen
+			//StudentLehrverband anlegen
+		}
+
+		// TODO(chris): DEBUG
+		/*$result = $this->PrestudentModel->loadWhere([
+			'pestudent_id' => 1
+		]);
+		if (isError($result)) {
+			return $result;
+		}*/
+
+		$this->terminateWithSuccess(true);
+	}
+
+	public function requiredIfNotPersonId($value)
+	{
+		if (isset($_POST['person_id']))
+			return true;
+		return !!$value;
+	}
+	
+	public function requiredIfAddressFunc($value)
+	{
+		if (!$_POST['address']['func'])
+			return true;
+		return !!$value;
+	}
+}

application/controllers/api/frontend/v1/stv/Students.php

@@ -0,0 +1,743 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the back-end
+ * Provides data to the ajax get calls about listing students
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ */
+class Students extends FHCAPI_Controller
+{
+	private $allowedStgs = [];
+
+
+	public function __construct()
+	{
+		$permissions = [];
+		$router = load_class('Router');
+		$permissions[$router->method] = ['admin:r', 'assistenz:r'];
+		parent::__construct($permissions);
+
+		$this->allowedStgs = $this->permissionlib->getSTG_isEntitledFor('admin') ?: [];
+		$this->allowedStgs = array_merge($this->allowedStgs, $this->permissionlib->getSTG_isEntitledFor('assistenz') ?: []);
+		
+		if (!$this->allowedStgs) {
+			$this->_outputAuthError([$router->method => ['admin:r', 'assistenz:r']]);
+			exit;
+		}
+
+		// Load Libraries
+		$this->load->library('VariableLib', ['uid' => getAuthUID()]);
+	}
+
+	/**
+	 * Remap calls:
+	 * /													=> return []
+	 * /inout												=> return []
+	 * /inout/incoming										=> getIncoming
+	 * /inout/outgoing										=> getOutgoing
+	 * /inout/gemeinsamestudien								=> getGemeinsamestudien
+	 * /(studiengang_kz)									=> getStudents
+	 * /(studiengang_kz)/prestudent							=> getPrestudents
+	 * /(studiengang_kz)/prestudent/*						=> getPrestudents
+	 * /(studiengang_kz)/(semester)							=> getStudents
+	 * /(studiengang_kz)/(semester)/grp/(gruppe_kurzbz)		=> getStudents
+	 * /(studiengang_kz)/(semester)/(verband)				=> getStudents
+	 * /(studiengang_kz)/(semester)/(verband)/(gruppe)		=> getStudents
+	 * /(studiengang_kz)/(org_form)							=> getStudents
+	 * /(studiengang_kz)/(org_form)/prestudent				=> getPrestudents
+	 * /(studiengang_kz)/(org_form)/prestudent/*			=> getPrestudents
+	 * /(studiengang_kz)/(org_form)/(semester)				=> getStudents
+	 * /(studiengang_kz)/(org_form)/(semester)/grp/(gruppe_kurzbz)
+	 * 														=> getStudents
+	 * /(studiengang_kz)/(org_form)/(semester)/(verband)	=> getStudents
+	 * /(studiengang_kz)/(org_form)/(semester)/(verband)/(gruppe)
+	 * 														=> getStudents
+	 * /uid/(student_uid)									=> getStudent
+	 * /prestudent/(prestudent_id)							=> getPrestudent
+	 * /person/(person_id)									=> getPerson
+	 *
+	 * @param string		$method
+	 * @param array			$params				(optional)
+	 *
+	 * @return void
+	 */
+	public function _remap($method, $params = [])
+	{
+		if ($method == '' || $method == 'index')
+			return $this->terminateWithSuccess([]);
+
+		if ($method == 'inout') {
+			if (!count($params))
+				return $this->terminateWithSuccess([]);
+			switch ($params[0]) {
+				case 'incoming':
+					return $this->getIncoming();
+				case 'outgoing':
+					return $this->getOutgoing();
+				case 'gemeinsamestudien':
+					return $this->getGemeinsamestudien();
+				default:
+					return show_404();
+			}
+		}
+
+		$count = count($params);
+		if (!$count)
+			return $this->getStudents($method);
+
+		if ($method == 'uid' && $count == 1)
+			return $this->getStudent($params[0]);
+
+		if ($method == 'prestudent' && $count == 1)
+			return $this->getPrestudent($params[0]);
+
+		if ($method == 'person' && $count == 1)
+			return $this->getPerson($params[0]);
+
+		if (is_numeric($params[0])) {
+			$sem = $params[0];
+			if ($count == 3 && $params[1] == 'grp') {
+				$g = $params[2];
+				$ver = null;
+				$grp = null;
+			} else {
+				$g = null;
+				$ver = $count > 1 ? $params[1] : null;
+				$grp = $count > 2 ? $params[2] : null;
+			}
+			return $this->getStudents($method, $sem, $ver, $grp, $g);
+		} elseif ($params[0] == 'prestudent') {
+			if ($count == 1)
+				return $this->getPrestudents($method);
+			if ($count == 2)
+				return $this->getPrestudents($method, $params[1]);
+			return $this->getPrestudents($method, $params[1], $params[$count-1]);
+		} else {
+			$org = $params[0];
+			if ($count > 1 && $params[1] == 'prestudent') {
+				if ($count == 2)
+					return $this->getPrestudents($method, null, null, $org);
+				if ($count == 3)
+					return $this->getPrestudents($method, $params[2], null, $org);
+				return $this->getPrestudents($method, $params[2], $params[$count-1], $org);
+			}
+			$sem = $count > 1 ? $params[1] : null;
+			if ($count == 4 && $params[2] == 'grp') {
+				$g = $params[3];
+				$ver = null;
+				$grp = null;
+			} else {
+				$g = null;
+				$ver = $count > 2 ? $params[2] : null;
+				$grp = $count > 3 ? $params[3] : null;
+			}
+
+			return $this->getStudents($method, $sem, $ver, $grp, $g, $org);
+		}
+		
+		show_404();
+	}
+
+	/**
+	 * @return void
+	 */
+	protected function getIncoming()
+	{
+		// TODO(chris): IMPLEMENT!
+		$this->terminateWithSuccess([]);
+	}
+
+	/**
+	 * @return void
+	 */
+	protected function getOutgoing()
+	{
+		// TODO(chris): IMPLEMENT!
+		$this->terminateWithSuccess([]);
+	}
+
+	/**
+	 * @return void
+	 */
+	protected function getGemeinsamestudien()
+	{
+		// TODO(chris): IMPLEMENT!
+		$this->terminateWithSuccess([]);
+	}
+
+	/**
+	 * @param integer		$studiengang_kz
+	 * @param string		$studiensemester_kurzbz			(optional)
+	 * @param string		$filter							(optional)
+	 * @param string		$orgform_kurzbz					(optional)
+	 *
+	 * @return void
+	 */
+	protected function getPrestudents($studiengang_kz, $studiensemester_kurzbz = null, $filter = null, $orgform_kurzbz = null)
+	{
+		$this->load->model('crm/Prestudent_model', 'PrestudentModel');
+
+		$stdsemEsc = $studiensemester_kurzbz ? $this->PrestudentModel->escape($studiensemester_kurzbz) : 'NULL';
+
+		$selectRT = "
+			SELECT 1 
+			FROM public.tbl_rt_person 
+			JOIN public.tbl_reihungstest r ON (rt_id = reihungstest_id) 
+			WHERE person_id=p.person_id 
+			AND studienplan_id IN (
+				SELECT studienplan_id 
+				FROM lehre.tbl_studienplan 
+				JOIN lehre.tbl_studienordnung o USING(studienordnung_id) 
+				WHERE o.studiengang_kz=tbl_prestudent.studiengang_kz
+			) 
+			AND r.studiensemester_kurzbz=" . $stdsemEsc;
+
+		
+		$where = ['tbl_prestudent.studiengang_kz' => $studiengang_kz];
+
+		if ($orgform_kurzbz) {
+			$where['ps.orgform_kurzbz'] = $orgform_kurzbz;
+		}
+
+		switch ($filter) {
+			case "interessenten":
+				$where['ps.status_kurzbz'] = 'Interessent';
+				break;
+			case "bewerbungnichtabgeschickt":
+				$where['ps.status_kurzbz'] = 'Interessent';
+				$where['bewerbung_abgeschicktamum'] = null;
+				break;
+			case "bewerbungabgeschickt":
+				$where['ps.status_kurzbz'] = 'Interessent';
+				$where['bewerbung_abgeschicktamum IS NOT NULL'] = null;
+				$where['bestaetigtam'] = null;
+				break;
+			case "statusbestaetigt":
+				$where['ps.status_kurzbz'] = 'Interessent';
+				$where['bestaetigtam IS NOT NULL'] = null;
+				break;
+			case "statusbestaetigtrtnichtangemeldet":
+				$where['ps.status_kurzbz'] = 'Interessent';
+				$where['bestaetigtam IS NOT NULL'] = null;
+				$this->PrestudentModel->db->where('NOT EXISTS(' . $selectRT . ')', null, false);
+				break;
+			case "statusbestaetigtrtangemeldet":
+				$where['ps.status_kurzbz'] = 'Interessent';
+				$where['bestaetigtam IS NOT NULL'] = null;
+				$this->PrestudentModel->db->where('EXISTS(' . $selectRT . ')', null, false);
+				break;
+			case "zgv":
+				$this->load->model('organisation/Studiengang_model', 'StudiengangModel');
+
+				$result = $this->StudiengangModel->load($studiengang_kz);
+
+				$stg = $this->getDataOrTerminateWithError($result);
+				if (!$stg)
+					$this->terminateWithValidationErrors(['' => 'Studiengang does not exist']); // TODO(chris): phrase
+				$stg = current($stg);
+
+				$where['ps.status_kurzbz'] = 'Interessent';
+				
+				if ($stg->typ == 'm') {
+					$where['zgvmas_code IS NOT NULL'] = null;
+					if (defined('ZGV_ERFUELLT_ANZEIGEN') && ZGV_ERFUELLT_ANZEIGEN)
+						$where['zgvmas_erfuellt'] = true;
+				} elseif ($stg->typ == 'p') {
+					$where['zgvdoktor_code IS NOT NULL'] = null;
+					if (defined('ZGV_DOKTOR_ANZEIGEN') && ZGV_DOKTOR_ANZEIGEN)
+						$where['zgvdoktor_erfuellt'] = true;
+				} else {
+					$where['zgv_code IS NOT NULL'] = null;
+					if (defined('ZGV_ERFUELLT_ANZEIGEN') && ZGV_ERFUELLT_ANZEIGEN)
+						$where['zgv_erfuellt'] = true;
+				}
+				break;
+			case "reihungstestangemeldet":
+				$where['ps.status_kurzbz'] = 'Interessent';
+				$this->PrestudentModel->db->where('EXISTS(' . $selectRT . ')', null, false);
+				break;
+			case "reihungstestnichtangemeldet":
+				$where['ps.status_kurzbz'] = 'Interessent';
+				$this->PrestudentModel->db->where('NOT EXISTS(' . $selectRT . ')', null, false);
+				break;
+			case "bewerber":
+				$where['ps.status_kurzbz'] = 'Bewerber';
+				break;
+			case "bewerberrtnichtangemeldet":
+				$where['ps.status_kurzbz'] = 'Bewerber';
+				$this->PrestudentModel->db->where('NOT EXISTS(' . $selectRT . ')', null, false);
+				break;
+			case "bewerberrtangemeldet":
+				$where['ps.status_kurzbz'] = 'Bewerber';
+				$this->PrestudentModel->db->where('EXISTS(' . $selectRT . ')', null, false);
+				break;
+			case "bewerberrtangemeldetteilgenommen":
+				$where['ps.status_kurzbz'] = 'Bewerber';
+				$this->PrestudentModel->db->where('EXISTS(' . $selectRT . ')', null, false);
+				$where['reihungstestangetreten'] = true;
+				break;
+			case "bewerberrtangemeldetnichtteilgenommen":
+				$where['ps.status_kurzbz'] = 'Bewerber';
+				$this->PrestudentModel->db->where('EXISTS(' . $selectRT . ')', null, false);
+				$where['reihungstestangetreten'] = false;
+				break;
+			case "aufgenommen":
+				$where['ps.status_kurzbz'] = 'Aufgenommener';
+				break;
+			case "warteliste":
+				$where['ps.status_kurzbz'] = 'Wartender';
+				break;
+			case "absage":
+				$where['ps.status_kurzbz'] = 'Abgewiesener';
+				break;
+			case "incoming":
+				// NOTE(chris): in FAS it was not filtered for studiengang_kz
+				$where['ps.status_kurzbz'] = 'Incoming';
+				break;
+			case "absolvent":
+				$where['ps.status_kurzbz'] = 'Absolvent';
+				break;
+			case "diplomand":
+				$where['ps.status_kurzbz'] = 'Diplomand';
+				break;
+			default:
+				if (!$studiensemester_kurzbz) {
+					// TODO(chris): this does not work with $orgform_kurzbz != null
+					$where['ps.status_kurzbz'] = null;
+				} else {
+					$this->PrestudentModel->db->where_in('ps.status_kurzbz', [
+						'Interessent',
+						'Bewerber',
+						'Aufgenommener',
+						'Wartender',
+						'Abgewiesener'
+					]);
+				}
+				break;
+		}
+
+		/*
+			$this->PrestudentModel->addJoin('public.tbl_studiengang stg', 'studiengang_kz', 'LEFT');
+			$this->PrestudentModel->addJoin('public.tbl_person p', 'person_id');
+			$this->PrestudentModel->addJoin('public.tbl_prestudentstatus pls', '
+				pls.status_kurzbz=public.get_rolle_prestudent(tbl_prestudent.prestudent_id, NULL) 
+				AND pls.prestudent_id=tbl_prestudent.prestudent_id 
+				AND pls.studiensemester_kurzbz=public.get_stdsem_prestudent(tbl_prestudent.prestudent_id, NULL) 
+				AND pls.ausbildungssemester=public.get_absem_prestudent(tbl_prestudent.prestudent_id, NULL)', 'LEFT');
+			$this->PrestudentModel->addJoin('lehre.tbl_studienplan sp', 'studienplan_id', 'LEFT');
+			$this->PrestudentModel->addJoin('public.tbl_prestudentstatus ps', '
+				ps.status_kurzbz=public.get_rolle_prestudent(tbl_prestudent.prestudent_id, ' . $stdsemEsc . ') 
+				AND ps.prestudent_id=tbl_prestudent.prestudent_id 
+				AND ps.studiensemester_kurzbz=public.get_stdsem_prestudent(tbl_prestudent.prestudent_id, ' . $stdsemEsc . ') 
+				AND ps.ausbildungssemester=public.get_absem_prestudent(tbl_prestudent.prestudent_id, ' . $stdsemEsc . ')', 'LEFT');*/
+		$this->prepareQuery($studiensemester_kurzbz);
+		
+		$this->PrestudentModel->addSelect("
+			CASE WHEN ps.status_kurzbz IN ('Aufgenommener', 'Bewerber', 'Wartender', 'interessent') 
+			THEN ps.ausbildungssemester::text 
+			ELSE ''::text END AS semester", false);
+		$this->PrestudentModel->addSelect("'' AS verband");
+		$this->PrestudentModel->addSelect("'' AS gruppe");
+		$this->addSelectPrioRel();
+
+		$this->addFilter($studiensemester_kurzbz);
+
+		$result = $this->PrestudentModel->loadWhere($where);
+
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($data);
+	}
+
+	/**
+	 * @param integer		$studiengang_kz
+	 * @param integer		$semester						(optional)
+	 * @param string		$verband						(optional)
+	 * @param integer		$gruppe							(optional)
+	 * @param string		$gruppe_kurzbz					(optional)
+	 * @param string		$orgform_kurzbz					(optional)
+	 *
+	 * @return void
+	 */
+	protected function getStudents($studiengang_kz, $semester = null, $verband = null, $gruppe = null, $gruppe_kurzbz = null, $orgform_kurzbz = null)
+	{
+		$studiensemester_kurzbz = $this->variablelib->getVar('semester_aktuell');
+		
+
+		$this->load->model('crm/Prestudent_model', 'PrestudentModel');
+
+		/*
+			$this->PrestudentModel->addJoin('public.tbl_studiengang stg', 'studiengang_kz', 'LEFT');
+			$this->PrestudentModel->addJoin('public.tbl_person p', 'person_id');
+			$this->PrestudentModel->addJoin('public.tbl_student s', 'prestudent_id');
+			$this->PrestudentModel->addJoin('public.tbl_prestudentstatus pls', '
+				pls.status_kurzbz=public.get_rolle_prestudent(tbl_prestudent.prestudent_id, NULL) 
+				AND pls.prestudent_id=tbl_prestudent.prestudent_id 
+				AND pls.studiensemester_kurzbz=public.get_stdsem_prestudent(tbl_prestudent.prestudent_id, NULL) 
+				AND pls.ausbildungssemester=public.get_absem_prestudent(tbl_prestudent.prestudent_id, NULL)', 'LEFT');
+			$this->PrestudentModel->addJoin('lehre.tbl_studienplan sp', 'studienplan_id', 'LEFT');
+			$this->PrestudentModel->addJoin('public.tbl_benutzer b', 's.student_uid=b.uid');
+			$this->PrestudentModel->addJoin(
+				'public.tbl_studentlehrverband v',
+				'v.student_uid=s.student_uid AND v.studiensemester_kurzbz=' . $this->PrestudentModel->escape($studiensemester_kurzbz)
+			);*/
+		$this->prepareQuery($studiensemester_kurzbz, '');
+
+		$this->PrestudentModel->addSelect('v.semester');
+		$this->PrestudentModel->addSelect('v.verband');
+		$this->PrestudentModel->addSelect('v.gruppe');
+		$this->PrestudentModel->addSelect("'' AS priorisierung_relativ");
+
+
+		$where = [];
+
+		if ($gruppe_kurzbz !== null) {
+			$this->PrestudentModel->addJoin('public.tbl_benutzergruppe g', 'uid');
+			$where['g.gruppe_kurzbz'] = $gruppe_kurzbz;
+			$where['g.studiensemester_kurzbz'] = $studiensemester_kurzbz;
+		} else {
+			$where['v.studiengang_kz'] = $studiengang_kz;
+
+			if ($semester !== null)
+				$where['v.semester'] = $semester;
+
+			if ($verband !== null)
+				$where['v.verband'] = $verband;
+
+			if ($gruppe !== null)
+				$where['v.gruppe'] = $gruppe;
+	
+			if (!$verband && !$gruppe && $orgform_kurzbz !== null) {
+				$this->PrestudentModel->db->where(
+					"(
+						SELECT orgform_kurzbz 
+						FROM public.tbl_prestudentstatus 
+						WHERE prestudent_id=tbl_prestudent.prestudent_id 
+						AND studiensemester_kurzbz=" . $this->PrestudentModel->escape($studiensemester_kurzbz) . " 
+						ORDER BY datum DESC, insertamum DESC, ext_id DESC LIMIT 1
+					) =",
+					$this->PrestudentModel->escape($orgform_kurzbz),
+					false
+				);
+			}
+
+		}
+
+		$this->addFilter($studiensemester_kurzbz);
+
+		$result = $this->PrestudentModel->loadWhere($where);
+		
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($data);
+	}
+
+	/**
+	 * @param string		$prestudent_id
+	 *
+	 * @return void
+	 */
+	protected function getPrestudent($prestudent_id)
+	{
+		$studiensemester_kurzbz = $this->variablelib->getVar('semester_aktuell');
+
+		$this->load->model('crm/Prestudent_model', 'PrestudentModel');
+
+		/*
+			$this->PrestudentModel->addJoin('public.tbl_studiengang stg', 'studiengang_kz', 'LEFT');
+			$this->PrestudentModel->addJoin('public.tbl_person p', 'person_id');
+			$this->PrestudentModel->addJoin('public.tbl_student s', 'prestudent_id', 'LEFT');
+			$this->PrestudentModel->addJoin('public.tbl_prestudentstatus pls', '
+				pls.status_kurzbz=public.get_rolle_prestudent(tbl_prestudent.prestudent_id, NULL) 
+				AND pls.prestudent_id=tbl_prestudent.prestudent_id 
+				AND pls.studiensemester_kurzbz=public.get_stdsem_prestudent(tbl_prestudent.prestudent_id, NULL) 
+				AND pls.ausbildungssemester=public.get_absem_prestudent(tbl_prestudent.prestudent_id, NULL)', 'LEFT');
+			$this->PrestudentModel->addJoin('lehre.tbl_studienplan sp', 'studienplan_id', 'LEFT');
+			$this->PrestudentModel->addJoin('public.tbl_benutzer b', 's.student_uid=b.uid', 'LEFT');
+			$this->PrestudentModel->addJoin(
+				'public.tbl_studentlehrverband v',
+				'v.student_uid=s.student_uid AND v.studiensemester_kurzbz=' . $this->PrestudentModel->escape($studiensemester_kurzbz),
+				'LEFT'
+			);*/
+		$this->prepareQuery($studiensemester_kurzbz);
+
+		$this->PrestudentModel->addSelect("COALESCE(v.semester::text, CASE WHEN public.get_rolle_prestudent(tbl_prestudent.prestudent_id, NULL) IN ('Aufgenommener', 'Bewerber', 'Wartender', 'interessent') THEN public.get_absem_prestudent(tbl_prestudent.prestudent_id, NULL)::text ELSE ''::text END) AS semester", false);
+		$this->PrestudentModel->addSelect('v.verband');
+		$this->PrestudentModel->addSelect('v.gruppe');
+		$this->addSelectPrioRel();
+
+		$this->addFilter($studiensemester_kurzbz);
+
+		$result = $this->PrestudentModel->loadWhere([
+			'tbl_prestudent.prestudent_id' => $prestudent_id
+		]);
+
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($data);
+	}
+
+	/**
+	 * @param string		$student_uid
+	 *
+	 * @return void
+	 */
+	protected function getStudent($student_uid)
+	{
+		$studiensemester_kurzbz = $this->variablelib->getVar('semester_aktuell');
+
+		$this->load->model('crm/Prestudent_model', 'PrestudentModel');
+
+		/*
+			$this->PrestudentModel->addJoin('public.tbl_studiengang stg', 'studiengang_kz', 'LEFT');
+			$this->PrestudentModel->addJoin('public.tbl_person p', 'person_id');
+			$this->PrestudentModel->addJoin('public.tbl_student s', 'prestudent_id');
+			$this->PrestudentModel->addJoin('public.tbl_prestudentstatus pls', '
+				pls.status_kurzbz=public.get_rolle_prestudent(tbl_prestudent.prestudent_id, NULL) 
+				AND pls.prestudent_id=tbl_prestudent.prestudent_id 
+				AND pls.studiensemester_kurzbz=public.get_stdsem_prestudent(tbl_prestudent.prestudent_id, NULL) 
+				AND pls.ausbildungssemester=public.get_absem_prestudent(tbl_prestudent.prestudent_id, NULL)', 'LEFT');
+			$this->PrestudentModel->addJoin('lehre.tbl_studienplan sp', 'studienplan_id', 'LEFT');
+			$this->PrestudentModel->addJoin('public.tbl_benutzer b', 's.student_uid=b.uid');
+			$this->PrestudentModel->addJoin(
+				'public.tbl_studentlehrverband v',
+				'v.student_uid=s.student_uid AND v.studiensemester_kurzbz=' . $this->PrestudentModel->escape($studiensemester_kurzbz),
+				'LEFT'
+			);*/
+		$this->prepareQuery($studiensemester_kurzbz);
+
+		$this->PrestudentModel->addSelect('v.semester');
+		$this->PrestudentModel->addSelect('v.verband');
+		$this->PrestudentModel->addSelect('v.gruppe');
+		$this->addSelectPrioRel();
+
+		$this->addFilter($studiensemester_kurzbz);
+
+		$result = $this->PrestudentModel->loadWhere([
+			's.student_uid' => $student_uid
+		]);
+		
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($data);
+	}
+
+	/**
+	 * @param integer		$person_id
+	 *
+	 * @return void
+	 */
+	protected function getPerson($person_id)
+	{
+		$studiensemester_kurzbz = $this->variablelib->getVar('semester_aktuell');
+
+		$this->load->model('crm/Prestudent_model', 'PrestudentModel');
+
+		/*
+			$this->PrestudentModel->addJoin('public.tbl_person p', 'person_id');
+			$this->PrestudentModel->addJoin('public.tbl_student s', 'prestudent_id');
+			$this->PrestudentModel->addJoin('public.tbl_benutzer b', 's.student_uid=b.uid');
+			$this->PrestudentModel->addJoin(
+				'public.tbl_studentlehrverband v',
+				'v.student_uid=s.student_uid AND v.studiensemester_kurzbz=' . $this->PrestudentModel->escape($studiensemester_kurzbz),
+				'LEFT'
+			);*/
+		$this->prepareQuery($studiensemester_kurzbz);
+
+		$this->PrestudentModel->addSelect('v.semester');
+		$this->PrestudentModel->addSelect('v.verband');
+		$this->PrestudentModel->addSelect('v.gruppe');
+		$this->addSelectPrioRel();
+
+		$this->addFilter($studiensemester_kurzbz);
+
+		$result = $this->PrestudentModel->loadWhere([
+			'p.person_id' => $person_id
+		]);
+		
+		$data = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($data);
+	}
+
+	/**
+	 * @param string|null	$studiensemester_kurzbz
+	 * @param string		$type
+	 *
+	 * @return void
+	 */
+	protected function prepareQuery($studiensemester_kurzbz, $type = 'LEFT')
+	{
+		$stdsemEsc = $studiensemester_kurzbz ? $this->PrestudentModel->escape($studiensemester_kurzbz) : 'NULL';
+
+
+		$this->PrestudentModel->addJoin('public.tbl_studiengang stg', 'studiengang_kz', 'LEFT');
+		$this->PrestudentModel->addJoin('public.tbl_person p', 'person_id');
+		$this->PrestudentModel->addJoin('public.tbl_student s', 'prestudent_id', $type);
+		$this->PrestudentModel->addJoin('public.tbl_prestudentstatus pls', '
+			pls.status_kurzbz=public.get_rolle_prestudent(tbl_prestudent.prestudent_id, NULL) 
+			AND pls.prestudent_id=tbl_prestudent.prestudent_id 
+			AND pls.studiensemester_kurzbz=public.get_stdsem_prestudent(tbl_prestudent.prestudent_id, NULL) 
+			AND pls.ausbildungssemester=public.get_absem_prestudent(tbl_prestudent.prestudent_id, NULL)', 'LEFT');
+		$this->PrestudentModel->addJoin('lehre.tbl_studienplan sp', 'studienplan_id', 'LEFT');
+		$this->PrestudentModel->addJoin('public.tbl_benutzer b', 's.student_uid=b.uid', 'LEFT');
+		$this->PrestudentModel->addJoin(
+			'public.tbl_studentlehrverband v',
+			'v.student_uid=s.student_uid AND v.studiensemester_kurzbz' . ($studiensemester_kurzbz ? '=' . $stdsemEsc : ' IS NULL'),
+			$type
+		);
+		$this->PrestudentModel->addJoin('public.tbl_prestudentstatus ps', '
+			ps.status_kurzbz=public.get_rolle_prestudent(tbl_prestudent.prestudent_id, ' . $stdsemEsc . ') 
+			AND ps.prestudent_id=tbl_prestudent.prestudent_id 
+			AND ps.studiensemester_kurzbz=public.get_stdsem_prestudent(tbl_prestudent.prestudent_id, ' . $stdsemEsc . ') 
+			AND ps.ausbildungssemester=public.get_absem_prestudent(tbl_prestudent.prestudent_id, ' . $stdsemEsc . ')', 'LEFT');
+
+
+		$this->PrestudentModel->addSelect("b.uid");
+		$this->PrestudentModel->addSelect('titelpre');
+		$this->PrestudentModel->addSelect('nachname');
+		$this->PrestudentModel->addSelect('vorname');
+		$this->PrestudentModel->addSelect('wahlname');
+		$this->PrestudentModel->addSelect('vornamen');
+		$this->PrestudentModel->addSelect('titelpost');
+		$this->PrestudentModel->addSelect('svnr');
+		$this->PrestudentModel->addSelect('ersatzkennzeichen');
+		$this->PrestudentModel->addSelect('gebdatum');
+		$this->PrestudentModel->addSelect('geschlecht');
+
+		// semester
+		// verband
+		// gruppe
+
+		$this->PrestudentModel->addSelect('UPPER(stg.typ || stg.kurzbz) AS studiengang');
+		$this->PrestudentModel->addSelect('tbl_prestudent.studiengang_kz');
+		$this->PrestudentModel->addSelect("s.matrikelnr");
+		$this->PrestudentModel->addSelect('p.person_id');
+		$this->PrestudentModel->addSelect('pls.status_kurzbz AS status');
+		$this->PrestudentModel->addSelect('pls.datum AS status_datum');
+		$this->PrestudentModel->addSelect('pls.bestaetigtam AS status_bestaetigung');
+		$this->PrestudentModel->addSelect(
+			"(SELECT kontakt FROM public.tbl_kontakt WHERE kontakttyp='email' AND person_id=p.person_id AND zustellung LIMIT 1) AS mail_privat",
+			false
+		);
+		$this->PrestudentModel->addSelect("
+			CASE WHEN b.uid IS NOT NULL AND b.uid<>'' 
+			THEN b.uid || " . $this->PrestudentModel->escape(DOMAIN) . " 
+			ELSE '' END AS mail_intern", false);
+		$this->PrestudentModel->addSelect('p.anmerkung AS anmerkungen');
+		$this->PrestudentModel->addSelect('tbl_prestudent.anmerkung');
+		$this->PrestudentModel->addSelect('pls.orgform_kurzbz');
+		$this->PrestudentModel->addSelect('aufmerksamdurch_kurzbz');
+		$this->PrestudentModel->addSelect(
+			"(SELECT rt_gesamtpunkte AS punkte FROM public.tbl_prestudent WHERE prestudent_id=ps.prestudent_id) AS punkte",
+			false
+		);
+		$this->PrestudentModel->addSelect('tbl_prestudent.aufnahmegruppe_kurzbz');
+		$this->PrestudentModel->addSelect('tbl_prestudent.dual');
+		$this->PrestudentModel->addSelect('p.matr_nr');
+		$this->PrestudentModel->addSelect('sp.bezeichnung AS studienplan_bezeichnung');
+		$this->PrestudentModel->addSelect('tbl_prestudent.prestudent_id');
+
+		// priorisierung_relativ
+
+		$this->PrestudentModel->addSelect('mentor');
+		$this->PrestudentModel->addSelect('b.aktiv AS bnaktiv');
+
+		/*$this->PrestudentModel->addSelect('tbl_prestudent.reihungstest_id');
+		$this->PrestudentModel->addSelect('tbl_prestudent.anmeldungreihungstest');
+		$this->PrestudentModel->addSelect('tbl_prestudent.gsstudientyp_kurzbz');
+		$this->PrestudentModel->addSelect('tbl_prestudent.priorisierung');
+		$this->PrestudentModel->addSelect('p.zugangscode');
+		$this->PrestudentModel->addSelect('p.bpk');*/
+
+		$this->PrestudentModel->db->where_in('tbl_prestudent.studiengang_kz', $this->allowedStgs);
+
+		$this->PrestudentModel->addOrder('nachname');
+		$this->PrestudentModel->addOrder('vorname');
+	}
+
+	/**
+	 * @return void
+	 */
+	protected function addSelectPrioRel()
+	{
+		$this->PrestudentModel->addSelect("(
+			SELECT count(*)
+			FROM (
+				SELECT *, public.get_rolle_prestudent(tbl_prestudent.prestudent_id, NULL) AS laststatus
+				FROM PUBLIC.tbl_prestudent pss
+				JOIN PUBLIC.tbl_prestudentstatus USING (prestudent_id)
+				WHERE person_id = p.person_id
+				AND studiensemester_kurzbz = (
+					SELECT studiensemester_kurzbz
+					FROM PUBLIC.tbl_prestudentstatus
+					WHERE prestudent_id = tbl_prestudent.prestudent_id
+					AND status_kurzbz = 'Interessent'
+					LIMIT 1
+				)
+				AND status_kurzbz = 'Interessent'
+			) prest
+			WHERE laststatus NOT IN ('Abbrecher', 'Abgewiesener', 'Absolvent')
+			AND priorisierung <= tbl_prestudent.priorisierung
+		) || ' (' || tbl_prestudent.priorisierung || ')' AS priorisierung_relativ", false);
+	}
+
+	/**
+	 * Adds additional filters to the query
+	 *
+	 * @param string		$studiensemester_kurzbz
+	 *
+	 * @return void
+	 */
+	protected function addFilter($studiensemester_kurzbz)
+	{
+		$filter = $this->input->get('filter');
+		if (isset($filter['konto_count_0'])) {
+			$bt = $this->PrestudentModel->escape($filter['konto_count_0']);
+			$stdsem = $this->PrestudentModel->escape($studiensemester_kurzbz);
+
+			$this->PrestudentModel->db->where('(
+				SELECT count(*) 
+				FROM public.tbl_konto 
+				WHERE person_id=tbl_prestudent.person_id 
+				AND buchungstyp_kurzbz=' . $bt . ' 
+				AND studiensemester_kurzbz=' . $stdsem . '
+			) =', 0);
+			$this->PrestudentModel->db->where('get_rolle_prestudent(tbl_prestudent.prestudent_id, NULL) !=', 'Incoming');
+		}
+		if (isset($filter['konto_missing_counter'])) {
+			$bt = $this->PrestudentModel->escape($filter['konto_missing_counter']);
+			$stg = '';
+			if ($this->variablelib->getVar('kontofilterstg') == 'true')
+				$stg = ' AND studiengang_kz=tbl_prestudent.studiengang_kz';
+
+			$bt = $bt == 'alle' ? '' : ' AND buchungstyp_kurzbz=' . $bt;
+
+			$this->PrestudentModel->db->where('(
+				SELECT sum(betrag) 
+				FROM public.tbl_konto 
+				WHERE person_id=tbl_prestudent.person_id' .
+				$bt .
+				$stg . '
+			) !=', 0);
+		}
+	}
+}

application/controllers/api/frontend/v1/stv/Verband.php

@@ -0,0 +1,493 @@
+<?php
+/**
+ * Copyright (C) 2024 fhcomplete.org
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ * This controller operates between (interface) the JS (GUI) and the back-end
+ * Provides data to the ajax get calls about verbände
+ * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ */
+class Verband extends FHCAPI_Controller
+{
+	public function __construct()
+	{
+		$permissions = [];
+		$router = load_class('Router');
+		$permissions[$router->method] = ['admin:r', 'assistenz:r'];
+		parent::__construct($permissions);
+
+		// Load Models
+		$this->load->model('organisation/Studiengang_model', 'StudiengangModel');
+	}
+	
+	/**
+	 * Remap calls:
+	 * /
+	 * /(studiengang_kz)									=> getStudiengang
+	 * /(studiengang_kz)/(semester)							=> getSemester
+	 * /(studiengang_kz)/(semester)/(verband)				=> getVerband
+	 * /(studiengang_kz)/(org_form)							=> getStudiengang
+	 * /(studiengang_kz)/(org_form)/(semester)				=> getSemester
+	 * /(studiengang_kz)/(org_form)/(semester)/(verband)	=> getVerband
+	 *
+	 * @param string		$method
+	 * @param array			$params				(optional)
+	 *
+	 * @return void
+	 */
+	public function _remap($method, $params = [])
+	{
+		if ($method == '' || $method == 'index')
+			return $this->getBase();
+
+		// NOTE(chris): Test if access is allowed ($method is the Studiengang)
+		if (!$this->permissionlib->isBerechtigt('assistenz', 's', $method)
+			&& !$this->permissionlib->isBerechtigt('admin', 's', $method)
+		) {
+			return $this->_outputAuthError([$method => ['admin:r', 'assistenz:r']]);
+		}
+
+		$count = count($params);
+		if (!$count)
+			return $this->getStudiengang($method);
+
+		if ($count == 1) {
+			if (is_numeric($params[0]))
+				return $this->getSemester($method, $params[0]);
+			elseif ($params[0] == 'prestudent')
+				return $this->terminateWithSuccess($this->getStdSem($method . '/prestudent/', $method));
+			else
+				return $this->getStudiengang($method, $params[0]);
+		}
+		if ($count == 2) {
+			if (is_numeric($params[0]))
+				return $this->getVerband($method, $params[0], $params[1]);
+			elseif ($params[1] == 'prestudent')
+				return $this->terminateWithSuccess($this->getStdSem($method . '/' . $params[0] . '/prestudent/', $method));
+			else
+				return $this->getSemester($method, $params[1], $params[0]);
+		}
+		if ($count == 3 && !is_numeric($params[0]) && is_numeric($params[1]) && !is_numeric($params[2]))
+			return $this->getVerband($method, $params[1], $params[2], $params[0]);
+
+		show_404();
+	}
+
+	/**
+	 * @return void
+	 */
+	protected function getBase()
+	{
+		$this->StudiengangModel->addJoin('public.tbl_lehrverband v', 'studiengang_kz');
+		
+		$this->StudiengangModel->addDistinct();
+		$this->StudiengangModel->addSelect("v.studiengang_kz AS link");
+		$this->StudiengangModel->addSelect(
+			"CONCAT(kurzbzlang, ' (', UPPER(CONCAT(typ, kurzbz)), ') - ', tbl_studiengang.bezeichnung) AS name",
+			false
+		);
+		$this->StudiengangModel->addSelect('erhalter_kz');
+		$this->StudiengangModel->addSelect('typ');
+		$this->StudiengangModel->addSelect('kurzbz');
+		$this->StudiengangModel->addSelect('studiengang_kz');
+		$this->StudiengangModel->addSelect('studiengang_kz AS stg_kz');
+		
+		$this->StudiengangModel->addOrder('erhalter_kz');
+		$this->StudiengangModel->addOrder('typ');
+		$this->StudiengangModel->addOrder('kurzbz');
+
+		$stgs = $this->permissionlib->getSTG_isEntitledFor('admin') ?: [];
+		$stgs = array_merge($stgs, $this->permissionlib->getSTG_isEntitledFor('assistenz') ?: []);
+
+		if (!$stgs)
+			$this->terminateWithSuccess([]);
+
+		$this->StudiengangModel->db->where_in('studiengang_kz', $stgs);
+
+		$result = $this->StudiengangModel->loadWhere(['v.aktiv' => true]);
+
+		$list = $this->getDataOrTerminateWithError($result);
+
+		if ($this->permissionlib->isBerechtigt('inout/uebersicht'))
+			$list[] = [
+				'name' => 'International',
+				'link' => 'inout',
+				'children' => [
+					[
+						'name' => 'Incoming',
+						'link' => 'inout/incoming',
+						'leaf' => true
+					],
+					[
+						'name' => 'Outgoing',
+						'link' => 'inout/outgoing',
+						'leaf' => true
+					],
+					[
+						'name' => 'Gemeinsame Studien',
+						'link' => 'inout/gemeinsamestudien',
+						'leaf' => true
+					]
+				]
+			];
+		$this->terminateWithSuccess($list);
+	}
+
+	/**
+	 * @param integer		$studiengang_kz
+	 * @param string		$orgform			(optional)
+	 *
+	 * @return void
+	 */
+	protected function getStudiengang($studiengang_kz, $org_form = null)
+	{
+		$link = $studiengang_kz . '/';
+		if ($org_form !== null)
+			$link .= $org_form . '/';
+
+		$this->StudiengangModel->addJoin('public.tbl_lehrverband v', 'studiengang_kz');
+		
+		$this->StudiengangModel->addDistinct();
+		$this->StudiengangModel->addSelect("CONCAT(" . $this->StudiengangModel->escape($link) . ", semester) AS link", false);
+		$this->StudiengangModel->addSelect("CONCAT(UPPER(CONCAT(typ, kurzbz)), '-', semester, (SELECT CASE WHEN bezeichnung IS NULL OR bezeichnung='' THEN ''::TEXT ELSE CONCAT(' (', bezeichnung, ')') END FROM public.tbl_lehrverband WHERE studiengang_kz=v.studiengang_kz AND semester=v.semester ORDER BY verband, gruppe LIMIT 1)) AS name", false);
+
+		$this->StudiengangModel->addSelect('semester');
+		$this->StudiengangModel->addSelect($this->StudiengangModel->escape($studiengang_kz) . '::integer AS stg_kz', false);
+		
+		$this->StudiengangModel->addOrder('semester');
+
+		if ($org_form !== null) {
+			$this->StudiengangModel->db->group_start();
+			$this->StudiengangModel->db->where('v.semester', 0);
+			$this->StudiengangModel->db->or_where('v.orgform_kurzbz', $org_form);
+			$this->StudiengangModel->db->group_end();
+		}
+
+		$result = $this->StudiengangModel->loadWhere([
+			'v.studiengang_kz' => $studiengang_kz,
+			'v.aktiv' => true
+		]);
+		$list = $this->getDataOrTerminateWithError($result);
+
+		array_unshift($list, [
+			'name' => 'PreStudent',
+			'link' => $link . 'prestudent',
+			'children' => $this->getStdSem($link . 'prestudent/', $studiengang_kz)
+		]);
+
+		if ($org_form === null) {
+			// NOTE(chris): if mischform show orgforms
+			$result = $this->StudiengangModel->load($studiengang_kz);
+			$result = $this->getDataOrTerminateWithError($result);
+			if ($result) {
+				if (current($result)->mischform) {
+					$this->load->model('organisation/Studienordnung_model', 'StudienordnungModel');
+
+					$this->StudienordnungModel->addDistinct();
+					$this->StudienordnungModel->addSelect("CONCAT(studiengang_kz, '/', p.orgform_kurzbz) AS link");
+					$this->StudienordnungModel->addSelect("p.orgform_kurzbz AS name");
+
+					$this->StudienordnungModel->addJoin('lehre.tbl_studienplan p', 'studienordnung_id');
+
+					$result = $this->StudienordnungModel->loadWhere([
+						'aktiv' => true,
+						'studiengang_kz' => $studiengang_kz,
+						'p.orgform_kurzbz !=' => 'DDP'
+					]);
+					$result = $this->getDataOrTerminateWithError($result);
+
+					$list = array_merge($list, $result);
+				}
+			}
+
+		}
+		$this->terminateWithSuccess($list);
+	}
+
+	/**
+	 * @param integer		$studiengang_kz
+	 * @param integer		$semester
+	 * @param string		$orgform
+	 *
+	 * @return void
+	 */
+	protected function getSemester($studiengang_kz, $semester, $org_form = null)
+	{
+		$link = $studiengang_kz . '/';
+		if ($org_form !== null)
+			$link .= $org_form . '/';
+		$link .= $semester . '/';
+
+
+		$this->load->model('organisation/Gruppe_model', 'GruppeModel');
+
+		$this->GruppeModel->addDistinct();
+		$this->GruppeModel->addSelect("CONCAT(" . $this->GruppeModel->escape($link . 'grp/') . ", gruppe_kurzbz) AS link", false);
+		$this->GruppeModel->addSelect("CONCAT(gruppe_kurzbz, ' (', bezeichnung, ')') AS name", false);
+		$this->GruppeModel->addSelect("TRUE AS leaf", false);
+
+		$this->GruppeModel->addSelect('sort');
+		$this->GruppeModel->addSelect('gruppe_kurzbz');
+		$this->GruppeModel->addSelect($this->GruppeModel->escape($studiengang_kz) . '::integer AS stg_kz', false);
+
+		$this->GruppeModel->addOrder('sort');
+		$this->GruppeModel->addOrder('gruppe_kurzbz');
+
+		$where = [
+			'studiengang_kz' => $studiengang_kz,
+			'semester' => $semester,
+			'lehre' => true,
+			'sichtbar' => true,
+			'aktiv' => true,
+			'direktinskription' => false
+		];
+
+		if ($org_form !== null)
+			$where['orgform_kurzbz'] = $org_form;
+
+		$result = $this->GruppeModel->loadWhere($where);
+
+		$list = $this->getDataOrTerminateWithError($result);
+
+		$this->StudiengangModel->addJoin('public.tbl_lehrverband v', 'studiengang_kz');
+		
+		$this->StudiengangModel->addSelect("CONCAT(" . $this->StudiengangModel->escape($link) . ", verband) AS link", false);
+		$this->StudiengangModel->addSelect("CONCAT(UPPER(CONCAT(typ, kurzbz)), '-', semester, verband, (SELECT CASE WHEN bezeichnung IS NULL OR bezeichnung='' THEN ''::TEXT ELSE CONCAT(' (', bezeichnung, ')') END FROM public.tbl_lehrverband WHERE studiengang_kz=v.studiengang_kz AND semester=v.semester AND verband=v.verband ORDER BY gruppe LIMIT 1)) AS name", false);
+		$this->StudiengangModel->addSelect("CASE WHEN MAX(gruppe)='' OR MAX(gruppe)=' ' THEN TRUE ELSE FALSE END AS leaf");
+
+		$this->StudiengangModel->addSelect('verband');
+		$this->StudiengangModel->addSelect($this->StudiengangModel->escape($studiengang_kz) . '::integer AS stg_kz', false);
+		
+		$this->StudiengangModel->addOrder('verband');
+
+		$this->StudiengangModel->addGroupBy('link, name, verband');
+		
+		$where = [
+			'v.studiengang_kz' => $studiengang_kz,
+			'v.semester' => $semester,
+			'v.verband !=' => '',
+			'v.aktiv' => true
+		];
+
+		if ($org_form !== null && $semester) // NOTE(chris): on semester 0 show all?
+			$where['v.orgform_kurzbz'] = $org_form;
+
+		$result = $this->StudiengangModel->loadWhere($where);
+		$result = $this->getDataOrTerminateWithError($result);
+
+		$list = array_merge($list, $result);
+
+		$this->terminateWithSuccess($list);
+	}
+
+	/**
+	 * @param integer		$studiengang_kz
+	 * @param integer		$semester
+	 * @param integer		$verband
+	 * @param string		$orgform
+	 *
+	 * @return void
+	 */
+	protected function getVerband($studiengang_kz, $semester, $verband, $org_form = null)
+	{
+		$link = $studiengang_kz . '/';
+		if ($org_form !== null)
+			$link .= $org_form . '/';
+		$link .= $semester . '/'. $verband . '/';
+
+
+		$this->StudiengangModel->addJoin('public.tbl_lehrverband v', 'studiengang_kz');
+		
+		$this->StudiengangModel->addDistinct();
+		$this->StudiengangModel->addSelect("CONCAT(" . $this->StudiengangModel->escape($link) . ", gruppe) AS link", false);
+		$this->StudiengangModel->addSelect("CONCAT(UPPER(CONCAT(typ, kurzbz)), '-', semester, verband, gruppe, (SELECT CASE WHEN bezeichnung IS NULL OR bezeichnung='' THEN ''::TEXT ELSE CONCAT(' (', bezeichnung, ')') END FROM public.tbl_lehrverband WHERE studiengang_kz=v.studiengang_kz AND semester=v.semester AND verband=v.verband AND gruppe=v.gruppe ORDER BY gruppe LIMIT 1)) AS name", false);
+		$this->StudiengangModel->addSelect("TRUE AS leaf", false);
+
+		$this->StudiengangModel->addSelect('gruppe');
+		$this->StudiengangModel->addSelect($this->StudiengangModel->escape($studiengang_kz) . '::integer AS stg_kz', false);
+		
+		$this->StudiengangModel->addOrder('gruppe');
+
+		$where = [
+			'v.studiengang_kz' => $studiengang_kz,
+			'v.semester' => $semester,
+			'v.verband' => $verband,
+			'v.gruppe !=' => '',
+			'v.aktiv' => true
+		];
+
+		if ($org_form !== null && $semester) // NOTE(chris): on semester 0 show all?
+			$where['v.orgform_kurzbz'] = $org_form;
+
+		$result = $this->StudiengangModel->loadWhere($where);
+
+		$list = $this->getDataOrTerminateWithError($result);
+
+		$this->terminateWithSuccess($list);
+	}
+
+	/**
+	 * @param string		$link
+	 * @param integer		$studiengang_kz
+	 *
+	 * @return array
+	 */
+	protected function getStdSem($link, $studiengang_kz)
+	{
+		$this->load->model('organisation/Studiensemester_model', 'StudiensemesterModel');
+
+		$this->load->model('system/Variable_model', 'VariableModel');
+		$result = $this->VariableModel->getVariables(getAuthUID(), ['number_displayed_past_studiensemester']);
+		$data = $this->getDataOrTerminateWithError($result);
+		$number_displayed_past_studiensemester = $data['number_displayed_past_studiensemester'] ?? null;
+
+		$this->StudiensemesterModel->addPlusMinus(null, $number_displayed_past_studiensemester);
+		$this->StudiensemesterModel->addOrder('ende');
+		$result = $this->StudiensemesterModel->load();
+
+		$studiensemester = $this->getDataOrTerminateWithError($result);
+		$result = [];
+
+		$studiengang_kz = (int)$studiengang_kz;
+
+		foreach ($studiensemester as $sem) {
+			$semlink = $link . $sem->studiensemester_kurzbz;
+			$intlink = $semlink . '/interessenten';
+			$result[] = [
+				'name' => $sem->studiensemester_kurzbz,
+				'link' => $semlink,
+				'stg_kz' => $studiengang_kz,
+				'children' => [
+					[
+						'name' => 'Interessenten',
+						'link' => $intlink,
+						'stg_kz' => $studiengang_kz,
+						'children' => [
+							[
+								'name' => 'Bewerbung nicht abgeschickt',
+								'link' => $intlink . '/bewerbungnichtabgeschickt',
+								'stg_kz' => $studiengang_kz,
+								'leaf' => true
+							],
+							[
+								'name' => 'Bewerbung abgeschickt, Status unbestätigt',
+								'link' => $intlink . '/bewerbungabgeschickt',
+								'stg_kz' => $studiengang_kz,
+								'leaf' => true
+							],
+							[
+								'name' => 'ZGV erfüllt',
+								'link' => $intlink . '/zgv',
+								'stg_kz' => $studiengang_kz,
+								'leaf' => true
+							],
+							[
+								'name' => 'Status bestätigt',
+								'link' => $intlink . '/statusbestaetigt',
+								'stg_kz' => $studiengang_kz,
+								'children' => [
+									[
+										'name' => 'Nicht zum Reihungstest angemeldet',
+										'link' => $intlink . '/statusbestaetigtrtnichtangemeldet',
+										'leaf' => true
+									],
+									[
+										'name' => 'Reihungstest angemeldet',
+										'link' => $intlink . '/statusbestaetigtrtangemeldet',
+										'leaf' => true
+									]
+								]
+							],
+							[
+								'name' => 'Nicht zum Reihungstest angemeldet',
+								'link' => $intlink . '/reihungstestnichtangemeldet',
+								'stg_kz' => $studiengang_kz,
+								'leaf' => true
+							],
+							[
+								'name' => 'Reihungstest angemeldet',
+								'link' => $intlink . '/reihungstestangemeldet',
+								'stg_kz' => $studiengang_kz,
+								'leaf' => true
+							]
+						]
+					],
+					[
+						'name' => 'Bewerber',
+						'link' => $semlink . '/bewerber',
+						'stg_kz' => $studiengang_kz,
+						'children' => [
+							[
+								'name' => 'Nicht zum Reihungstest angemeldet',
+								'link' => $intlink . '/bewerberrtnichtangemeldet',
+								'stg_kz' => $studiengang_kz,
+								'leaf' => true
+							],
+							[
+								'name' => 'Reihungstest angemeldet',
+								'link' => $intlink . '/bewerberrtangemeldet',
+								'stg_kz' => $studiengang_kz,
+								'children' => [
+									[
+										'name' => 'Teilgenommen',
+										'link' => $intlink . '/bewerberrtangemeldetteilgenommen',
+										'stg_kz' => $studiengang_kz,
+										'leaf' => true
+									],
+									[
+										'name' => 'Nicht teilgenommen',
+										'link' => $intlink . '/bewerberrtangemeldetnichtteilgenommen',
+										'stg_kz' => $studiengang_kz,
+										'leaf' => true
+									]
+								]
+							]
+						]
+					],
+					[
+						'name' => 'Aufgenommen',
+						'link' => $semlink . '/aufgenommen',
+						'stg_kz' => $studiengang_kz,
+						'leaf' => true
+					],
+					[
+						'name' => 'Warteliste',
+						'link' => $semlink . '/warteliste',
+						'stg_kz' => $studiengang_kz,
+						'leaf' => true
+					],
+					[
+						'name' => 'Absage',
+						'link' => $semlink . '/absage',
+						'stg_kz' => $studiengang_kz,
+						'leaf' => true
+					],
+					[
+						'name' => 'Incoming',
+						'link' => $semlink . '/incoming',
+						'stg_kz' => $studiengang_kz,
+						'leaf' => true
+					]
+				]
+			];
+		}
+
+		return $result;
+	}
+}

application/controllers/api/v1/person/Person.php

@@ -264,4 +264,4 @@ class Person extends API_Controller
 
 		return success('Input data are valid');
 	}
-}
+}

application/controllers/codex/UHSTAT1.php

@@ -5,8 +5,12 @@ if (! defined("BASEPATH")) exit("No direct script access allowed");
 class UHSTAT1 extends FHC_Controller
 {
 	const BERECHTIGUNG_UHSTAT_VERWALTEN = 'student/uhstat1daten_verwalten';
+	const LOGIN_SESSION_INDEX = 'bewerbung/user';
 	const PERSON_ID_SESSION_INDEX = 'bewerbung/personId';
 	const CODEX_OESTERREICH = 'A';
+	const CODEX_UNKNOWN_YEAR = 9999;
+	const CODEX_UNKNOWN_NATION = 'XXX';
+	const CODEX_UNKNOWN_BILDUNGMAX = 999;
 	const LOWER_BOUNDARY_YEARS = 160;
 	const UPPER_BOUNDARY_YEARS = 20;
 
@@ -210,7 +214,9 @@ class UHSTAT1 extends FHC_Controller
 		else
 			return true;
 
-		if (!isset($bildungsstaat)) return true;
+		// if no Bildungsstaat or Bildungmax unknown - valid
+		if (!isset($bildungsstaat) || $bildungmax == self::CODEX_UNKNOWN_BILDUNGMAX) return true;
+
 
 		// find out if abschluss is in Austria
 		$this->AbschlussModel->addSelect("in_oesterreich");
@@ -219,8 +225,11 @@ class UHSTAT1 extends FHC_Controller
 		if (hasData($abschlussRes))
 		{
 			$in_oesterreich = getData($abschlussRes)[0]->in_oesterreich;
-			// invalid if abschluss in Austria, but not Bildungsstaat, or abschluss not in Austria, but Bildungsstaat in Austria
-			return ($in_oesterreich && $bildungsstaat == self::CODEX_OESTERREICH) || (!$in_oesterreich && $bildungsstaat != self::CODEX_OESTERREICH);
+
+			// valid if Bildungsstaat and Abschluss in Austria, or Bildungsstaat and Abschluss not in Austria
+			// (or Abschluss not in Austria and Bildungsstaat unknown)
+			return ($in_oesterreich && $bildungsstaat == self::CODEX_OESTERREICH)
+				|| (!$in_oesterreich && ($bildungsstaat != self::CODEX_OESTERREICH || $bildungsstaat == self::CODEX_UNKNOWN_NATION));
 		}
 
 		return false;
@@ -363,7 +372,11 @@ class UHSTAT1 extends FHC_Controller
 
 		// get realistic birth years, dated back from current year
 		$currYear = date("Y");
-		$formMetaData['jahre'] = range($currYear - self::UPPER_BOUNDARY_YEARS, $currYear - self::LOWER_BOUNDARY_YEARS);
+		$yearRange = range($currYear - self::UPPER_BOUNDARY_YEARS, $currYear - self::LOWER_BOUNDARY_YEARS);
+		$formMetaData['jahre'] = array_combine($yearRange, $yearRange);
+
+		// add "unknown" option
+		$formMetaData['jahre'][self::CODEX_UNKNOWN_YEAR] = 'unbekannt';
 
 		return success($formMetaData);
 	}
@@ -411,7 +424,10 @@ class UHSTAT1 extends FHC_Controller
 	private function _getValidPersonId($berechtigungsArt)
 	{
 		// if coming from bewerbungstool - person id is in session (person must be logged in bewerbungstool)
-		if (isset($_SESSION[self::PERSON_ID_SESSION_INDEX]) && is_numeric($_SESSION[self::PERSON_ID_SESSION_INDEX]))
+		if (isset($_SESSION[self::PERSON_ID_SESSION_INDEX])
+			&& is_numeric($_SESSION[self::PERSON_ID_SESSION_INDEX])
+			&& isset($_SESSION[self::LOGIN_SESSION_INDEX])
+		)
 			return $_SESSION[self::PERSON_ID_SESSION_INDEX];
 
 		// if person id passed directly...

application/controllers/components/Antrag/Abmeldung.php

@@ -1,218 +0,0 @@
-<?php
-
-if (! defined('BASEPATH')) exit('No direct script access allowed');
-
-use \Studierendenantrag_model as Studierendenantrag_model;
-
-/**
- *
- */
-class Abmeldung extends FHC_Controller
-{
-
-	/**
-	 * Calls the parent's constructor and loads the FilterCmptLib
-	 */
-	public function __construct()
-	{
-		parent::__construct();
-
-		// Libraries
-		$this->load->library('AuthLib');
-		$this->load->library('AntragLib');
-
-		// Load language phrases
-		$this->loadPhrases([
-			'studierendenantrag'
-		]);
-	}
-
-	//------------------------------------------------------------------------------------------------------------------
-	// Public methods
-
-	/**
-	 * Retrieves data of the current studiengang for the current user
-	 */
-
-	public function getDetailsForNewAntrag($prestudent_id)
-	{
-		if (!$this->antraglib->isEntitledToCreateAntragFor($prestudent_id, true)) {
-			$this->output->set_status_header(403);
-			return $this->outputJsonError('Forbidden');
-		}
-		$result = $this->antraglib->getPrestudentAbmeldeBerechtigt($prestudent_id);
-		if (isError($result)) {
-			$this->output->set_status_header(500);
-			return $this->outputJsonError(getError($result));
-		}
-		$result = $result->retval;
-		if (!$result) {
-			$this->output->set_status_header(403);
-			return $this->outputJsonError($this->p->t('studierendenantrag', 'error_no_student'));
-		}
-		elseif ($result == -3)
-		{
-			$this->output->set_status_header(403);
-			return $this->outputJsonError($this->p->t('studierendenantrag', 'error_stg_blacklist'));
-		}
-		elseif ($result == -1)
-		{
-			$result = $this->antraglib->getDetailsForLastAntrag(
-                $prestudent_id,
-                [
-                    Studierendenantrag_model::TYP_ABMELDUNG,
-                    Studierendenantrag_model::TYP_ABMELDUNG_STGL
-                ]
-            );
-			if (isError($result)) {
-				return $this->outputJsonError(getError($result));
-			}
-
-			$data = getData($result);
-			
-			$data->canCancel = (
-				$data->status == Studierendenantragstatus_model::STATUS_CREATED &&
-				$this->antraglib->isEntitledToCancelAntrag($data->studierendenantrag_id)
-			);
-
-			return $this->outputJsonSuccess($data);
-		}
-
-		$result = $this->antraglib->getDetailsForNewAntrag($prestudent_id);
-		if (isError($result)) {
-			return $this->outputJsonError(getError($result));
-		}
-
-		$this->outputJsonSuccess(getData($result));
-	}
-
-	public function getDetailsForAntrag($studierendenantrag_id)
-	{
-		if (!$this->antraglib->isEntitledToShowAntrag($studierendenantrag_id))	return show_404();
-
-		$result = $this->antraglib->getDetailsForAntrag($studierendenantrag_id);
-		if (isError($result)) {
-			return $this->outputJsonError(getError($result));
-		}
-
-		$data = getData($result);
-
-		if ($data->typ !== Studierendenantrag_model::TYP_ABMELDUNG_STGL && $data->typ !== Studierendenantrag_model::TYP_ABMELDUNG)
-			return show_404();
-
-		$data->canCancel = (
-			$data->status == Studierendenantragstatus_model::STATUS_CREATED &&
-			$this->antraglib->isEntitledToCancelAntrag($data->studierendenantrag_id)
-		);
-
-		$this->outputJsonSuccess($data);
-	}
-
-	public function createAntrag()
-	{
-		$this->load->library('form_validation');
-
-		$_POST = json_decode($this->input->raw_input_stream, true);
-
-		$this->form_validation->set_rules('studiensemester', 'Studiensemester', 'required');
-		$this->form_validation->set_rules('prestudent_id', 'Prestudent ID', 'required');
-		$this->form_validation->set_rules('grund', 'Grund', 'required');
-
-		if ($this->form_validation->run() == false)
-		{
-			return $this->outputJsonError($this->form_validation->error_array());
-		}
-
-		$grund = $this->input->post('grund');
-		$studiensemester = $this->input->post('studiensemester');
-		$prestudent_id = $this->input->post('prestudent_id');
-
-		$result = $this->antraglib->getPrestudentAbmeldeBerechtigt($prestudent_id);
-		if (isError($result)) {
-			return $this->outputJsonError(['db' => getError($result)]);
-		}
-		$result = $result->retval;
-		if (!$result)
-		{
-			return $this->outputJsonError(['db' => $this->p->t('studierendenantrag', 'error_no_student')]);
-		}
-		elseif ($result == -3)
-		{
-			return $this->outputJsonError(['db' => $this->p->t('studierendenantrag', 'error_stg_blacklist')]);
-		}
-		elseif ($result < 0)
-		{
-			return $this->outputJsonError(['db' => $this->p->t('studierendenantrag', 'error_antrag_exists')]);
-		}
-
-		$result = $this->antraglib->createAbmeldung($prestudent_id, $studiensemester, getAuthUID(), $grund);
-		if (isError($result))
-		{
-			return $this->outputJsonError(['db' => getError($result)]);
-		}
-
-		$result = $this->antraglib->getDetailsForAntrag(getData($result));
-		if (!hasData($result))
-		return $this->outputJsonSuccess(true);
-
-		$data = getData($result);
-		$data->canCancel = (boolean)$this->antraglib->isEntitledToCancelAntrag($data->studierendenantrag_id);
-
-		$this->outputJsonSuccess($data);
-	}
-
-	public function cancelAntrag()
-	{
-		$this->load->library('form_validation');
-
-		$_POST = json_decode($this->input->raw_input_stream, true);
-
-		$this->form_validation->set_rules('antrag_id', 'Antrag ID', 'required');
-
-		if ($this->form_validation->run() == false)
-		{
-			return $this->outputJsonError($this->form_validation->error_array());
-		}
-
-		$antrag_id = $this->input->post('antrag_id');
-		if(!$this->antraglib->isEntitledToCancelAntrag($antrag_id))
-		{
-			$this->output->set_status_header(403);
-
-			return $this->outputJsonError('Forbidden');
-		}
-
-		$result = $this->antraglib->cancelAntrag($antrag_id, getAuthUID());
-		if(isError($result))
-		{
-			return $this->outputJsonError(['db' => getError($result)]);
-		}
-
-		$result = $this->antraglib->getDetailsForAntrag($antrag_id);
-
-		if (!hasData($result))
-			return $this->outputJsonSuccess($antrag_id);
-		$this->outputJsonSuccess(getData($result));
-	}
-
-	public function getStudiengaengeAssistenz()
-	{
-		$this->load->library('PermissionLib');
-
-		$_POST = json_decode($this->input->raw_input_stream, true);
-		$query = $this->input->post('query');
-
-		$studiengaenge = $this->permissionlib->getSTG_isEntitledFor('student/studierendenantrag');
-
-		$result = $this->antraglib->getAktivePrestudentenInStgs($studiengaenge, $query);
-		if (isError($result)) {
-			return $this->outputJsonError(getError($result));
-		}
-		$result = getData($result);
-		if (!$result) {
-			return $this->outputJsonSuccess([]);
-		}
-
-		return $this->outputJsonSuccess($result);
-	}
-}

application/controllers/components/Antrag/Leitung.php

@@ -1,479 +0,0 @@
-<?php
-
-if (! defined('BASEPATH')) exit('No direct script access allowed');
-
-use \stdClass as stdClass;
-
-/**
- *
- */
-class Leitung extends FHC_Controller
-{
-
-	/**
-	 * Calls the parent's constructor and loads the FilterCmptLib
-	 */
-	public function __construct()
-	{
-		parent::__construct();
-
-		// Libraries
-		$this->load->library('AuthLib');
-		$this->load->library('AntragLib');
-
-		// Load language phrases
-		$this->loadPhrases([
-			'studierendenantrag'
-		]);
-	}
-
-
-	//------------------------------------------------------------------------------------------------------------------
-	// Public methods
-
-	public function getActiveStgs()
-	{
-		$studiengaenge = $this->permissionlib->getSTG_isEntitledFor('student/antragfreigabe') ?: [];
-		$studiengaenge = array_merge($studiengaenge, $this->permissionlib->getSTG_isEntitledFor('student/studierendenantrag') ?: []);
-		
-		$result = $this->StudierendenantragModel->loadStgsWithAntraege($studiengaenge);
-		if (isError($result)) {
-			$this->output->set_status_header(REST_Controller::HTTP_INTERNAL_SERVER_ERROR);
-		}
-		$this->outputJson($result);
-	}
-
-	public function getAntraege($studiengang = null, $extra = null)
-	{
-		if ($studiengang && $studiengang == 'todo') {
-			$studiengang = $extra;
-			$extra = true;
-		} else {
-			$extra = false;
-		}
-
-		if ($studiengang) {
-			$studiengaenge = [$studiengang];
-		} else {
-			$studiengaenge =$this->permissionlib->getSTG_isEntitledFor('student/antragfreigabe');
-			if(!is_array($studiengaenge))
-				$studiengaenge = [];
-
-
-			$stgsNeuanlage = $this->permissionlib->getSTG_isEntitledFor('student/studierendenantrag');
-			if(!is_array($stgsNeuanlage))
-				$stgsNeuanlage = [];
-
-			$studiengaenge = array_unique(array_merge($studiengaenge, $stgsNeuanlage));
-		}
-
-
-		$antraege = [];
-		if ($studiengaenge) {
-			$result = $extra
-				? $this->StudierendenantragModel->loadActiveForStudiengaenge($studiengaenge)
-				: $this->StudierendenantragModel->loadForStudiengaenge($studiengaenge);
-			if (isError($result)) {
-				$this->output->set_status_header(500);
-				return $this->outputJson('Internal Server Error');
-			}
-			if(hasData($result))
-			{
-			    $antraege = getData($result);
-			}
-		}
-
-		$this->outputJson($antraege);
-	}
-
-	public function reopenAntrag()
-	{
-		$this->load->library('form_validation');
-
-		$_POST = json_decode($this->input->raw_input_stream, true);
-
-		$this->form_validation->set_rules(
-			'studierendenantrag_id',
-			'Studierenden Antrag',
-			'required|callback_isEntitledToReopenAntrag',
-			[
-				'isEntitledToReopenAntrag' => $this->p->t('studierendenantrag', 'error_no_right')
-			]
-		);
-
-		if ($this->form_validation->run() == false)
-		{
-			return $this->outputJsonError($this->form_validation->error_array());
-		}
-
-		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
-
-		$result = $this->antraglib->reopenWiederholung($studierendenantrag_id, getAuthUID());
-
-		if (isError($result))
-			return $this->outputJsonError(['studierendenantrag_id' => getError($result)]);
-
-		$this->outputJsonSuccess($studierendenantrag_id);
-	}
-
-	public function pauseAntrag()
-	{
-		$this->load->library('form_validation');
-
-		$_POST = json_decode($this->input->raw_input_stream, true);
-
-		$this->form_validation->set_rules(
-			'studierendenantrag_id',
-			'Studierenden Antrag',
-			[
-				'required',
-				[
-					'isEntitledToPauseAntrag',
-					[$this->antraglib, 'isEntitledToPauseAntrag']
-				],
-				[
-					'antragCanBeManualPaused',
-					[$this->antraglib, 'antragCanBeManualPaused']
-				]
-			],
-			[
-				'isEntitledToPauseAntrag' => $this->p->t('studierendenantrag', 'error_no_right'),
-				'antragCanBeManualPaused' => $this->p->t(
-					'studierendenantrag',
-					'error_not_pauseable',
-					['id' => $this->input->post('studierendenantrag_id')]
-				)
-			]
-		);
-
-		if ($this->form_validation->run() == false)
-		{
-			return $this->outputJsonError($this->form_validation->error_array());
-		}
-
-		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
-
-		$result = $this->antraglib->pauseAntrag($studierendenantrag_id, getAuthUID());
-
-		if (isError($result))
-			return $this->outputJsonError(['studierendenantrag_id' => getError($result)]);
-
-		$this->outputJsonSuccess($studierendenantrag_id);
-	}
-
-	public function unpauseAntrag()
-	{
-		$this->load->library('form_validation');
-
-		$_POST = json_decode($this->input->raw_input_stream, true);
-
-		$this->form_validation->set_rules(
-			'studierendenantrag_id',
-			'Studierenden Antrag',
-			[
-				'required',
-				[
-					'isEntitledToUnpauseAntrag',
-					[$this->antraglib, 'isEntitledToUnpauseAntrag']
-				],
-				[
-					'antragCanBeManualUnpaused',
-					[$this->antraglib, 'antragCanBeManualUnpaused']
-				]
-			],
-			[
-				'isEntitledToUnpauseAntrag' => $this->p->t('studierendenantrag', 'error_no_right'),
-				'antragCanBeManualUnpaused' => $this->p->t(
-					'studierendenantrag',
-					'error_not_paused',
-					['id' => $this->input->post('studierendenantrag_id')]
-				)
-			]
-		);
-
-		if ($this->form_validation->run() == false)
-		{
-			return $this->outputJsonError($this->form_validation->error_array());
-		}
-
-		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
-
-		$result = $this->antraglib->unpauseAntrag($studierendenantrag_id, getAuthUID());
-
-		if (isError($result))
-			return $this->outputJsonError(['studierendenantrag_id' => getError($result)]);
-
-		$this->outputJsonSuccess($studierendenantrag_id);
-	}
-
-	public function objectAntrag()
-	{
-		$this->load->library('form_validation');
-
-		$_POST = json_decode($this->input->raw_input_stream, true);
-
-		$this->form_validation->set_rules(
-			'studierendenantrag_id',
-			'Studierenden Antrag',
-			'required|callback_isEntitledToObjectAntrag|callback_canBeObjected',
-			[
-				'isEntitledToObjectAntrag' => $this->p->t('studierendenantrag', 'error_no_right'),
-				'canBeObjected' => $this->p->t('studierendenantrag', 'error_no_objection')
-			]
-		);
-
-		if ($this->form_validation->run() == false)
-		{
-			return $this->outputJsonError($this->form_validation->error_array());
-		}
-
-		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
-
-		$result = $this->antraglib->objectAbmeldung($studierendenantrag_id, getAuthUID());
-
-		if (isError($result))
-			return $this->outputJsonError(['studierendenantrag_id' => getError($result)]);
-
-		$this->outputJsonSuccess($studierendenantrag_id);
-	}
-
-	public function objectionDeny()
-	{
-		$this->load->library('form_validation');
-
-		$_POST = json_decode($this->input->raw_input_stream, true);
-
-		$this->form_validation->set_rules(
-			'studierendenantrag_id',
-			'Studierenden Antrag',
-			'required|callback_isEntitledToObjectAntrag|callback_isObjected',
-			[
-				'isEntitledToObjectAntrag' => $this->p->t('studierendenantrag', 'error_no_right'),
-				'isObjected' => $this->p->t('studierendenantrag', 'error_not_objected')
-			]
-		);
-
-		if ($this->form_validation->run() == false)
-		{
-			return $this->outputJsonError($this->form_validation->error_array());
-		}
-
-		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
-		$grund = $this->input->post('grund');
-
-		$result = $this->antraglib->denyObjectionAbmeldung($studierendenantrag_id, getAuthUID(), $grund);
-
-		if (isError($result))
-			return $this->outputJsonError(['studierendenantrag_id' => getError($result)]);
-
-		$this->outputJsonSuccess($studierendenantrag_id);
-	}
-
-	public function objectionApprove()
-	{
-		$this->load->library('form_validation');
-
-		$_POST = json_decode($this->input->raw_input_stream, true);
-
-		$this->form_validation->set_rules(
-			'studierendenantrag_id',
-			'Studierenden Antrag',
-			'required|callback_isEntitledToObjectAntrag|callback_isObjected',
-			[
-				'isEntitledToObjectAntrag' => $this->p->t('studierendenantrag', 'error_no_right'),
-				'isObjected' => $this->p->t('studierendenantrag', 'error_not_objected')
-			]
-		);
-
-		if ($this->form_validation->run() == false)
-		{
-			return $this->outputJsonError($this->form_validation->error_array());
-		}
-
-		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
-
-		$result = $this->antraglib->cancelAntrag($studierendenantrag_id, getAuthUID());
-
-		if (isError($result))
-			return $this->outputJsonError(['studierendenantrag_id' => getError($result)]);
-
-		$this->outputJsonSuccess($studierendenantrag_id);
-	}
-
-	public function isEntitledToReopenAntrag($studierendenantrag_id)
-	{
-		return $this->antraglib->isEntitledToReopenAntrag($studierendenantrag_id);
-	}
-
-	public function isEntitledToObjectAntrag($studierendenantrag_id)
-	{
-		return $this->antraglib->isEntitledToObjectAntrag($studierendenantrag_id);
-	}
-
-	public function isEntitledToRejectAntrag($studierendenantrag_id)
-	{
-		return $this->antraglib->isEntitledToRejectAntrag($studierendenantrag_id);
-	}
-
-	public function canBeObjected($studierendenantrag_id)
-	{
-		return $this->antraglib->hasType($studierendenantrag_id, Studierendenantrag_model::TYP_ABMELDUNG_STGL);
-	}
-
-	public function isObjected($studierendenantrag_id)
-	{
-		return $this->antraglib->hasStatus($studierendenantrag_id, Studierendenantragstatus_model::STATUS_OBJECTED);
-	}
-
-
-	public function approveAbmeldung()
-	{
-		$this->load->library('form_validation');
-
-		$_POST = json_decode($this->input->raw_input_stream, true);
-
-		$this->form_validation->set_rules(
-			'studierendenantrag_id',
-			'Studierenden Antrag',
-			'required|callback_isEntitledToApproveAntrag',
-			[
-				'isEntitledToApproveAntrag' => $this->p->t('studierendenantrag', 'error_no_right')
-			]
-		);
-
-		if ($this->form_validation->run() == false)
-		{
-			return $this->outputJsonError($this->form_validation->error_array());
-		}
-
-		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
-
-		$result = $this->antraglib->approveAbmeldung([$studierendenantrag_id], getAuthUID());
-		if (isError($result))
-		{
-			return $this->outputJsonError(['db' => getError($result)]);
-		}
-
-		return $this->outputJsonSuccess($studierendenantrag_id);
-	}
-
-	public function approveAbmeldungStgl()
-	{
-		return $this->approveAbmeldung();
-	}
-
-	public function approveUnterbrechung()
-	{
-		$this->load->library('form_validation');
-
-		$_POST = json_decode($this->input->raw_input_stream, true);
-
-		$this->form_validation->set_rules(
-			'studierendenantrag_id',
-			'Studierenden Antrag',
-			'required|callback_isEntitledToApproveAntrag',
-			[
-				'isEntitledToApproveAntrag' => $this->p->t('studierendenantrag', 'error_no_right')
-			]
-		);
-
-		if ($this->form_validation->run() == false)
-		{
-			return $this->outputJsonError($this->form_validation->error_array());
-		}
-
-		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
-
-		$result = $this->antraglib->approveUnterbrechung([$studierendenantrag_id], getAuthUID());
-		if (isError($result))
-		{
-			return $this->outputJsonError(['db' => getError($result)]);
-		}
-
-		return $this->outputJsonSuccess($studierendenantrag_id);
-	}
-
-	public function rejectUnterbrechung()
-	{
-		$this->load->library('form_validation');
-
-		$_POST = json_decode($this->input->raw_input_stream, true);
-
-		$this->form_validation->set_rules(
-			'studierendenantrag_id',
-			'Studierenden Antrag',
-			'required|callback_isEntitledToRejectAntrag',
-			[
-				'isEntitledToRejectAntrag' => $this->p->t('studierendenantrag', 'error_no_right')
-			]
-		);
-		$this->form_validation->set_rules('grund', 'Grund', 'required');
-
-		if ($this->form_validation->run() == false)
-		{
-			return $this->outputJsonError($this->form_validation->error_array());
-		}
-
-		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
-		$grund = $this->input->post('grund');
-
-		$result = $this->antraglib->rejectUnterbrechung([$studierendenantrag_id], getAuthUID(), $grund);
-		if (isError($result))
-		{
-			return $this->outputJsonError(['db' => getError($result)]);
-		}
-
-		return $this->outputJsonSuccess($studierendenantrag_id);
-	}
-
-	public function approveWiederholung()
-	{
-		$this->load->library('form_validation');
-
-		$_POST = json_decode($this->input->raw_input_stream, true);
-
-		$this->form_validation->set_rules(
-			'studierendenantrag_id',
-			'Studierenden Antrag',
-			'required|callback_isEntitledToApproveAntrag',
-			[
-				'isEntitledToApproveAntrag' => $this->p->t('studierendenantrag', 'error_no_right')
-			]
-		);
-
-		if ($this->form_validation->run() == false)
-		{
-			return $this->outputJsonError($this->form_validation->error_array());
-		}
-
-		$studierendenantrag_id = $this->input->post('studierendenantrag_id');
-
-		$result = $this->antraglib->approveWiederholung($studierendenantrag_id, getAuthUID());
-		if (isError($result))
-		{
-			return $this->outputJsonError(['db' => getError($result)]);
-		}
-
-		return $this->outputJsonSuccess($studierendenantrag_id);
-	}
-
-	public function isEntitledToApproveAntrag($studierendenantrag_id)
-	{
-		return $this->antraglib->isEntitledToApproveAntrag($studierendenantrag_id);
-	}
-
-	public function getHistory($studierendenantrag_id)
-	{
-		if (!$this->antraglib->isEntitledToSeeHistoryForAntrag($studierendenantrag_id)) {
-			$this->output->set_status_header(403);
-			return $this->outputJson('Forbidden');
-		}
-
-		$result = $this->antraglib->getAntragHistory($studierendenantrag_id);
-		if (isError($result)) {
-			return $this->outputJsonError(getError($result));
-		}
-
-		$this->outputJsonSuccess(getData($result) ?: []);
-	}
-}

application/controllers/components/Antrag/Wiederholung.php

@@ -1,384 +0,0 @@
-<?php
-
-if (! defined('BASEPATH')) exit('No direct script access allowed');
-
-use \REST_Controller as REST_Controller;
-
-/**
- *
- */
-class Wiederholung extends FHC_Controller
-{
-
-	/**
-	 * Calls the parent's constructor and loads the FilterCmptLib
-	 */
-	public function __construct()
-	{
-		parent::__construct();
-
-		// Configs
-		$this->load->config('studierendenantrag');
-
-		// Libraries
-		$this->load->library('AuthLib');
-		$this->load->library('PermissionLib');
-		$this->load->library('AntragLib');
-
-		$requiredPermissions = [
-			'saveLvs' => ['student/studierendenantrag:w'],
-			'getLvsAsRdf' => ['student/studierendenantrag:r', 'student/noten:r'],
-			'moveLvsToZeugnis' => ['student/studierendenantrag:w', 'student/noten:w']
-		];
-
-		if (isset($requiredPermissions[$this->router->method])) {
-			if (!$this->permissionlib->isEntitled($requiredPermissions, $this->router->method)) {
-				$this->output->set_status_header(REST_Controller::HTTP_FORBIDDEN);
-				$this->outputJson('Forbidden');
-				exit;
-			}
-		}
-
-		// Load language phrases
-		$this->loadPhrases([
-			'global',
-			'studierendenantrag'
-		]);
-	}
-
-
-	//------------------------------------------------------------------------------------------------------------------
-	// Public methods
-
-	/**
-	 * Retrieves data of the current studiengang for the current user
-	 */
-
-	public function getDetailsForNewAntrag($prestudent_id)
-	{
-		if (!$this->antraglib->isEntitledToCreateAntragFor($prestudent_id, false)) {
-			$this->output->set_status_header(REST_Controller::HTTP_FORBIDDEN);
-			return $this->outputJsonError('Forbidden');
-		}
-		$result = $this->antraglib->getPrestudentWiederholungsBerechtigt($prestudent_id);
-		if (isError($result)) {
-			$this->output->set_status_header(REST_Controller::HTTP_INTERNAL_SERVER_ERROR);
-			return $this->outputJsonError(getError($result));
-		}
-		$result = $result->retval;
-		if (!$result) {
-			$this->output->set_status_header(REST_Controller::HTTP_FORBIDDEN);
-			return $this->outputJsonError($this->p->t('studierendenantrag', 'error_no_student_no_failed_exam'));
-		}
-		elseif ($result == -1)
-		{
-			$result = $this->antraglib->getDetailsForLastAntrag($prestudent_id, Studierendenantrag_model::TYP_WIEDERHOLUNG);
-			if (isError($result)) {
-				return $this->outputJsonError(getError($result));
-			}
-			$data = getData($result);
-
-			$result = $this->antraglib->getFailedExamForPrestudent($prestudent_id, $data->datum, $data->studiensemester_kurzbz);
-			// NOTE(chris): error handling for this function should already happenden in antraglib->getPrestudentWiederholungsBerechtigt()
-			$pruefungsdata = current(getData($result));
-
-			$data->studiensemester_kurzbz = $pruefungsdata->studiensemester_kurzbz;
-			$data->lvbezeichnung = $pruefungsdata->lvbezeichnung;
-			$data->pruefungsdatum = $pruefungsdata->datum;
-
-			return $this->outputJsonSuccess($data);
-		}
-		elseif ($result == -2)
-		{
-			$result = $this->antraglib->getDetailsForLastAntrag($prestudent_id);
-			if (isError($result)) {
-				return $this->outputJsonError(getError($result));
-			}
-
-			$result = getData($result);
-			$this->output->set_status_header(REST_Controller::HTTP_BAD_REQUEST);
-			return $this->outputJsonError($this->p->t('studierendenantrag', 'error_antrag_pending', [
-                'typ' => $this->p->t('studierendenantrag', 'antrag_typ_' . $result->typ)
-            ]));
-		}
-		elseif ($result == -3)
-		{
-			$this->output->set_status_header(REST_Controller::HTTP_BAD_REQUEST);
-			return $this->outputJsonError($this->p->t('studierendenantrag', 'error_stg_blacklist'));
-		}
-
-		$result = $this->antraglib->getDetailsForNewAntrag($prestudent_id);
-		if (isError($result)) {
-			return $this->outputJsonError(getError($result));
-		}
-
-		$data = getData($result);
-
-		$result = $this->antraglib->getFailedExamForPrestudent($prestudent_id);
-		// NOTE(chris): error handling for this function should already happenden in antraglib->getPrestudentWiederholungsBerechtigt()
-		$pruefungsdata = current(getData($result));
-
-		$data->studiensemester_kurzbz = $pruefungsdata->studiensemester_kurzbz;
-		$data->lvbezeichnung = $pruefungsdata->lvbezeichnung;
-		$data->pruefungsdatum = $pruefungsdata->datum;
-
-		$this->outputJsonSuccess($data);
-	}
-
-	public function createAntrag()
-	{
-		$this->createAntragWithStatus(true);
-	}
-
-	public function cancelAntrag()
-	{
-		$this->createAntragWithStatus(false);
-	}
-
-	protected function createAntragWithStatus($repeat)
-	{
-		$this->load->library('form_validation');
-
-		$_POST = json_decode($this->input->raw_input_stream, true);
-
-		$this->form_validation->set_rules('prestudent_id', 'Prestudent ID', 'required');
-		$this->form_validation->set_rules('studiensemester', 'Studiensemester', 'required');
-
-		if ($this->form_validation->run() == false)
-		{
-			return $this->outputJsonError($this->form_validation->error_array());
-		}
-
-		$prestudent_id = $this->input->post('prestudent_id');
-		$studiensemester = $this->input->post('studiensemester');
-
-		$result = $this->antraglib->getPrestudentWiederholungsBerechtigt($prestudent_id);
-		if (isError($result)) {
-			return $this->outputJsonError(['db' => getError($result)]);
-		}
-		$result = $result->retval;
-		if (!$result)
-		{
-			return $this->outputJsonError(['db' => $this->p->t('studierendenantrag', 'error_no_student')]);
-		}
-		elseif ($result == -1)
-		{
-			$result = $this->PrestudentstatusModel->getLastStatus($prestudent_id);
-			if (isError($result))
-				return $this->outputJsonError(['db' => getError($result)]);
-			if (!hasData($result))
-				return $this->outputJsonError(['db' => $this->p->t('studierendenantrag', 'error_no_prestudentstatus', [
-					'prestudent_id' => $prestudent_id
-				])]);
-			if (!in_array(current(getData($result))->status_kurzbz, $this->config->item('antrag_prestudentstatus_whitelist')))
-				return $this->outputJsonError(['db' => $this->p->t('studierendenantrag', 'error_no_student')]);
-		}
-		elseif ($result == -2)
-		{
-			return $this->outputJsonError(['db' => $this->p->t('studierendenantrag', 'error_antrag_exists')]);
-		}
-		elseif ($result == -3)
-		{
-			return $this->outputJsonError(['db' => $this->p->t('studierendenantrag', 'error_stg_blacklist')]);
-		}
-
-		$result = $this->antraglib->createWiederholung($prestudent_id, $studiensemester, getAuthUID(), $repeat);
-		if(isError($result))
-		{
-			return $this->outputJsonError(['db' => getError($result)]);
-		}
-
-		$antragId = getData($result);
-		$result = $this->antraglib->getDetailsForAntrag($antragId);
-
-		if(!hasData($result))
-			return $this->outputJsonSuccess(true);
-
-		$data = getData($result);
-
-		$result = $this->antraglib->getFailedExamForPrestudent($prestudent_id);
-		// NOTE(chris): error handling for this function should already happenden in antraglib->getPrestudentWiederholungsBerechtigt()
-		$pruefungsdata = current(getData($result));
-
-		$data->studiensemester_kurzbz = $pruefungsdata->studiensemester_kurzbz;
-		$data->lvbezeichnung = $pruefungsdata->lvbezeichnung;
-		$data->pruefungsdatum = $pruefungsdata->datum;
-
-		$this->outputJsonSuccess($data);
-	}
-
-
-	public function getLvs($antrag_id)
-	{
-		$result = $this->antraglib->getLvsForAntrag($antrag_id);
-		if (isError($result)) {
-			$error = getError($result);
-			if ($error == 'Forbidden')
-				$this->output->set_status_header(REST_Controller::HTTP_FORBIDDEN);
-			return $this->outputJsonError(getError($result));
-		}
-		$lvs = getData($result);
-
-		$this->outputJsonSuccess($lvs);
-	}
-
-	public function saveLvs()
-	{
-		$result = $this->getPostJSON();
-		$antragsLvs = array_merge($result->forbiddenLvs, $result->mandatoryLvs);
-
-		$insert = array_map(function ($lv) {
-			return [
-				'studierendenantrag_id' => $lv->studierendenantrag_id,
-				'lehrveranstaltung_id' => $lv->lehrveranstaltung_id,
-				'note' => $lv->zugelassen
-                    ? ($lv->zugelassen == 1 ? 0 : $this->config->item('wiederholung_note_angerechnet'))
-                    : $this->config->item('wiederholung_note_nicht_zugelassen'),
-				'anmerkung' => $lv->anmerkung,
-				'insertvon' => getAuthUID(),
-				'studiensemester_kurzbz' => $lv->studiensemester_kurzbz
-			];
-		}, $antragsLvs);
-
-		$antrag_ids = array_unique(array_map(function ($lv) {
-			return $lv['studierendenantrag_id'];
-		}, $insert));
-
-		foreach ($antrag_ids as $antrag_id) {
-			$result = $this->StudierendenantragModel->loadIdAndStatusWhere([
-				'studierendenantrag_id' => $antrag_id
-			]);
-			if (isError($result))
-				return $this->outputJsonError(getError($result));
-			if (!hasData($result))
-				return $this->outputJsonError($this->p->t('studierendenantrag', 'error_no_antrag_found', ['id' => $antrag_id]));
-			$antrag = current(getData($result));
-			if ($antrag->status != Studierendenantragstatus_model::STATUS_CREATED
-				&& $antrag->status != Studierendenantragstatus_model::STATUS_LVSASSIGNED)
-				return $this->outputJsonError($this->p->t('studierendenantrag', 'error_antrag_locked'));
-		}
-
-		if(!$antragsLvs)
-			return $this->outputJsonError($this->p->t('studierendenantrag', 'error_no_lv'));
-
-		$result = $this->antraglib->saveLvs($insert);
-
-		if (isError($result))
-			return $this->outputJsonError(getError($result));
-
-		$this->outputJsonSuccess(getData($result));
-	}
-
-	public function getLvsAsRdf($prestudent_id)
-	{
-		// header für no cache
-		$this->output->set_header("Cache-Control: no-cache");
-		$this->output->set_header("Cache-Control: post-check=0, pre-check=0", false);
-		$this->output->set_header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
-		$this->output->set_header("Pragma: no-cache");
-		$this->output->set_header("Content-type: application/xhtml+xml");
-
-		$this->load->library('VariableLib', ['uid' => getAuthUID()]);
-		$sem_akt = $this->variablelib->getVar('semester_aktuell');
-
-
-		$result = $this->antraglib->getLvsForPrestudent($prestudent_id, $sem_akt);
-		if (isError($result)) {
-			return $this->outputJsonError(getError($result));
-		}
-
-		$lvs = getData($result) ?: [];
-		$rdf_url = 'http://www.technikum-wien.at/antragnote';
-
-		$this->load->view('lehre/Antrag/Wiederholung/getLvs.rdf.php', [
-			'url' => $rdf_url,
-			'lvs' => $lvs
-		]);
-	}
-
-	public function moveLvsToZeugnis()
-	{
-		$anzahl = $this->input->post('anzahl');
-		$student_uid = $this->input->post('student_uid');
-		$this->load->model('education/Studierendenantraglehrveranstaltung_model', 'StudierendenantraglehrveranstaltungModel');
-		$this->load->model('education/Zeugnisnote_model', 'ZeugnisnoteModel');
-
-		$errormsg = array();
-
-		for($i=0; $i<$anzahl; $i++)
-		{
-			$id = $this->input->post('studierendenantrag_lehrveranstaltung_id_' . $i);
-			$result =$this->StudierendenantraglehrveranstaltungModel->load($id);
-			if(isError($result))
-			{
-				$errormsg[] = getError($result);
-			}
-			elseif(!hasData($result))
-			{
-				$errormsg[] = $this->p->t('studierendenantrag', 'error_no_lv_in_application');
-			}
-			else
-			{
-				$antragLv = getData($result)[0];
-				$result= $this->ZeugnisnoteModel->load([
-					'lehrveranstaltung_id'=> $antragLv->lehrveranstaltung_id,
-					'student_uid'=> $student_uid,
-					'studiensemester_kurzbz' => $antragLv->studiensemester_kurzbz
-				]);
-				if(isError($result))
-				{
-					$errormsg[] = getError($result);
-				}
-				else
-				{
-					if (hasData($result))
-					{
-						$result = $this->ZeugnisnoteModel->update(
-							[
-								'lehrveranstaltung_id'=> $antragLv->lehrveranstaltung_id,
-								'student_uid'=> $student_uid,
-								'studiensemester_kurzbz' => $antragLv->studiensemester_kurzbz
-							],
-							[
-								'note'=> $antragLv->note,
-								'uebernahmedatum' => date('c'),
-								'benotungsdatum' => $antragLv->insertamum,
-								'updateamum' => date('c'),
-								'bemerkung'=>$antragLv->anmerkung,
-								'updatevon'=>getAuthUID()
-							]
-						);
-					}
-					else
-					{
-						$result = $this->ZeugnisnoteModel->insert([
-							'lehrveranstaltung_id'=> $antragLv->lehrveranstaltung_id,
-							'student_uid'=> $student_uid,
-							'studiensemester_kurzbz' => $antragLv->studiensemester_kurzbz,
-							'note'=> $antragLv->note,
-							'uebernahmedatum' => date('c'),
-							'benotungsdatum' => $antragLv->insertamum,
-							'insertamum' => date('c'),
-							'bemerkung'=>$antragLv->anmerkung,
-							'insertvon'=>getAuthUID()
-						]);
-					}
-					if(isError($result))
-					{
-						$errormsg[] = getError($result);
-					}
-				}
-			}
-		}
-
-		if($errormsg)
-			$return = false;
-		else
-			$return = true;
-
-		$this->load->view('lehre/Antrag/Wiederholung/moveLvs.rdf.php', [
-			'return' => $return,
-			'errormsg' => $errormsg
-		]);
-	}
-}

application/controllers/components/Cis/Mylv.php

@@ -0,0 +1,213 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ * 
+ */
+class Mylv extends Auth_Controller
+{
+
+	/**
+	 * Object initialization
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'Student' => ['student/anrechnung_beantragen:r','user:r'], // TODO(chris): permissions?
+			'Studiensemester' => ['student/anrechnung_beantragen:r','user:r'], // TODO(chris): permissions?
+			'Lvs' => ['student/anrechnung_beantragen:r','user:r'], // TODO(chris): permissions?
+			'Info' => ['student/anrechnung_beantragen:r','user:r'], // TODO(chris): permissions?
+			'Pruefungen' => ['student/anrechnung_beantragen:r','user:r'] // TODO(chris): permissions?
+		]);
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 */
+	public function Student()
+	{
+		$this->load->model('education/Lehrveranstaltung_model', 'LehrveranstaltungModel');
+
+		$result = $this->LehrveranstaltungModel->getLvsByStudentWithGrades(getAuthUID());
+
+		if (isError($result))
+			return $this->outputJsonError(getError($result));
+
+		$this->outputJsonSuccess(getData($result));
+	}
+
+	/**
+	 */
+	public function Studiensemester()
+	{
+		$this->load->model('organisation/Studiensemester_model', 'StudiensemesterModel');
+
+		$result = $this->StudiensemesterModel->getWhereStudentHasLvs(getAuthUID());
+
+		if (isError($result))
+			return $this->outputJsonError(getError($result));
+
+		$this->outputJsonSuccess(getData($result));
+	}
+
+	/**
+	 */
+	public function Lvs($studiensemester_kurzbz)
+	{
+		$this->load->model('education/Lehrveranstaltung_model', 'LehrveranstaltungModel');
+
+		$result = $this->LehrveranstaltungModel->getLvsByStudentWithGrades(getAuthUID(), $studiensemester_kurzbz, getUserLanguage());
+
+		if (isError($result))
+			return $this->outputJsonError(getError($result));
+
+		$this->outputJsonSuccess(getData($result));
+	}
+
+	/**
+	 */
+	public function Info($studiensemester_kurzbz, $lehrveranstaltung_id)
+	{
+		$this->load->model('education/Lehrveranstaltung_model', 'LehrveranstaltungModel');
+		$result = $this->LehrveranstaltungModel->load($lehrveranstaltung_id);
+
+		if (isError($result))
+			return $this->outputJsonError(getError($result));
+		$lv = current(getData($result) ?: []);
+
+		if (!$lv)
+			return $this->outputJsonError('Could\'t find Lehrveranstaltung with id: ' . $lehrveranstaltung_id);
+
+
+		$this->load->model('education/Lehreinheitmitarbeiter_model', 'LehreinheitmitarbeiterModel');
+
+		$result = $this->LehreinheitmitarbeiterModel->getForLv($lehrveranstaltung_id, $studiensemester_kurzbz);
+
+		if (isError($result))
+			return $this->outputJsonError(getError($result));
+
+		$lvinfo = [];
+		$lvinfo['lektoren'] = getData($result) ?: [];
+
+		$kollisionsfreie_user = unserialize(KOLLISIONSFREIE_USER);
+		$lvinfo['lektoren'] = array_values(array_filter($lvinfo['lektoren'], function ($v) use ($kollisionsfreie_user) {
+			return !in_array($v->uid, $kollisionsfreie_user);
+		}));
+
+		$lvinfo['lvLeitung'] = array_values(array_filter($lvinfo['lektoren'], function ($v) {
+			return $v->lehrfunktion_kurzbz == 'LV-Leitung';
+		}));
+
+
+		$this->load->model('organisation/Organisationseinheit_model', 'OrganisationseinheitModel');
+		$result = $this->OrganisationseinheitModel->getWithType($lv->oe_kurzbz);
+
+		if (isError($result))
+			return $this->outputJsonError(getError($result));
+
+		$lvinfo['oe'] = current(getData($result) ?: []);
+
+
+		$this->load->model('person/Benutzerfunktion_model', 'BenutzerfunktionModel');
+		$result = $this->BenutzerfunktionModel->getBenutzerFunktionenDetailed('Leitung', $lv->oe_kurzbz);
+
+		if (isError($result))
+			return $this->outputJsonError(getError($result));
+
+		$lvinfo['oeLeitung'] = getData($result) ?: [];
+
+
+		$result = $this->LehrveranstaltungModel->getKoordinator($lehrveranstaltung_id, $studiensemester_kurzbz);
+
+		if (isError($result))
+			return $this->outputJsonError(getError($result));
+
+		$lvinfo['koordinator'] = getData($result) ?: [];
+
+		if (defined('ACTIVE_ADDONS') && in_array('lvinfo', explode(';', ACTIVE_ADDONS)) && file_exists(FHCPATH . 'addons/lvinfo/include/lvinfo.class.php'))
+		{
+			require_once(FHCPATH . 'addons/lvinfo/include/lvinfo.class.php');
+			$lvinfoObj = new lvinfo();
+			$lvinfoObj->loadLVinfo($lehrveranstaltung_id, $studiensemester_kurzbz, null, true);
+			if (is_array($lvinfoObj->result))
+			{
+				$oldP = property_exists($this, 'p') ? $this->p : null;
+				$result = [];
+				$lvinfos = $lvinfoObj->result;
+				$lvinfoSet = new lvinfo();
+				$lvinfoSet->load_lvinfo_set($studiensemester_kurzbz);
+				foreach ($lvinfos as $lvi)
+				{
+					$this->p = null;
+					$this->loadPhrases('ui', $lvi->sprache);
+					$result[$lvi->sprache] = [];
+					foreach ($lvinfoSet->result as $set)
+					{
+						$key = $set->lvinfo_set_kurzbz;
+						if (!isset($lvi->data[$key]))
+							continue;
+						$info = [
+							'header' => $set->lvinfo_set_bezeichnung[$lvi->sprache]
+						];
+						if (isset($set->einleitungstext[$lvi->sprache]))
+							$info['subheader'] = $set->einleitungstext[$lvi->sprache];
+						switch ($set->lvinfo_set_typ)
+						{
+							case 'boolean':
+								$info['body'] = $this->p->t('ui', $lvi->data[$key] === true ? 'ja' : 'nein');
+								break;
+							case 'array':
+								$info['body'] = array_map('htmlspecialchars', $lvi->data[$key]);
+								break;
+							case 'editor':
+								$info['body'] = $lvi->data[$key];
+								break;
+							default:
+								$info['body'] = htmlspecialchars($lvi->data[$key]);
+						}
+						if ($info['body'])
+							$result[$lvi->sprache][] = $info;
+					}
+				}
+				if ($result)
+				{
+					$lvinfo['lvinfo'] = $result;
+					$lvinfo['lvinfoDefaultLang'] = getUserLanguage();
+
+					$this->load->model('system/Sprache_model', 'SpracheModel');
+					$result = $this->SpracheModel->loadMultiple(array_keys($result));
+					if (!isError($result))
+					{
+						$result = getData($result);
+						$lvinfo['sprachen'] = [];
+						foreach ($result as $sprache) {
+							$lvinfo['sprachen'][$sprache->sprache] = $sprache;
+						}
+					}
+				}
+				$this->p = $oldP;
+			}
+		}
+
+
+		$this->outputJsonSuccess($lvinfo);
+	}
+
+	/**
+	 */
+	public function Pruefungen($lehrveranstaltung_id)
+	{
+		$this->load->model('education/Pruefung_model', 'PruefungModel');
+
+		$result = $this->PruefungModel->getByStudentAndLv(getAuthUID(), $lehrveranstaltung_id, getUserLanguage());
+
+		if (isError($result))
+			return $this->outputJsonError(getError($result));
+
+		$this->outputJsonSuccess(getData($result));
+	}
+
+}

application/controllers/components/Cis/Stundenplan.php

@@ -0,0 +1,73 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ * 
+ */
+class Stundenplan extends Auth_Controller
+{
+
+	/**
+	 * Object initialization
+	 */
+	public function __construct()
+	{
+		parent::__construct([
+			'index' => ['basis/cis'],
+			'Reservierungen' => ['basis/cis'],
+			'Stunden' => ['basis/cis'],
+		]);
+	}
+
+	//------------------------------------------------------------------------------------------------------------------
+	// Public methods
+
+	/**
+	 */
+	public function index()
+	{
+		$this->load->model('ressource/Stundenplan_model', 'StundenplanModel');
+
+		/* $result = $this->StundenplanModel->loadForUid(getAuthUID());
+
+		if (isError($result))
+			return $this->outputJsonError(getError($result));
+ 		*/
+		$res = $this->StundenplanModel->stundenplanGruppierung($this->StundenplanModel->getStundenplanQuery(getAuthUID())); 
+		
+		$res = getData($res);
+		
+		$this->outputJsonSuccess($res);
+	}
+
+	/**
+	 */
+	public function Reservierungen()
+	{
+		$this->load->model('ressource/Reservierung_model', 'ReservierungModel');
+
+		$result = $this->ReservierungModel->loadForUid(getAuthUID());
+
+		if (isError($result))
+			return $this->outputJsonError(getError($result));
+
+		$this->outputJsonSuccess(getData($result));
+	}
+
+	/**
+	 */
+	public function Stunden()
+	{
+		$this->load->model('ressource/Stunde_model', 'StundeModel');
+
+		$result = $this->StundeModel->load();
+
+		if (isError($result))
+			return $this->outputJsonError(getError($result));
+
+		$this->outputJsonSuccess(getData($result));
+	}
+
+
+}

application/controllers/components/Filter.php

@@ -9,6 +9,7 @@ if (! defined('BASEPATH')) exit('No direct script access allowed');
  * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
  * NOTE: extends the FHC_Controller instead of the Auth_Controller because the FilterCmpt has its
  * 	own permissions check
+ * TODO(chris): deprecated
  */
 class Filter extends FHC_Controller
 {

application/controllers/components/Phrasen.php

@@ -3,7 +3,7 @@
 if (! defined('BASEPATH')) exit('No direct script access allowed');
 
 /**
- *
+ * TODO(chris): deprecated
  */
 class Phrasen extends FHC_Controller
 {

application/controllers/components/SearchBar.php

@@ -3,7 +3,7 @@
 if (! defined('BASEPATH')) exit('No direct script access allowed');
 
 /**
- *
+ * TODO(chris): deprecated
  */
 class SearchBar extends FHC_Controller
 {

application/controllers/components/stv/Noten.php

@@ -0,0 +1,168 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+class Noten extends Auth_Controller
+{
+	public function __construct()
+	{
+		parent::__construct([
+			'get' => 'student/noten:r',
+			'getZeugnis' => 'student/noten:r',
+			'update' => ['admin:w', 'assistenz:w']
+		]);
+
+		// Load Libraries
+		$this->load->library('VariableLib', ['uid' => getAuthUID()]);
+	}
+
+	public function get()
+	{
+		$this->load->model('codex/Note_model', 'NoteModel');
+
+		$result = $this->NoteModel->addOrder('note');
+		
+		$result = $this->NoteModel->load();
+		if (isError($result)) {
+			$this->output->set_status_header(REST_Controller::HTTP_INTERNAL_SERVER_ERROR);
+		}
+		
+		return $this->outputJson($result);
+	}
+
+	public function getZeugnis($prestudent_id, $all = null)
+	{
+		$this->load->model('crm/Student_model', 'StudentModel');
+		$this->load->model('education/Zeugnisnote_model', 'ZeugnisnoteModel');
+
+		$result = $this->StudentModel->loadWhere([
+			'prestudent_id' => $prestudent_id
+		]);
+		if (isError($result)) {
+			$this->output->set_status_header(REST_Controller::HTTP_INTERNAL_SERVER_ERROR);
+			return $this->outputJson($result);
+		}
+		if (!hasData($result))
+			return $this->outputJsonSuccess(null);
+		
+		$student_uid = current(getData($result))->student_uid;
+
+		$studiensemester_kurzbz = ($all === null) ? $this->variablelib->getVar('semester_aktuell') : null;
+
+		$result = $this->ZeugnisnoteModel->getZeugnisnoten($student_uid, $studiensemester_kurzbz);
+		if (isError($result)) {
+			$this->output->set_status_header(REST_Controller::HTTP_INTERNAL_SERVER_ERROR);
+		}
+		
+		return $this->outputJson($result);
+	}
+
+	public function update()
+	{
+		$this->load->model('crm/Student_model', 'StudentModel');
+		$this->load->model('organisation/Studienplan_model', 'StudienplanModel');
+		$this->load->model('education/Lehrveranstaltung_model', 'LehrveranstaltungModel');
+		$this->load->model('education/Zeugnisnote_model', 'ZeugnisnoteModel');
+
+		$this->load->library('form_validation');
+
+		$_POST = json_decode(utf8_encode($this->input->raw_input_stream), true);
+		
+		if (empty($_POST) || !is_array(current($_POST))) {
+			$result = $this->hasPermissionUpdate($this->input->post('lehrveranstaltung_id'), $this->input->post('student_uid'));
+			if (isError($result)) {
+				$this->output->set_status_header(REST_Controller::HTTP_FORBIDDEN);
+				return $this->outputJson($result);
+			}
+
+			$this->form_validation->set_rules('lehrveranstaltung_id', 'Lehrverantaltung ID', 'required|numeric');
+			$this->form_validation->set_rules('student_uid', 'Student UID', 'required');
+			$this->form_validation->set_rules('studiensemester_kurzbz', 'Studiensemester Kurzbezeichnung', 'required');
+			$this->form_validation->set_rules('note', 'Note', 'required|numeric');
+			$post = [$_POST];
+		} else {
+			foreach ($_POST as $i => $data) {
+				$lvid = isset($data['lehrveranstaltung_id']) ? $data['lehrveranstaltung_id'] : null;
+				$uid = isset($data['student_uid']) ? $data['student_uid'] : null;
+				$result = $this->hasPermissionUpdate($lvid, $uid);
+				if (isError($result)) {
+					$this->output->set_status_header(REST_Controller::HTTP_FORBIDDEN);
+					return $this->outputJson($result);
+				}
+
+				$this->form_validation->set_rules($i . '[lehrveranstaltung_id]', '#' . $i . ' Lehrverantaltung ID', 'required|numeric');
+				$this->form_validation->set_rules($i . '[student_uid]', '#' . $i . ' Student UID', 'required');
+				$this->form_validation->set_rules($i . '[studiensemester_kurzbz]', '#' . $i . ' Studiensemester Kurzbezeichnung', 'required');
+				$this->form_validation->set_rules($i . '[note]', '#' . $i . ' Note', 'required|numeric');
+			}
+			$post = $_POST;
+		}
+		if ($this->form_validation->run() == false) {
+			$this->output->set_status_header(REST_Controller::HTTP_BAD_REQUEST);
+			return $this->outputJsonError($this->form_validation->error_array());
+		}
+
+		$final_result = success();
+		$this->ZeugnisnoteModel->db->trans_start();
+
+		foreach ($post as $i => $data) {
+			$note = $data['note'];
+			unset($data['note']);
+			$result = $this->ZeugnisnoteModel->update($data, [
+				'note' => $note,
+				'benotungsdatum' => date('c'),
+				'updateamum' => date('c'),
+				'updatevon' => getAuthUID()
+			]);
+			if (isError($result)) {
+				$final_result = $result;
+				break;
+			}
+		}
+
+		$this->ZeugnisnoteModel->db->trans_complete();
+
+		if (isError($final_result)) {
+			$this->output->set_status_header(REST_Controller::HTTP_INTERNAL_SERVER_ERROR);
+		}
+
+		$this->outputJson($final_result);
+	}
+
+	protected function hasPermissionUpdate($lehrveranstaltung_id, $student_uid)
+	{
+		// TODO(chris): error phrases!
+		if ($lehrveranstaltung_id === null || $student_uid === null)
+			return success();
+		$result = $this->StudentModel->load([$student_uid]);
+		if (isError($result))
+			return $result;
+		if (!hasData($result))
+			return error('Fehler beim Ermitteln des Studenten');
+		$student = current(getData($result));
+
+		if ($this->permissionlib->isBerechtigt('admin', 'suid', $student->studiengang_kz))
+			return success();
+		if ($this->permissionlib->isBerechtigt('assistenz', 'suid', $student->studiengang_kz))
+			return success();
+
+		$result = $this->StudienplanModel->getAllOesForLv($lehrveranstaltung_id);
+		if (isError($result))
+			return $result;
+		$oes = getData($result) ?: [];
+		$result = $this->LehrveranstaltungModel->getStg($lehrveranstaltung_id);
+		if (isError($result))
+			return $result;
+		if (hasData($result))
+			$oes[] = current(getData($result));
+
+		foreach ($oes as $oe) {
+			if ($this->permissionlib->isBerechtigt('admin', 'suid', $oe->oe_kurzbz))
+				return success();
+			if ($this->permissionlib->isBerechtigt('assistenz', 'suid', $oe->oe_kurzbz))
+				return success();
+		}
+
+		return error('Forbidden');
+	}
+}

application/controllers/components/stv/Studienplan.php

@@ -0,0 +1,43 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+class Studienplan extends Auth_Controller
+{
+	public function __construct()
+	{
+		// TODO(chris): access!
+		parent::__construct([
+			'get' => self::PERM_LOGGED
+		]);
+	}
+
+	public function get()
+	{
+		$this->load->model('organisation/Studienplan_model', 'StudienplanModel');
+
+		$_POST = json_decode($this->input->raw_input_stream, true);
+		
+		$this->load->library('form_validation');
+		
+		$this->form_validation->set_rules('studiengang_kz', 'StudiengangKz', 'required|numeric');
+		$this->form_validation->set_rules('studiensemester_kurzbz', 'StudiensemesterKurbz', 'required');
+		$this->form_validation->set_rules('ausbildungssemester', 'Ausbildungssemester', 'numeric');
+
+		if ($this->form_validation->run() == false) {
+			$this->output->set_status_header(REST_Controller::HTTP_BAD_REQUEST);
+			return $this->outputJsonError($this->form_validation->error_array());
+		}
+
+		$studiengang_kz = $this->input->post('studiengang_kz');
+		$studiensemester_kurzbz = $this->input->post('studiensemester_kurzbz');
+		$ausbildungssemester = $this->input->post('ausbildungssemester') ?: null;
+		$orgform_kurzbz = $this->input->post('orgform_kurzbz') ?: null;
+
+		$result = $this->StudienplanModel->getStudienplaeneBySemester($studiengang_kz, $studiensemester_kurzbz, $ausbildungssemester, $orgform_kurzbz);
+		if (isError($result)) {
+			$this->output->set_status_header(REST_Controller::HTTP_INTERNAL_SERVER_ERROR);
+		}
+		$this->outputJson($result);
+	}
+}

application/controllers/components/stv/Studiensemester.php

@@ -0,0 +1,78 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+class Studiensemester extends Auth_Controller
+{
+	public function __construct()
+	{
+		// TODO(chris): access!
+		parent::__construct([
+			'index' => self::PERM_LOGGED,
+			'now' => self::PERM_LOGGED,
+			'set' => self::PERM_LOGGED
+		]);
+	}
+
+	public function index()
+	{
+		$this->load->model('organisation/Studiensemester_model', 'StudiensemesterModel');
+
+		$this->StudiensemesterModel->addOrder('start');
+
+		$result = $this->StudiensemesterModel->load();
+
+		if (isError($result)) {
+			$this->output->set_status_header(REST_Controller::HTTP_INTERNAL_SERVER_ERROR);
+		}
+		$this->outputJson($result);
+	}
+
+	public function now()
+	{
+		$this->load->model('organisation/Studiensemester_model', 'StudiensemesterModel');
+
+		$result = $this->StudiensemesterModel->getNearest();
+
+		if (isError($result)) {
+			$this->output->set_status_header(REST_Controller::HTTP_INTERNAL_SERVER_ERROR);
+			$this->outputJson(getError($result));
+		}
+		$result = getData($result) ?: [];
+
+		if (count($result) != 1) {
+			$this->output->set_status_header(REST_Controller::HTTP_INTERNAL_SERVER_ERROR);
+			$this->outputJsonError(count($result) ? 'Mehrere Studiensemester aktiv' : 'Kein Studiensemester aktiv');
+		} else {
+			$this->outputJsonSuccess(current($result)->studiensemester_kurzbz);
+		}
+	}
+
+	public function set()
+	{
+		$this->load->library('AuthLib');
+		$this->load->library('form_validation');
+
+		$_POST = json_decode(utf8_encode($this->input->raw_input_stream), true);
+
+		$this->form_validation->set_rules('studiensemester', 'Studiensemester', 'required');
+
+		if ($this->form_validation->run() == false) {
+			$this->output->set_status_header(REST_Controller::HTTP_BAD_REQUEST);
+			return $this->outputJsonError($this->form_validation->error_array());
+		}
+
+		$stdsem = $this->input->post('studiensemester');
+
+		$this->load->model('system/Variable_model', 'VariableModel');
+
+		$result = $this->VariableModel->setVariable(getAuthUID(), 'semester_aktuell', $stdsem);
+
+		if (isError($result)) {
+			$this->output->set_status_header(REST_Controller::HTTP_INTERNAL_SERVER_ERROR);
+			return $this->outputJson($result);
+		}
+
+		$this->outputJsonSuccess(true);
+	}
+}

application/controllers/dashboard/Api.php

@@ -0,0 +1,76 @@
+<?php
+defined('BASEPATH') || exit('No direct script access allowed');
+
+class Api extends Auth_Controller
+{
+	public function __construct()
+	{
+		parent::__construct(
+			array(
+				'index'		=> 'dashboard/admin:rw',
+				'getNews'	=> 'dashboard/benutzer:r',
+                'getAmpeln'	=> 'dashboard/benutzer:r',
+			)
+		);
+
+		$this->load->library('AuthLib', null, 'AuthLib');
+
+		$this->_setAuthUID();
+	}
+
+	public function index()
+	{
+		echo 'Dashboard API Controller';
+	}
+
+	/**
+	 * Get News.
+	 */
+	public function getNews()
+	{
+		$limit =  $this->input->get('limit');
+
+		$this->load->model('content/News_model', 'NewsModel');
+
+		$result = $this->NewsModel->getAll($limit);
+
+		if (hasData($result))
+		{
+			$this->outputJson(getData($result), REST_Controller::HTTP_OK);
+		}
+		else
+		{
+			$this->terminateWithJsonError('fehler entdeckt');
+		}
+	}
+
+
+	/**
+	 * Get Ampeln.
+	 */
+	public function getAmpeln()
+	{
+
+		$this->load->model('content/Ampel_model', 'AmpelModel');
+		$result = $this->AmpelModel->getByUser($this->_uid);
+
+		if (hasData($result))
+		{
+			$this->outputJson(getData($result), REST_Controller::HTTP_OK);
+		}
+		else
+		{
+			$this->terminateWithJsonError('fehler entdeckt');
+		}
+	}
+
+	/**
+	 * Retrieve the UID of the logged user and checks if it is valid
+	 */
+	private function _setAuthUID()
+	{
+		$this->_uid = getAuthUID();
+
+		if (!$this->_uid) show_error('User authentification failed');
+	}
+}

application/controllers/dashboard/Config.php

@@ -0,0 +1,216 @@
+<?php
+defined('BASEPATH') || exit('No direct script access allowed');
+/**
+ * Description of Config
+ *
+ * @author bambi
+ */
+class Config extends Auth_Controller
+{
+	public function __construct()
+	{
+		parent::__construct(
+			array(
+				'index'							=> 'dashboard/benutzer:r',
+				'dummy'							=> 'dashboard/benutzer:r',
+				'genWidgetId'					=> 'dashboard/benutzer:rw',
+				'addWidgetsToPreset'			=> 'dashboard/admin:rw',
+				'removeWidgetFromPreset'		=> 'dashboard/admin:rw',
+				'addWidgetsToUserOverride'		=> 'dashboard/benutzer:rw',
+				'removeWidgetFromUserOverride'	=> 'dashboard/benutzer:rw',
+				'funktionen'					=> 'dashboard/admin:r',
+				'preset'						=> 'dashboard/admin:r',
+				'presetBatch'					=> 'dashboard/admin:r'
+			)
+		);
+		
+		$this->load->library('dashboard/DashboardLib', null, 'DashboardLib');
+		$this->load->library('AuthLib', null, 'AuthLib');
+		$this->load->model('ressource/Funktion_model', 'FunktionModel');
+	}
+	
+	public function index()
+	{
+		$dashboard_kurzbz = $this->input->get('db');
+		$uid = $this->AuthLib->getAuthObj()->username;
+
+		$dashboard = $this->DashboardLib->getDashboardByKurzbz($dashboard_kurzbz);
+		if(!$dashboard) {
+			http_response_code(404);
+			$this->terminateWithJsonError(array(
+				'error' => 'Dashboard ' . $dashboard_kurzbz . ' not found.'
+			));
+		}
+		
+		$mergedconfig = $this->DashboardLib->getMergedConfig($dashboard->dashboard_id, $uid);
+		$this->outputJsonSuccess($mergedconfig);
+	}
+	
+	public function genWidgetId()
+	{
+		$dashboard_kurzbz = $this->input->get('db');
+		$widgetid = $this->DashboardLib->generateWidgetId($dashboard_kurzbz);
+		$this->outputJsonSuccess(array(
+			'widgetid' => $widgetid
+		));
+	}
+	
+	public function addWidgetsToPreset()
+	{
+		$input = json_decode($this->input->raw_input_stream);
+		$dashboard_kurzbz = $input->db;
+		$funktion_kurzbz = $input->funktion_kurzbz;
+		
+		$preset = $this->DashboardLib->getPresetOrCreateEmptyPreset($dashboard_kurzbz, $funktion_kurzbz);
+		
+		$preset_decoded = json_decode($preset->preset, true);
+		
+		$this->DashboardLib->addWidgetsToWidgets($preset_decoded['widgets'], $dashboard_kurzbz, $funktion_kurzbz, $input->widgets);
+		
+		$preset->preset = json_encode($preset_decoded);
+				
+		$result = $this->DashboardLib->insertOrUpdatePreset($preset);
+		if (isError($result)) {
+			http_response_code(500);
+			$this->terminateWithJsonError('preset could not be saved');
+		}
+		
+		$this->outputJsonSuccess(array('msg' => 'preset successfully stored.', 'data' => $preset_decoded));
+	}
+	
+	public function removeWidgetFromPreset()
+	{
+		$input = json_decode($this->input->raw_input_stream);
+		$dashboard_kurzbz = $input->db;
+		$funktion_kurzbz = $input->funktion_kurzbz;
+		$widgetid = $input->widgetid;
+				
+		$preset = $this->DashboardLib->getPreset($dashboard_kurzbz, $funktion_kurzbz);
+		if ($preset === null) {
+			http_response_code(404);
+			$this->terminateWithJsonError('preset for dashboard ' . $dashboard_kurzbz . ' and funktion ' . $funktion_kurzbz . ' not found.');
+		}
+		
+		$preset_decoded = json_decode($preset->preset, true);
+		if (!$this->DashboardLib->removeWidgetFromWidgets($preset_decoded['widgets'], $funktion_kurzbz, $widgetid))
+		{
+			http_response_code(404);
+			$this->terminateWithJsonError('widgetid ' . $widgetid . ' not found');
+		}
+		
+		$preset->preset = json_encode($preset_decoded);
+		$result = $this->DashboardLib->insertOrUpdatePreset($preset);
+		if (isError($result))
+		{
+			http_response_code(500);
+			$this->terminateWithJsonError('failed to remove widget');
+		}
+		$this->outputJsonSuccess(array('msg' => 'preset successfully updated.'));
+	}
+
+	public function addWidgetsToUserOverride()
+	{
+		$input = json_decode($this->input->raw_input_stream);
+		$dashboard_kurzbz = $input->db;
+		$funktion_kurzbz = $input->funktion_kurzbz;
+		$uid = $this->AuthLib->getAuthObj()->username;
+		
+		$override = $this->DashboardLib->getOverrideOrCreateEmptyOverride($dashboard_kurzbz, $uid);
+		
+		$override_decoded = json_decode($override->override, true);
+
+		$this->DashboardLib->addWidgetsToWidgets($override_decoded['widgets'], $dashboard_kurzbz, $funktion_kurzbz, $input->widgets);
+		
+		$override->override = json_encode($override_decoded);
+				
+		$result = $this->DashboardLib->insertOrUpdateOverride($override);
+		if (isError($result)) {
+			http_response_code(500);
+			$this->terminateWithJsonError('override could not be saved');
+		}
+		
+		$this->outputJsonSuccess(array('msg' => 'override successfully stored.', 'data' => $override_decoded));
+	}
+	
+	public function removeWidgetFromUserOverride()
+	{
+		$input = json_decode($this->input->raw_input_stream);
+		$dashboard_kurzbz = $input->db;
+		$funktion_kurzbz = $input->funktion_kurzbz;
+		$uid = $this->AuthLib->getAuthObj()->username;
+		$widgetid = $input->widgetid;
+		
+		$override = $this->DashboardLib->getOverride($dashboard_kurzbz, $uid);
+		if (empty($override)) {
+			http_response_code(404);
+			$this->terminateWithJsonError('userconfig for dashboard ' . $dashboard_kurzbz . ' not found.');
+		}
+		
+		$override_decoded = json_decode($override->override, true);
+		
+		if (!$this->DashboardLib->removeWidgetFromWidgets($override_decoded['widgets'], $funktion_kurzbz, $widgetid))
+		{
+			http_response_code(404);
+			$this->terminateWithJsonError('widgetid ' . $widgetid . ' not found');
+		}
+		
+		$override->override = json_encode($override_decoded);
+		$result = $this->DashboardLib->insertOrUpdateOverride($override, $uid);
+		if (isError($result))
+		{
+			http_response_code(500);
+			$this->terminateWithJsonError('failed to remove widget');
+		}
+		$this->outputJsonSuccess(array('msg' => 'override successfully updated.'));
+	}
+	
+	public function funktionen()
+	{
+		$funktionen = $this->FunktionModel->load();
+
+		if (isError($funktionen)) {
+			http_response_code(404);
+			$this->terminateWithJsonError([
+				'error' => getError($funktionen)
+			]);
+		}
+		
+		return $this->outputJsonSuccess(getData($funktionen) ?: []);
+	}
+	
+	public function preset()
+	{
+		$db = $this->input->get('db');
+		$funktion = $this->input->get('funktion');
+
+		$conf = $this->DashboardLib->getPreset($db, $funktion);
+
+		if (!$conf)
+			return $this->outputJsonSuccess(['widgets' => [$funktion => []]]);
+
+		return $this->outputJsonSuccess(json_decode($conf->preset, true));
+	}
+	
+	public function presetBatch()
+	{
+		$db = $this->input->get('db');
+		$funktionen = $this->input->get('funktionen');
+		$result = [];
+
+		foreach ($funktionen as $funktion) {
+			$conf = $this->DashboardLib->getPreset($db, $funktion);
+			if ($conf)
+			{
+				$preset = json_decode($conf->preset, true);
+				if (!isset($preset['widgets']) || !isset($preset['widgets'][$funktion]))
+					$result[$funktion] = [];
+				else
+					$result[$funktion] = $preset['widgets'][$funktion];
+			}
+			else
+				$result[$funktion] = [];
+		}
+
+		return $this->outputJsonSuccess($result);
+	}
+}

application/controllers/dashboard/Dashboard.php

@@ -0,0 +1,86 @@
+<?php
+defined('BASEPATH') || exit('No direct script access allowed');
+/**
+ * Description of Widget
+ *
+ * @author chris
+ */
+class Dashboard extends Auth_Controller
+{
+	public function __construct()
+	{
+		parent::__construct(
+			array(
+				'index'							=> 'dashboard/admin:r',
+				'create'						=> 'dashboard/admin:rw',
+				'update'						=> 'dashboard/admin:rw',
+				'delete'						=> 'dashboard/admin:rw'
+			)
+		);
+		
+		$this->load->library('dashboard/DashboardLib', null, 'DashboardLib');
+		$this->load->model('dashboard/Dashboard_model', 'DashboardModel');
+	}
+	
+	public function index()
+	{
+		$result = $this->DashboardModel->load();
+
+		if (isError($result)) {
+			http_response_code(404);
+			$this->terminateWithJsonError([
+				'error' => getError($result)
+			]);
+		}
+		
+		return $this->outputJsonSuccess(getData($result) ?: []);
+	}
+	
+	public function create()
+	{
+		$input = $this->getPostJSON();
+
+		$result = $this->DashboardModel->insert($input);
+
+		if (isError($result)) {
+			http_response_code(404);
+			$this->terminateWithJsonError([
+				'error' => getError($result)
+			]);
+		}
+		
+		return $this->outputJsonSuccess(getData($result) ?: []);
+	}
+	
+	public function update()
+	{
+		$input = $this->getPostJSON();
+
+		$result = $this->DashboardModel->update($input->dashboard_id, $input);
+
+		if (isError($result)) {
+			http_response_code(404);
+			$this->terminateWithJsonError([
+				'error' => getError($result)
+			]);
+		}
+		
+		return $this->outputJsonSuccess(getData($result) ?: []);
+	}
+	
+	public function delete()
+	{
+		$input = $this->getPostJSON();
+
+		$result = $this->DashboardModel->delete($input->dashboard_id);
+
+		if (isError($result)) {
+			http_response_code(404);
+			$this->terminateWithJsonError([
+				'error' => getError($result)
+			]);
+		}
+		
+		return $this->outputJsonSuccess(getData($result) ?: []);
+	}
+}

application/controllers/dashboard/DashboardDemo.php

@@ -0,0 +1,58 @@
+<?php
+
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+/**
+ */
+class DashboardDemo extends Auth_Controller
+{
+    private $_uid;  // uid of the logged user
+
+    /**
+     * Constructor
+     */
+    public function __construct()
+    {
+        // Set required permissions
+        parent::__construct(
+            array(
+                'index' => 'dashboard/benutzer:r',
+                'admin' => 'dashboard/admin:rw'
+            )
+        );
+
+        $this->load->library('AuthLib');
+        $this->load->library('WidgetLib');
+
+        $this->_setAuthUID(); // sets property uid
+
+        $this->setControllerId(); // sets the controller id
+    }
+
+    // -----------------------------------------------------------------------------------------------------------------
+    // Public methods
+	public function index()
+	{
+		$this->load->view('dashboard/dashboard_demo.php', []);
+	}
+
+    // -----------------------------------------------------------------------------------------------------------------
+    // Public methods
+    public function admin()
+    {
+        $this->load->view('dashboard/dashboard_demo_admin.php', []);
+    }
+
+    // -----------------------------------------------------------------------------------------------------------------
+    // Private methods
+
+    /**
+     * Retrieve the UID of the logged user and checks if it is valid
+     */
+    private function _setAuthUID()
+    {
+        $this->_uid = getAuthUID();
+
+        if (!$this->_uid) show_error('User authentification failed');
+    }
+}

application/controllers/dashboard/Widget.php

@@ -0,0 +1,109 @@
+<?php
+defined('BASEPATH') || exit('No direct script access allowed');
+/**
+ * Description of Widget
+ *
+ * @author chris
+ */
+class Widget extends Auth_Controller
+{
+	public function __construct()
+	{
+		parent::__construct(
+			array(
+				'index'							=> ['dashboard/benutzer:r', 'dashboard/admin:r'],
+				'getAll'						=> 'dashboard/admin:r',
+				'getWidgetsForDashboard'		=> ['dashboard/benutzer:rw', 'dashboard/admin:r'],
+				'setAllowed'					=> 'dashboard/admin:rw'
+			)
+		);
+		
+		$this->load->library('dashboard/DashboardLib', null, 'DashboardLib');
+		$this->load->model('dashboard/Widget_model', 'WidgetModel');
+		$this->load->model('dashboard/Dashboard_Widget_model', 'DashboardWidgetModel');
+	}
+	
+	public function index()
+	{
+		$widget_id = $this->input->get('id');
+
+		$widget = $this->WidgetModel->load($widget_id);
+
+		if (isError($widget) || !getData($widget))
+			return $this->outputJsonSuccess([
+				"widget_id" => 0,
+				"widget_kurzbz" => "notfound",
+				"arguments" => json_encode([
+					"className" => 'alert-danger',
+					"title" => 'Widget Not Found',
+					"msg" => 'The widget with the id ' . $widget_id . ' could not be found'
+				]),
+				"setup" => json_encode([
+					"name" => 'Widget Not Found',
+					"file" => 'DashboardWidget/Default.js',
+					"width" => 1,
+					"height" => 1
+				])
+			]);
+		return $this->outputJsonSuccess(current(getData($widget)));
+	}
+	
+	public function getAll()
+	{
+		$dashboard_id = $this->input->get('dashboard_id');
+		$result = $this->WidgetModel->getWithAllowedForDashboard($dashboard_id);
+
+		if (isError($result))
+			return $this->outputJsonError(getError($result));
+
+		$this->outputJsonSuccess(getData($result) ?: []);
+	}
+	
+	public function getWidgetsForDashboard()
+	{
+		$db = $this->input->get('db');
+		$result = $this->WidgetModel->getForDashboard($db);
+
+		if (isError($result)) {
+			http_response_code(404);
+			$this->terminateWithJsonError([
+				'error' => getError($result)
+			]);
+		}
+
+		$this->outputJsonSuccess(getData($result) ?: []);
+	}
+	
+	public function setAllowed()
+	{
+		$input = $this->getPostJSON();
+
+		$dashboard_id = $input->dashboard_id;
+		$widget_id = $input->widget_id;
+		$action = $input->action;
+
+		if ($action == 'add') {
+			$result = $this->DashboardWidgetModel->insert([
+				'dashboard_id' => $dashboard_id,
+				'widget_id' => $widget_id
+			]);
+		} elseif ($action == 'delete') {
+			$result = $this->DashboardWidgetModel->delete([
+				'dashboard_id' => $dashboard_id,
+				'widget_id' => $widget_id
+			]);
+		} else {
+			http_response_code(404); // TODO(chris): 400?
+			$this->terminateWithJsonError([
+				'error' => 'action value invalid'
+			]);
+		}
+		if (isError($result)) {
+			http_response_code(404);
+			$this->terminateWithJsonError([
+				'error' => getError($result)
+			]);
+		}
+		return $this->outputJsonSuccess(getData($result));
+	}
+}

application/controllers/jobs/AnrechnungJob.php

@@ -195,10 +195,10 @@ class AnrechnungJob extends JOB_Controller
 			$studiengang_bezeichnung = $this->StudiengangModel->load($studiengang_kz)->retval[0]->stg_bezeichnung;
 
 			// Get STGL mail address
-			$stglMailReceiver_arr = self::_getSTGLMailAddress($studiengang_kz);
+			$stglMailReceiver_arr = $this->_getSTGLMailAddress($studiengang_kz);
 
 			// Get HTML table with new Anrechnungen of that STG plus amount of them
-			list ($anrechnungen_amount, $anrechnungen_table) = self::_getSTGLMailDataTable($studiengang_kz, $anrechnungen);
+			list ($anrechnungen_amount, $anrechnungen_table) = $this->_getSTGLMailDataTable($studiengang_kz, $anrechnungen);
 
 			// Link to Antrag genehmigen dashboard
 			$url =
@@ -514,8 +514,6 @@ html;
 					'vorname' => $stgl->vorname
 				);
 			}
-
-			return $stglMailAdress_arr;
 		}
 		// If not available, get assistance mail address
 		else
@@ -524,12 +522,13 @@ html;
 
 			if (hasData($result))
 			{
-				return array(
-					$result->retval[0]->email,
-					''
+				$stglMailAdress_arr[]= array(
+					'to' => $result->retval[0]->email,
+					'vorname' => ''
 				);
 			}
 		}
+		return $stglMailAdress_arr;
 	}
 
 	// Build HTML table with yesterdays new Anrechnungen of the given STG

application/controllers/jobs/AntragJob.php

@@ -29,6 +29,10 @@ class AntragJob extends JOB_Controller
 		$this->load->model('crm/Student_model', 'StudentModel');
 		$this->load->model('organisation/Studiengang_model', 'StudiengangModel');
 		$this->load->model('organisation/Studiensemester_model', 'StudiensemesterModel');
+
+		$this->loadPhrases([
+			'lehre'
+		]);
 	}
 
 	/**
@@ -179,8 +183,8 @@ class AntragJob extends JOB_Controller
 				$data,
 				$to,
 				'Anträge - Aktion(en) erforderlich',
-				DEFAULT_SANCHO_HEADER_IMG,
-				DEFAULT_SANCHO_FOOTER_IMG,
+				'',
+				'',
 				'',
 				$cc
 			))
@@ -412,10 +416,12 @@ class AntragJob extends JOB_Controller
 		$this->StudierendenantragModel->addSelect('studiensemester_kurzbz');
 		$this->StudierendenantragModel->addSelect('s.insertamum');
 		$this->StudierendenantragModel->addSelect('s.insertvon');
+		$this->StudierendenantragModel->addJoin('public.tbl_student pts', 'prestudent_id');
+		$this->StudierendenantragModel->addSelect('pts.student_uid');
 
 		$this->StudierendenantragModel->db->where_in(
 			'public.get_rolle_prestudent(prestudent_id, studiensemester_kurzbz)',
-			$this->config->item('antrag_prestudentstatus_whitelist')
+			$this->config->item('antrag_prestudentstatus_whitelist_abmeldung')
 		);
 
 		$result = $this->StudierendenantragModel->getWithLastStatusWhere([
@@ -449,11 +455,23 @@ class AntragJob extends JOB_Controller
 					if (isError($result))
 						$this->logError(getError($result));
 
+					$this->load->model('crm/Statusgrund_model', 'StatusgrundModel');
+					$result = $this->StatusgrundModel->loadWhere(['statusgrund_kurzbz' => 'abbrecherStgl']);
+					if (isError($result)) {
+						$this->logError(getError($result));
+						continue;
+					} elseif (!hasData($result)) {
+						$this->logError($this->p->t('lehre', 'error_noStatusgrund', ['statusgrund_kurzbz' => 'abbrecherStgl']));
+						continue;
+					}
+					
+					$statusgrund = current(getData($result));
+
 					$result = $this->prestudentlib->setAbbrecher(
 	                    $antrag->prestudent_id,
 	                    $antrag->studiensemester_kurzbz,
 	                    'AntragJob',
-	                    'abbrecherStgl',
+	                    $statusgrund->statusgrund_id,
 	                    $antrag->insertamum,
 	                    null,
 	                    $antrag->insertvon ?: $insertvon
@@ -484,7 +502,7 @@ class AntragJob extends JOB_Controller
 						$person = current(getData($result));
 						$email = $studiengang->email;
 						$dataMail = array(
-							'prestudent' => $antrag->prestudent_id,
+							'prestudent' => 'UID: ' . $antrag->student_uid . ', PreStudentId: ' . $antrag->prestudent_id,
 							'studiensemester' => $antrag->studiensemester_kurzbz,
 							'name' => trim($person->vorname . ' '. $person->nachname),
 						);

application/controllers/jobs/IssueResolver.php

@@ -9,8 +9,8 @@ class IssueResolver extends IssueResolver_Controller
 	{
 		parent::__construct();
 
-		// set fehler codes which can be resolved by the job
-		// structure: fehlercode => class (library) name for resolving
+		// set fehler codes which can be resolved by the job, with own resolver defined
+		// structure: fehlercode => class (library) name for resolving in "resolvers" folder
 		$this->_codeLibMappings = array(
 			'CORE_ZGV_0001' => 'CORE_ZGV_0001',
 			'CORE_ZGV_0002' => 'CORE_ZGV_0002',
@@ -30,7 +30,6 @@ class IssueResolver extends IssueResolver_Controller
 			'CORE_STG_0002' => 'CORE_STG_0002',
 			'CORE_STG_0003' => 'CORE_STG_0003',
 			'CORE_STG_0004' => 'CORE_STG_0004',
-			'CORE_STUDENTSTATUS_0001' => 'CORE_STUDENTSTATUS_0001',
 			'CORE_STUDENTSTATUS_0002' => 'CORE_STUDENTSTATUS_0002',
 			'CORE_STUDENTSTATUS_0003' => 'CORE_STUDENTSTATUS_0003',
 			'CORE_STUDENTSTATUS_0004' => 'CORE_STUDENTSTATUS_0004',
@@ -45,10 +44,17 @@ class IssueResolver extends IssueResolver_Controller
 			'CORE_STUDENTSTATUS_0013' => 'CORE_STUDENTSTATUS_0013',
 			'CORE_STUDENTSTATUS_0014' => 'CORE_STUDENTSTATUS_0014',
 			'CORE_STUDENTSTATUS_0015' => 'CORE_STUDENTSTATUS_0015',
+			'CORE_STUDENTSTATUS_0016' => 'CORE_STUDENTSTATUS_0016',
 			'CORE_PERSON_0001' => 'CORE_PERSON_0001',
 			'CORE_PERSON_0002' => 'CORE_PERSON_0002',
 			'CORE_PERSON_0003' => 'CORE_PERSON_0003',
 			'CORE_PERSON_0004' => 'CORE_PERSON_0004'
 		);
+
+		// fehler which are resolved by the job the same way as they are produced
+		// structure: fehlercode => class (library) name for resolving in "plausichecks" folder
+		$this->_codeProducerLibMappings = array(
+			'CORE_STUDENTSTATUS_0001' => 'AbbrecherAktiv',
+		);
 	}
 }

application/controllers/jobs/OneTimeMessages.php

@@ -51,7 +51,7 @@ class OneTimeMessages extends JOB_Controller
 			   FROM public.tbl_prestudent p
 			   JOIN public.tbl_prestudentstatus ps USING (prestudent_id)
  			   JOIN public.tbl_studiengang s USING (studiengang_kz)
-			  WHERE ps.status_kurzbz = \'Wartender\'
+			  WHERE get_rolle_prestudent(ps.prestudent_id, NULL) = \'Wartender\'
 			    AND ps.studiensemester_kurzbz = ?
 			    AND ps.datum <= NOW() - \''.$days.' days\'::interval
 			    AND s.typ = ?

application/controllers/jobs/ReihungstestJob.php

@@ -431,8 +431,8 @@ class ReihungstestJob extends JOB_Controller
 								$mailcontent_data_arr,
 								$applicant->email,
 								'Ihre Anmeldung zum Reihungstest - Reminder / Your registration for the placement test - Reminder',
-								DEFAULT_SANCHO_HEADER_IMG,
-								DEFAULT_SANCHO_FOOTER_IMG,
+								'',
+								'',
 								$from,
 								'',
 								$bcc);
@@ -876,7 +876,7 @@ class ReihungstestJob extends JOB_Controller
 							JOIN PUBLIC.tbl_studiengang ON (tbl_prestudent.studiengang_kz = tbl_studiengang.studiengang_kz)
 						WHERE tbl_prestudent.person_id = ".$row_ps->person_id."
 							AND tbl_prestudent.prestudent_id != ".$row_ps->prestudent_id."
-							AND get_rolle_prestudent (tbl_prestudent.prestudent_id, '".$row_ps->studiensemester_kurzbz."') IN ('Aufgenommener','Bewerber','Wartender')
+							AND get_rolle_prestudent (tbl_prestudent.prestudent_id, '".$row_ps->studiensemester_kurzbz."') IN ('Aufgenommener','Bewerber','Wartender', 'Student')
 							AND studiensemester_kurzbz = '".$row_ps->studiensemester_kurzbz."'
 							AND tbl_studiengang.typ IN ('b', 'm')
 							AND priorisierung > ".$row_ps->priorisierung."
@@ -894,12 +894,22 @@ class ReihungstestJob extends JOB_Controller
 					{
 						foreach ($resultNiedrPrios->retval as $rowNiedrPrios)
 						{
-							// nur Info wenn aufgenommen oder master
-							if ($rowNiedrPrios->laststatus == 'Aufgenommener' || $rowNiedrPrios->studiengang_typ == 'm')
+							// nur Info wenn aufgenommen/student oder master
+							if ($rowNiedrPrios->laststatus == 'Aufgenommener' || $rowNiedrPrios->laststatus == 'Student' || $rowNiedrPrios->studiengang_typ == 'm')
 							{
-								// Mail zur Info an Assistenz schicken, dass in höherer Prio aufgenommen wurde
-								$mailArray[$rowNiedrPrios->studiengang_kz][$rowNiedrPrios->orgform_kurzbz]['AufnahmeHoeherePrio'][]
-									= $rowNiedrPrios->nachname.' '.$rowNiedrPrios->vorname.' ('.$rowNiedrPrios->prestudent_id.')';
+
+								if ($rowNiedrPrios->laststatus == 'Aufgenommener')
+								{
+									// Mail zur Info an Assistenz schicken, dass in höherer Prio aufgenommen wurde
+									$mailArray[$rowNiedrPrios->studiengang_kz][$rowNiedrPrios->orgform_kurzbz]['AufnahmeHoeherePrio'][]
+										= $rowNiedrPrios->nachname.' '.$rowNiedrPrios->vorname.' ('.$rowNiedrPrios->prestudent_id.')';
+								}
+								else if ($rowNiedrPrios->laststatus == 'Student')
+								{
+									$mailArray[$rowNiedrPrios->studiengang_kz][$rowNiedrPrios->orgform_kurzbz]['StudentHoeherePrio'][]
+										= $rowNiedrPrios->nachname.' '.$rowNiedrPrios->vorname.' ('.$rowNiedrPrios->prestudent_id.')';
+								}
+
 							}
 							elseif ($rowNiedrPrios->laststatus == 'Bewerber' && $row_ps->prestudenstatus_datum > $rowNiedrPrios->datum)
 							{
@@ -1023,7 +1033,7 @@ class ReihungstestJob extends JOB_Controller
 			{
 				$studiengang = $this->StudiengangModel->load($stg);
 				$mailcontent = '';
-
+				$content = false;
 				foreach ($orgform AS $art=>$value)
 				{
 					// Orgform nur dazu schreiben, wenn es mehr als Eine gibt
@@ -1044,6 +1054,7 @@ class ReihungstestJob extends JOB_Controller
 							$mailcontent .= '<tr><td style="font-family: verdana, sans-serif; border: 1px solid grey; padding: 3px">'.$bewerber.'</td></tr>';
 						}
 						$mailcontent .= '</tbody></table><br><br>';
+						$content = true;
 					}
 					if (isset($value['AufnahmeHoeherePrio']) && !isEmptyArray($value['AufnahmeHoeherePrio']))
 					{
@@ -1058,6 +1069,21 @@ class ReihungstestJob extends JOB_Controller
 							$mailcontent .= '<tr><td style="font-family: verdana, sans-serif; border: 1px solid grey; padding: 3px">'.$bewerber.'</td></tr>';
 						}
 						$mailcontent .= '</tbody></table>';
+						$content = true;
+					}
+					if (isset($value['StudentHoeherePrio']) && !isEmptyArray($value['StudentHoeherePrio']))
+					{
+						$mailcontent .= '<p style="font-family: verdana, sans-serif;">
+									Folgende Studenten wurden in einem höher priorisierten Studiengang aufgenommen:</p>';
+						$mailcontent .= '<table style="border-collapse: collapse; border: 1px solid grey;">';
+						$mailcontent .= '					<tbody>';
+						sort($value['StudentHoeherePrio']);
+						foreach ($value['StudentHoeherePrio'] AS $key=>$bewerber)
+						{
+							$mailcontent .= '<tr><td style="font-family: verdana, sans-serif; border: 1px solid grey; padding: 3px">'.$bewerber.'</td></tr>';
+						}
+						$mailcontent .= '</tbody></table>';
+						$content = true;
 					}
 					if (isset($value['AbgewiesenHoeherePrio']) && !isEmptyArray($value['AbgewiesenHoeherePrio']))
 					{
@@ -1071,6 +1097,7 @@ class ReihungstestJob extends JOB_Controller
 							$mailcontent .= '<tr><td style="font-family: verdana, sans-serif; border: 1px solid grey; padding: 3px">'.$bewerber.'</td></tr>';
 						}
 						$mailcontent .= '</tbody></table>';
+						$content = true;
 					}
 					if ($bcc != '' && isset($value['AbgewiesenWeilBewerber']) && !isEmptyArray($value['AbgewiesenWeilBewerber']))
 					{
@@ -1085,13 +1112,14 @@ class ReihungstestJob extends JOB_Controller
 							$mailcontent .= '<tr><td style="font-family: verdana, sans-serif; border: 1px solid grey; padding: 3px">'.$bewerber.'</td></tr>';
 						}
 						$mailcontent .= '</tbody></table>';
+						$content = true;
 					}
 				}
 
 				$mailcontent_data_arr['table'] = $mailcontent;
 
 				// Send email in Sancho design
-				if (!isEmptyString($mailcontent))
+				if (!isEmptyString($mailcontent) && $content === true)
 				{
 					sendSanchoMail(
 						'Sancho_ReihungstestteilnehmerJob',

application/controllers/jobs/vertragsbestandteil_test/VertragsbestandteilTest.php

@@ -1,114 +0,0 @@
-<?php
-if (!defined("BASEPATH")) exit("No direct script access allowed");
-
-use vertragsbestandteil\VertragsbestandteilFactory;
-
-/**
- * Description of VertragsbestandteilTest
- *
- * @author bambi
- */
-class VertragsbestandteilTest extends JOB_Controller
-{
-
-	public function __construct()
-	{
-		parent::__construct();
-
-		$this->load->library('vertragsbestandteil/VertragsbestandteilLib', 
-			null, 'VertragsbestandteilLib');
-		$this->load->library('vertragsbestandteil/GehaltsbestandteilLib', 
-			null, 'GehaltsbestandteilLib');
-	}
-	
-	public function testFetch() 
-	{
-		$dienstverhaeltnis_id = 1;
-		$stichtag = null;
-		
-		foreach($this->VertragsbestandteilLib->fetchVertragsbestandteile(
-			$dienstverhaeltnis_id, $stichtag) as $vertragsbestandteil) 
-		{
-			//print_r($vertragsbestandteil);
-			echo $vertragsbestandteil . "\n";
-		}
-	}
-	
-	public function testUpdate() 
-	{
-		$now = new DateTime();
-		
-		$data = new stdClass();
-		$data->vertragsbestandteil_id = 32;
-		$data->von = '2022-12-05';
-		
-		$data->wochenstunden = 45.0;
-		$data->vertragsbestandteiltyp_kurzbz = VertragsbestandteilFactory::VERTRAGSBESTANDTEIL_STUNDEN;
-		
-		$vb = VertragsbestandteilFactory::getVertragsbestandteil($data);
-		
-		try
-		{
-			$this->VertragsbestandteilLib->storeVertragsbestandteil($vb);
-			echo "Update successful.\n";
-		}
-		catch( Exception $ex ) 
-		{
-			echo "Update failed.\n";
-		}
-	}
-
-	
-	public function testInsert()
-	{
-		$now = new DateTime();
-		
-		$data = new stdClass();
-		$data->dienstverhaeltnis_id = 1;
-		$data->von = '2022-12-01';
-		$data->insertamum = $now->format(DateTime::ATOM);
-		$data->insertvon = 'ma0080';
-		$data->vertragsbestandteiltyp_kurzbz = VertragsbestandteilFactory::VERTRAGSBESTANDTEIL_FUNKTION;
-		
-		$data->benutzerfunktion_id = 112667;
-		$data->anmerkung = 'test funkton';
-		$data->kuendigungsrelevant = false;
-		
-		$vb = VertragsbestandteilFactory::getVertragsbestandteil($data);
-		
-		try
-		{
-			$this->VertragsbestandteilLib->storeVertragsbestandteil($vb);
-			echo "Insert successful.\n";
-		}
-		catch( Exception $ex ) 
-		{
-			echo "Insert failed.\n";
-		}
-	}
-	
-	public function testGehaltsbestandteilInsert() 
-	{
-		$data = new stdClass();
-		$data->gehaltsbestandteil_id = 2;
-		/*
-		$data->dienstverhaeltnis_id = 39;
-		$data->vertragsbestandteil_id = 123;
-		$data->gehaltstyp_kurzbz = 'zulage';
-		$data->von = '2023-04-01';
-		$data->bis = '2023-08-31';
-		$data->anmerkung = 'test anmerkung';
-		$data->grundbetrag = 100;
-		$data->betrag_valorisiert = 100;
-		$data->valorisierung = true;
-		*/
-		$data->auszahlungen = 12;
-		
-		$gb = new \vertragsbestandteil\Gehaltsbestandteil();
-		$gb->hydrateByStdClass($data);
-		
-		print_r($gb->toStdClass());
-		
-		$this->GehaltsbestandteilLib->storeGehaltsbestandteil($gb);
-	}
-}

application/controllers/lehre/Pruefungsprotokoll.php

@@ -6,58 +6,59 @@ if (! defined('BASEPATH')) exit('No direct script access allowed');
  */
 class Pruefungsprotokoll extends Auth_Controller
 {
-    private $_uid;  // uid of the logged user
+	private $_uid;  // uid of the logged user
 
-    /**
-     * Constructor
-     */
-    public function __construct()
-    {
-        // Set required permissions
-        parent::__construct(
-            array(
-                'index' => 'lehre/pruefungsbeurteilung:r',
-                'Protokoll' => 'lehre/pruefungsbeurteilung:r',
-                'saveProtokoll' => 'lehre/pruefungsbeurteilung:rw',
-            )
-        );
+	/**
+	 * Constructor
+	 */
+	public function __construct()
+	{
+		// Set required permissions
+		parent::__construct(
+			array(
+				'index' => 'lehre/pruefungsbeurteilung:r',
+				'Protokoll' => 'lehre/pruefungsbeurteilung:r',
+				'showProtokoll' => 'lehre/pruefungsbeurteilung:r',
+				'saveProtokoll' => 'lehre/pruefungsbeurteilung:rw',
+			)
+		);
 
-        // Load models
-        $this->load->model('education/Abschlusspruefung_model', 'AbschlusspruefungModel');
-        $this->load->model('education/Abschlussbeurteilung_model', 'AbschlussbeurteilungModel');
+		// Load models
+		$this->load->model('education/Abschlusspruefung_model', 'AbschlusspruefungModel');
+		$this->load->model('education/Abschlussbeurteilung_model', 'AbschlussbeurteilungModel');
 
-        $this->load->library('PermissionLib');
-        $this->load->library('AuthLib');
+		$this->load->library('PermissionLib');
+		$this->load->library('AuthLib');
 
-        // Load language phrases
-        $this->loadPhrases(
-            array(
-            	'ui',
-                'global',
-                'person',
-                'abschlusspruefung',
+		// Load language phrases
+		$this->loadPhrases(
+			array(
+				'ui',
+				'global',
+				'person',
+				'abschlusspruefung',
 				'password',
 				'lehre'
-            )
-        );
+			)
+		);
 
-        $this->_setAuthUID(); // sets property uid
+		$this->_setAuthUID(); // sets property uid
 
-        $this->setControllerId(); // sets the controller id
-    }
+		$this->setControllerId(); // sets the controller id
+	}
 
-    // -----------------------------------------------------------------------------------------------------------------
-    // Public methods
+	// -----------------------------------------------------------------------------------------------------------------
+	// Public methods
 	public function index()
 	{
 		$this->load->library('WidgetLib');
-		
+
 		// Protokolle anzeigen seit heute / letzte Woche / alle
 		$period = $this->input->post('period');
 		$period = (!is_null($period)) ? $period : 'today';
-		
+
 		$data = array('period' => $period);
-		
+
 		$this->load->view('lehre/pruefungsprotokollUebersicht.php', $data);
 	}
 
@@ -66,47 +67,15 @@ class Pruefungsprotokoll extends Auth_Controller
 	 */
 	public function Protokoll()
 	{
-		$abschlusspruefung_id = $this->input->get('abschlusspruefung_id');
+		$this->load->view('lehre/pruefungsprotokoll.php', $this->_getPruefungsprotokollData());
+	}
 
-		if (!is_numeric($abschlusspruefung_id))
-			show_error('invalid abschlusspruefung');
-
-		$abschlusspruefung_saved = false;
-		$abschlusspruefung = $this->_getAbschlusspruefungBerechtigt($abschlusspruefung_id);
-
-		if (isError($abschlusspruefung))
-			show_error(getError($abschlusspruefung));
-		else
-		{
-			$abschlusspruefung = getData($abschlusspruefung);
-			$abschlusspruefung_saved = isset($abschlusspruefung->protokoll) && isset($abschlusspruefung->abschlussbeurteilung_kurzbz);
-		}
-
-		$this->AbschlussbeurteilungModel->addOrder("sort", "ASC");
-		$this->AbschlussbeurteilungModel->addOrder("(CASE WHEN abschlussbeurteilung_kurzbz = 'ausgezeichnet' THEN 1
-														WHEN abschlussbeurteilung_kurzbz = 'gut' THEN 2
-														WHEN abschlussbeurteilung_kurzbz = 'bestanden' THEN 3
-														WHEN abschlussbeurteilung_kurzbz = 'angerechnet' THEN 4
-														ELSE 5
-														END
-													)");
-		$abschlussbeurteilung = $this->AbschlussbeurteilungModel->load();
-
-		if (isError($abschlussbeurteilung))
-			show_error(getError($abschlussbeurteilung));
-		else
-			$abschlussbeurteilung = getData($abschlussbeurteilung);
-
-		$language = getUserLanguage();
-
-		$data = array(
-			'abschlusspruefung' => $abschlusspruefung,
-			'abschlussbeurteilung' => $abschlussbeurteilung,
-			'abschlusspruefung_saved' => $abschlusspruefung_saved,
-			'language' => $language
-		);
-
-		$this->load->view('lehre/pruefungsprotokoll.php', $data);
+	/**
+	 * Show Pruefungsprotokoll.
+	 */
+	public function showProtokoll()
+	{
+		$this->load->view('lehre/pruefungsprotokoll.php', array_merge($this->_getPruefungsprotokollData(), array('readonly' => true)));
 	}
 
 	/**
@@ -168,18 +137,66 @@ class Pruefungsprotokoll extends Auth_Controller
 			$this->outputJsonError($this->p->t('ui', 'ungueltigeParameter'));
 	}
 
-    // -----------------------------------------------------------------------------------------------------------------
-    // Private methods
+	// -----------------------------------------------------------------------------------------------------------------
+	// Private methods
 
-    /**
-     * Retrieve the UID of the logged user and checks if it is valid
-     */
-    private function _setAuthUID()
-    {
-        $this->_uid = getAuthUID();
+	/**
+	 * Retrieve the UID of the logged user and checks if it is valid
+	 */
+	private function _setAuthUID()
+	{
+		$this->_uid = getAuthUID();
 
-        if (!$this->_uid) show_error('User authentification failed');
-    }
+		if (!$this->_uid) show_error('User authentification failed');
+	}
+
+	/**
+	 *
+	 * @param
+	 * @return object success or error
+	 */
+	private function _getPruefungsprotokollData()
+	{
+		$abschlusspruefung_id = $this->input->get('abschlusspruefung_id');
+
+		if (!is_numeric($abschlusspruefung_id))
+			show_error('invalid abschlusspruefung');
+
+		$abschlusspruefung_saved = false;
+		$abschlusspruefung = $this->_getAbschlusspruefungBerechtigt($abschlusspruefung_id);
+
+		if (isError($abschlusspruefung))
+			show_error(getError($abschlusspruefung));
+		else
+		{
+			$abschlusspruefung = getData($abschlusspruefung);
+			$abschlusspruefung_saved = isset($abschlusspruefung->protokoll) && isset($abschlusspruefung->abschlussbeurteilung_kurzbz);
+		}
+
+		$this->AbschlussbeurteilungModel->addOrder("sort", "ASC");
+		$this->AbschlussbeurteilungModel->addOrder("(CASE WHEN abschlussbeurteilung_kurzbz = 'ausgezeichnet' THEN 1
+														WHEN abschlussbeurteilung_kurzbz = 'gut' THEN 2
+														WHEN abschlussbeurteilung_kurzbz = 'bestanden' THEN 3
+														WHEN abschlussbeurteilung_kurzbz = 'angerechnet' THEN 4
+														ELSE 5
+														END
+													)");
+		$abschlussbeurteilung = $this->AbschlussbeurteilungModel->load();
+
+		if (isError($abschlussbeurteilung))
+			show_error(getError($abschlussbeurteilung));
+		else
+			$abschlussbeurteilung = getData($abschlussbeurteilung);
+
+		$language = getUserLanguage();
+
+		return array(
+			'abschlusspruefung' => $abschlusspruefung,
+			'abschlussbeurteilung' => $abschlussbeurteilung,
+			'abschlusspruefung_saved' => $abschlusspruefung_saved,
+			'language' => $language
+		);
+	}
 
 	/**
 	 * Retrieves an Abschlussprüfung, with permission check
@@ -187,7 +204,7 @@ class Pruefungsprotokoll extends Auth_Controller
 	 * @param $abschlusspruefung_id
 	 * @return object success or error
 	 */
-    private function _getAbschlusspruefungBerechtigt($abschlusspruefung_id)
+	private function _getAbschlusspruefungBerechtigt($abschlusspruefung_id)
 	{
 		$result = error('Error when getting Abschlusspruefung');
 

application/controllers/lehre/Studierendenantrag.php

@@ -21,6 +21,7 @@ class Studierendenantrag extends FHC_Controller
 
 		// Load Models
 		$this->load->model('education/Studierendenantrag_model', 'StudierendenantragModel');
+		$this->load->model('person/Person_model', 'PersonModel');
 
 		// Load language phrases
 		$this->loadPhrases([
@@ -102,6 +103,7 @@ class Studierendenantrag extends FHC_Controller
 
 	public function abmeldungstgl($prestudent_id, $studierendenantrag_id = null)
 	{
+
 		$this->load->view('lehre/Antrag/Create', [
 			'prestudent_id' => $prestudent_id,
 			'studierendenantrag_id' => $studierendenantrag_id,
@@ -185,4 +187,4 @@ class Studierendenantrag extends FHC_Controller
 
 		return $strRequiredPermissions;
 	}
-}
+}

application/controllers/lehre/anrechnung/ApproveAnrechnungDetail.php

@@ -22,14 +22,14 @@ class approveAnrechnungDetail extends Auth_Controller
 		// Set required permissions
 		parent::__construct(
 			array(
-				'index'     => 'lehre/anrechnung_genehmigen:r',
-				'download'  => 'lehre/anrechnung_genehmigen:r',
-				'approve'   => 'lehre/anrechnung_genehmigen:rw',
-				'reject'    => 'lehre/anrechnung_genehmigen:rw',
-				'requestRecommendation' => 'lehre/anrechnung_genehmigen:rw',
-				'withdraw' => 'lehre/anrechnung_genehmigen:rw',
-				'withdrawRequestRecommendation' => 'lehre/anrechnung_genehmigen:rw',
-				'saveEmpfehlungsNotiz' => 'lehre/anrechnung_genehmigen:rw'
+				'index'     => self::BERECHTIGUNG_ANRECHNUNG_GENEHMIGEN .':r',
+				'download'  => self::BERECHTIGUNG_ANRECHNUNG_GENEHMIGEN .':r',
+				'approve'   => self::BERECHTIGUNG_ANRECHNUNG_GENEHMIGEN .':rw',
+				'reject'    => self::BERECHTIGUNG_ANRECHNUNG_GENEHMIGEN .':rw',
+				'requestRecommendation' => self::BERECHTIGUNG_ANRECHNUNG_GENEHMIGEN .':rw',
+				'withdraw' => self::BERECHTIGUNG_ANRECHNUNG_GENEHMIGEN .':rw',
+				'withdrawRequestRecommendation' => self::BERECHTIGUNG_ANRECHNUNG_GENEHMIGEN .':rw',
+				'saveEmpfehlungsNotiz' => self::BERECHTIGUNG_ANRECHNUNG_GENEHMIGEN .':rw'
 			)
 		);
 
@@ -140,6 +140,9 @@ class approveAnrechnungDetail extends Auth_Controller
 		// Approve Anrechnung
 		foreach ($data as $item)
 		{
+			if (!$this->_checkBerechtigung($item['anrechnung_id']))
+				continue;
+
 			if ($this->anrechnunglib->approveAnrechnung($item['anrechnung_id']))
 			{
 				$json[]= array(
@@ -185,6 +188,9 @@ class approveAnrechnungDetail extends Auth_Controller
 		// Reject Anrechnung
 		foreach ($data as $item)
 		{
+			if (!$this->_checkBerechtigung($item['anrechnung_id']))
+				continue;
+
 			if ($this->anrechnunglib->rejectAnrechnung($item['anrechnung_id'], $item['begruendung']))
 			{
 				$json[]= array(
@@ -220,6 +226,9 @@ class approveAnrechnungDetail extends Auth_Controller
 			return $this->outputJsonError('Fehler beim Übertragen der Daten.');
 		}
 
+		if (!$this->_checkBerechtigung($anrechnung_id))
+			$this->terminateWithJsonError($this->p->t('ui', 'fehlerBeimSpeichern'));
+
 		$retval = array();
         
         // Check if Anrechnungs-LV has lector
@@ -285,6 +294,9 @@ class approveAnrechnungDetail extends Auth_Controller
 			$this->terminateWithJsonError($this->p->t('ui', 'errorFelderFehlen'));
 		}
 
+		if (!$this->_checkBerechtigung($anrechnung_id))
+			$this->terminateWithJsonError($this->p->t('ui', 'fehlerBeimSpeichern'));
+
 		// Delete last status approved / rejected.
 		// If last status is 'approved', Genehmigung is resetted.
 		$result = $this->AnrechnungModel->withdrawApprovement($anrechnung_id);
@@ -313,6 +325,9 @@ class approveAnrechnungDetail extends Auth_Controller
 			show_error('Wrong parameter.');
 		}
 
+		if (!$this->_checkBerechtigung($anrechnung_id))
+			$this->terminateWithJsonError($this->p->t('ui', 'fehlerBeimSpeichern'));
+
 		// Get boolean empfehlung of given Anrechnung
 		if (!$result = getData($this->AnrechnungModel->load($anrechnung_id))[0])
 		{
@@ -362,6 +377,9 @@ class approveAnrechnungDetail extends Auth_Controller
 			$this->terminateWithJsonError($this->p->t('ui', 'systemFehler'));
 		}
 
+		if (!$this->_checkBerechtigung($anrechnung_id))
+			$this->terminateWithJsonError($this->p->t('ui', 'fehlerBeimSpeichern'));
+
 		// Save Empfehlungstext
 		$result = self::_saveEmpfehlungsNotiz($anrechnung_id, $empfehlungstext, $notiz_id);
 
@@ -601,4 +619,17 @@ class approveAnrechnungDetail extends Auth_Controller
 			$this->_uid
 		);
 	}
+
+	private function _checkBerechtigung($anrechnung_id)
+	{
+		$this->AnrechnungModel->addJoin('tbl_prestudent', 'prestudent_id');
+		$result = $this->AnrechnungModel->loadWhere(array('anrechnung_id' => $anrechnung_id));
+
+		if (isError($result) || !hasData($result))
+			show_error('Failed retrieving anrechnung');
+
+		$antragData = getData($result)[0];
+
+		return $this->permissionlib->isBerechtigt(self::BERECHTIGUNG_ANRECHNUNG_GENEHMIGEN, 'suid', $antragData->studiengang_kz);
+	}
 }

application/controllers/lehre/anrechnung/ApproveAnrechnungUebersicht.php

@@ -20,11 +20,11 @@ class approveAnrechnungUebersicht extends Auth_Controller
 		// Set required permissions
 		parent::__construct(
 			array(
-				'index'     => 'lehre/anrechnung_genehmigen:r',
-				'download'  => 'lehre/anrechnung_genehmigen:r',
-				'approve'   => 'lehre/anrechnung_genehmigen:rw',
-				'reject'    => 'lehre/anrechnung_genehmigen:rw',
-				'requestRecommendation' => 'lehre/anrechnung_genehmigen:rw'
+				'index'     => self::BERECHTIGUNG_ANRECHNUNG_GENEHMIGEN . ':r',
+				'download'  => self::BERECHTIGUNG_ANRECHNUNG_GENEHMIGEN . ':r',
+				'approve'   => self::BERECHTIGUNG_ANRECHNUNG_GENEHMIGEN . ':rw',
+				'reject'    => self::BERECHTIGUNG_ANRECHNUNG_GENEHMIGEN . ':rw',
+				'requestRecommendation' => self::BERECHTIGUNG_ANRECHNUNG_GENEHMIGEN . ':rw'
 			)
 		);
 
@@ -135,6 +135,9 @@ class approveAnrechnungUebersicht extends Auth_Controller
 		// Approve Anrechnung
 		foreach ($data as $item)
 		{
+			if (!$this->_checkBerechtigung($item['anrechnung_id']))
+				continue;
+
             // Get Prestudent
             $this->AnrechnungModel->addSelect('prestudent_id');
             $result = $this->AnrechnungModel->load($item['anrechnung_id']);
@@ -174,6 +177,9 @@ class approveAnrechnungUebersicht extends Auth_Controller
 		// Reject Anrechnung
 		foreach ($data as $item)
 		{
+			if (!$this->_checkBerechtigung($item['anrechnung_id']))
+				continue;
+
 			if ($this->anrechnunglib->rejectAnrechnung($item['anrechnung_id'], $item['begruendung']))
 			{
 				$json[]= array(
@@ -212,6 +218,9 @@ class approveAnrechnungUebersicht extends Auth_Controller
 
 		foreach ($data as $item)
 		{
+			if (!$this->_checkBerechtigung($item['anrechnung_id']))
+				continue;
+
 			// Check if Anrechnungs-LV has lector
 			if (!$this->anrechnunglib->LVhasLector($item['anrechnung_id']))
 			{
@@ -483,4 +492,17 @@ class approveAnrechnungUebersicht extends Auth_Controller
 
         return $oeLeitung_arr;
     }
+
+	private function _checkBerechtigung($anrechnung_id)
+	{
+		$this->AnrechnungModel->addJoin('tbl_prestudent', 'prestudent_id');
+		$result = $this->AnrechnungModel->loadWhere(array('anrechnung_id' => $anrechnung_id));
+
+		if (isError($result) || !hasData($result))
+			show_error('Failed retrieving anrechnung');
+
+		$antragData = getData($result)[0];
+
+		return $this->permissionlib->isBerechtigt(self::BERECHTIGUNG_ANRECHNUNG_GENEHMIGEN, 'suid', $antragData->studiengang_kz);
+	}
 }

application/controllers/lehre/anrechnung/CreateAnrechnung.php

@@ -13,9 +13,9 @@ class CreateAnrechnung extends Auth_Controller
 		// Set required permissions
 		parent::__construct(
 			array(
-				'index'     => 'lehre/anrechnung_anlegen:r',
-				'getLVsByStudent' => 'lehre/anrechnung_anlegen:r',
-				'create' => 'lehre/anrechnung_anlegen:rw'
+				'index'     => self::BERECHTIGUNG_ANRECHNUNG_ANLEGEN . ':r',
+				'getLVsByStudent' => self::BERECHTIGUNG_ANRECHNUNG_ANLEGEN . ':r',
+				'create' => self::BERECHTIGUNG_ANRECHNUNG_ANLEGEN . ':rw'
 			)
 		);
 		
@@ -24,6 +24,7 @@ class CreateAnrechnung extends Auth_Controller
 		$this->load->model('education/Anrechnungstatus_model', 'AnrechnungstatusModel');
 		$this->load->model('content/DmsVersion_model', 'DmsVersionModel');
 		$this->load->model('crm/Student_model', 'StudentModel');
+		$this->load->model('crm/Prestudent_model', 'PrestudentModel');
 		$this->load->model('education/Lehrveranstaltung_model', 'LehrveranstaltungModel');
 		
 		// Load libraries
@@ -67,13 +68,22 @@ class CreateAnrechnung extends Auth_Controller
 			$result = $this->StudiensemesterModel->getNearest();
 			$studiensemester_kurzbz = getData($result)[0]->studiensemester_kurzbz;
 		}
-		
+
+		$studiengang_kz_arr = array();
 		// Get Studiengaenge the user is entitled for
-		if (!$studiengang_kz_arr = $this->permissionlib->getSTG_isEntitledFor(self::BERECHTIGUNG_ANRECHNUNG_ANLEGEN))
+		if ($studiengaenge = $this->permissionlib->getSTG_isEntitledFor(self::BERECHTIGUNG_ANRECHNUNG_ANLEGEN, 'suid'))
 		{
-			show_error('Failed retrieving Studiengaenge');
+			foreach($studiengaenge as $studiengang)
+			{
+				$berechtigt = $this->permissionlib->isBerechtigt(self::BERECHTIGUNG_ANRECHNUNG_ANLEGEN, 'suid', $studiengang);
+
+				if ($berechtigt)
+					$studiengang_kz_arr[]= $studiengang;
+			}
 		}
-		
+		else
+			show_error('Failed retrieving Studiengaenge');
+
 		// Get Anrechnungsbegruendungen
 		$this->load->model('education/Anrechnungbegruendung_model', 'AnrechnungbegruendungModel');
 		$begruendung_arr = getData($this->AnrechnungbegruendungModel->load());
@@ -124,7 +134,17 @@ class CreateAnrechnung extends Auth_Controller
 		$lehrveranstaltung_id = $this->input->post('lehrveranstaltung_id');
 		$begruendung_id = $this->input->post('begruendung_id');
 		$herkunftKenntnisse = $this->input->post('herkunftKenntnisse');
-		
+
+		$prestudent = $this->PrestudentModel->load(array('prestudent_id' => $prestudent_id));
+
+		if (!hasData($prestudent) || isError($prestudent))
+			$this->terminateWithJsonError($this->p->t('ui', 'keineBerechtigung'));
+
+		$studiengang = getData($prestudent)[0]->studiengang_kz;
+
+		if (!$this->permissionlib->isBerechtigt(self::BERECHTIGUNG_ANRECHNUNG_ANLEGEN, 'suid', $studiengang))
+			$this->terminateWithJsonError($this->p->t('ui', 'keineBerechtigung'));
+
 		// Validate upload file
 		if (empty($_FILES['uploadfile']['name']))
 		{

application/controllers/lehre/anrechnung/RequestAnrechnung.php

@@ -111,8 +111,13 @@ class requestAnrechnung extends Auth_Controller
 		$lehrveranstaltung_id = $this->input->post('lv_id');
 		$studiensemester_kurzbz = $this->input->post('studiensemester');
 		$bestaetigung = $this->input->post('bestaetigung');
-		$begruendung_ects = $this->input->post('begruendung_ects');
-		$begruendung_lvinhalt = $this->input->post('begruendung_lvinhalt');
+		$begruendung_ects = $this->config->item('explain_equivalence') === TRUE
+			? $this->input->post('begruendung_ects')
+			: NULL;
+		$begruendung_lvinhalt = $this->config->item('explain_equivalence') === TRUE
+			? $this->input->post('begruendung_lvinhalt')
+			: NULL;
+
 
 		// Validate data
 		if (empty($_FILES['uploadfile']['name']))
@@ -124,8 +129,8 @@ class requestAnrechnung extends Auth_Controller
 			isEmptyString($anmerkung) ||
 			isEmptyString($lehrveranstaltung_id) ||
 			isEmptyString($studiensemester_kurzbz) ||
-			isEmptyString($begruendung_ects) ||
-			isEmptyString($begruendung_lvinhalt))
+			($this->config->item('explain_equivalence') === TRUE && isEmptyString($begruendung_ects)) ||
+			($this->config->item('explain_equivalence') === TRUE && isEmptyString($begruendung_lvinhalt)))
 		{
 			return $this->outputJsonError($this->p->t('ui', 'errorFelderFehlen'));
 		}
@@ -168,7 +173,7 @@ class requestAnrechnung extends Auth_Controller
 		
 		// Hold just inserted DMS ID
 		$lastInsert_dms_id = $result->retval['dms_id'];
-		
+
 		// Save Anrechnung and Anrechnungstatus
 		$result = $this->AnrechnungModel->createAnrechnungsantrag(
 			$prestudent_id,

application/controllers/lehre/anrechnung/ReviewAnrechnungDetail.php

@@ -21,10 +21,10 @@ class reviewAnrechnungDetail extends Auth_Controller
 		// Set required permissions
 		parent::__construct(
 			array(
-				'index'     => 'lehre/anrechnung_empfehlen:rw',
-				'download'  => 'lehre/anrechnung_empfehlen:rw',
-				'recommend'   => 'lehre/anrechnung_empfehlen:rw',
-				'dontRecommend'   => 'lehre/anrechnung_empfehlen:rw'
+				'index'     => self::BERECHTIGUNG_ANRECHNUNG_EMPFEHLEN . ':rw',
+				'download'  => self::BERECHTIGUNG_ANRECHNUNG_EMPFEHLEN . ':rw',
+				'recommend'   => self::BERECHTIGUNG_ANRECHNUNG_EMPFEHLEN . ':rw',
+				'dontRecommend'   => self::BERECHTIGUNG_ANRECHNUNG_EMPFEHLEN . ':rw'
 			)
 		);
 
@@ -127,17 +127,23 @@ class reviewAnrechnungDetail extends Auth_Controller
 
 		foreach ($data as $item)
 		{
-			// Approve Anrechnung
-			if($this->anrechnunglib->recommendAnrechnung($item['anrechnung_id']))
+			$empfehlungData = $this->anrechnunglib->getEmpfehlungData($item['anrechnung_id']);
+			$isEmpfehlungsberechtigt = $this->anrechnunglib->isEmpfehlungsberechtigt($item['anrechnung_id']);
+
+			if (is_null($empfehlungData) && $isEmpfehlungsberechtigt)
 			{
-				$json[]= array(
-					'anrechnung_id'         => $item['anrechnung_id'],
-					'empfehlung_anrechnung' => 'true',
-					'status_kurzbz'         => self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL,
-					'status_bezeichnung'    => $this->anrechnunglib->getStatusbezeichnung(self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL),
-					'empfehlung_am'          => (new DateTime())->format('d.m.Y'),
-					'empfehlung_von'         => $person->vorname. ' '. $person->nachname
-				);
+				// Approve Anrechnung
+				if($this->anrechnunglib->recommendAnrechnung($item['anrechnung_id']))
+				{
+					$json[]= array(
+						'anrechnung_id'         => $item['anrechnung_id'],
+						'empfehlung_anrechnung' => 'true',
+						'status_kurzbz'         => self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL,
+						'status_bezeichnung'    => $this->anrechnunglib->getStatusbezeichnung(self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL),
+						'empfehlung_am'          => (new DateTime())->format('d.m.Y'),
+						'empfehlung_von'         => $person->vorname. ' '. $person->nachname
+					);
+				}
 			}
 		}
 
@@ -184,18 +190,25 @@ class reviewAnrechnungDetail extends Auth_Controller
 
 		foreach ($data as $item)
 		{
-			// Approve Anrechnung
-			if($this->anrechnunglib->dontRecommendAnrechnung($item['anrechnung_id'], $item['begruendung']))
+			$empfehlungData = $this->anrechnunglib->getEmpfehlungData($item['anrechnung_id']);
+			$isEmpfehlungsberechtigt = $this->anrechnunglib->isEmpfehlungsberechtigt($item['anrechnung_id']);
+
+			if (is_null($empfehlungData) && $isEmpfehlungsberechtigt)
 			{
-				$json[]= array(
-					'anrechnung_id'         => $item['anrechnung_id'],
-					'empfehlung_anrechnung' => 'false',
-					'status_kurzbz'         => self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL,
-					'status_bezeichnung'    => $this->anrechnunglib->getStatusbezeichnung(self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL),
-					'empfehlung_am'          => (new DateTime())->format('d.m.Y'),
-					'empfehlung_von'         => $person->vorname. ' '. $person->nachname
-				);
+				// Approve Anrechnung
+				if($this->anrechnunglib->dontRecommendAnrechnung($item['anrechnung_id'], $item['begruendung']))
+				{
+					$json[]= array(
+						'anrechnung_id'         => $item['anrechnung_id'],
+						'empfehlung_anrechnung' => 'false',
+						'status_kurzbz'         => self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL,
+						'status_bezeichnung'    => $this->anrechnunglib->getStatusbezeichnung(self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL),
+						'empfehlung_am'          => (new DateTime())->format('d.m.Y'),
+						'empfehlung_von'         => $person->vorname. ' '. $person->nachname
+					);
+				}
 			}
+
 		}
 
 		// Output json to ajax
@@ -256,7 +269,7 @@ class reviewAnrechnungDetail extends Auth_Controller
 
 	/**
 	 * Check if user is entitled to read dms doc
-	 * @param $dms_id
+	 * @param $anrechnung_id
 	 */
 	private function _checkIfEntitledToReadAnrechnung($anrechnung_id)
 	{

application/controllers/lehre/anrechnung/ReviewAnrechnungUebersicht.php

@@ -19,10 +19,10 @@ class reviewAnrechnungUebersicht extends Auth_Controller
 		// Set required permissions
 		parent::__construct(
 			array(
-				'index'     => 'lehre/anrechnung_empfehlen:rw',
-				'download'  => 'lehre/anrechnung_empfehlen:rw',
-				'recommend'   => 'lehre/anrechnung_empfehlen:rw',
-				'dontRecommend'   => 'lehre/anrechnung_empfehlen:rw'
+				'index'     => self::BERECHTIGUNG_ANRECHNUNG_EMPFEHLEN . ':rw',
+				'download'  => self::BERECHTIGUNG_ANRECHNUNG_EMPFEHLEN . ':rw',
+				'recommend'   => self::BERECHTIGUNG_ANRECHNUNG_EMPFEHLEN . ':rw',
+				'dontRecommend'   => self::BERECHTIGUNG_ANRECHNUNG_EMPFEHLEN . ':rw'
 			)
 		);
 
@@ -96,15 +96,21 @@ class reviewAnrechnungUebersicht extends Auth_Controller
 
 		foreach ($data as $item)
 		{
-			// Approve Anrechnung
-			if($this->anrechnunglib->recommendAnrechnung($item['anrechnung_id']))
+			$empfehlungData = $this->anrechnunglib->getEmpfehlungData($item['anrechnung_id']);
+			$isEmpfehlungsberechtigt = $this->anrechnunglib->isEmpfehlungsberechtigt($item['anrechnung_id']);
+
+			if (is_null($empfehlungData) && $isEmpfehlungsberechtigt)
 			{
-				$json[]= array(
-					'anrechnung_id'         => $item['anrechnung_id'],
-					'empfehlung_anrechnung' => 'true',
-					'status_kurzbz'         => self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL,
-					'status_bezeichnung'    => $this->anrechnunglib->getStatusbezeichnung(self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL)
-				);
+				// Approve Anrechnung
+				if($this->anrechnunglib->recommendAnrechnung($item['anrechnung_id']))
+				{
+					$json[]= array(
+						'anrechnung_id'         => $item['anrechnung_id'],
+						'empfehlung_anrechnung' => 'true',
+						'status_kurzbz'         => self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL,
+						'status_bezeichnung'    => $this->anrechnunglib->getStatusbezeichnung(self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL)
+					);
+				}
 			}
 		}
 
@@ -145,15 +151,21 @@ class reviewAnrechnungUebersicht extends Auth_Controller
 
 		foreach ($data as $item)
 		{
-			// Approve Anrechnung
-			if($this->anrechnunglib->dontRecommendAnrechnung($item['anrechnung_id'], $item['begruendung']))
+			$empfehlungData = $this->anrechnunglib->getEmpfehlungData($item['anrechnung_id']);
+			$isEmpfehlungsberechtigt = $this->anrechnunglib->isEmpfehlungsberechtigt($item['anrechnung_id']);
+
+			if (is_null($empfehlungData) && $isEmpfehlungsberechtigt)
 			{
-				$json[]= array(
-					'anrechnung_id'         => $item['anrechnung_id'],
-					'empfehlung_anrechnung' => 'false',
-					'status_kurzbz'         => self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL,
-					'status_bezeichnung'    => $this->anrechnunglib->getStatusbezeichnung(self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL)
-				);
+				// Approve Anrechnung
+				if($this->anrechnunglib->dontRecommendAnrechnung($item['anrechnung_id'], $item['begruendung']))
+				{
+					$json[]= array(
+						'anrechnung_id'         => $item['anrechnung_id'],
+						'empfehlung_anrechnung' => 'false',
+						'status_kurzbz'         => self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL,
+						'status_bezeichnung'    => $this->anrechnunglib->getStatusbezeichnung(self::ANRECHNUNGSTATUS_PROGRESSED_BY_STGL)
+					);
+				}
 			}
 		}
 

application/controllers/lehre/lvplanung/LvTemplateUebersicht.php

@@ -0,0 +1,45 @@
+<?php
+if (! defined('BASEPATH')) exit('No direct script access allowed');
+
+class LvTemplateUebersicht extends Auth_Controller
+{
+	public function __construct()
+	{
+		// Set required permissions
+		parent::__construct(
+			array(
+				'index' => 'lehre/lehrveranstaltung:rw',
+			)
+		);
+
+		// Load libraries
+		$this->load->library('AuthLib');
+
+
+		// Load language phrases
+		$this->loadPhrases(
+			array(
+				'global',
+				'lehre'
+			)
+		);
+
+		$this->_setAuthUID();
+	}
+
+	public function index()
+	{
+		$this->load->view('lehre/lvplanung/lvTemplateUebersicht.php');
+	}
+
+
+	/**
+	 * Retrieve the UID of the logged user and checks if it is valid
+	 */
+	private function _setAuthUID()
+	{
+		$this->_uid = getAuthUID();
+
+		if (!$this->_uid) show_error('User authentification failed');
+	}
+}

application/controllers/person/Gruppenmanagement.php

@@ -29,6 +29,7 @@ class Gruppenmanagement extends Auth_Controller
 		$this->load->model('person/benutzer_model', 'BenutzerModel');
 		$this->load->model('ressource/mitarbeiter_model', 'MitarbeiterModel');
 		$this->load->model('person/benutzergruppe_model', 'BenutzergruppeModel');
+		$this->load->model('person/gruppe_manager_model', 'GruppemanagerModel');
 		$this->load->model('system/Log_model', 'LogModel');
 
 		$this->load->library('WidgetLib');
@@ -117,6 +118,27 @@ class Gruppenmanagement extends Auth_Controller
 			$result = error('Uid missing');
 		else
 		{
+			$this->GruppemanagerModel->addSelect('1');
+			$isManagerRes = $this->GruppemanagerModel->loadWhere(
+				array(
+					'uid' => $this->_uid,
+					'gruppe_kurzbz' => $gruppe_kurzbz
+				)
+			);
+
+			if (isError($isManagerRes))
+			{
+				$this->outputJsonError(getError($isManagerRes));
+				return;
+			}
+
+			if (!hasData($isManagerRes))
+			{
+				$this->outputJsonError($this->p->t('gruppenmanagement', 'nichtZumEditierenDerGruppeBerechtigt'));
+				return;
+			}
+
+			$this->BenutzergruppeModel->addSelect('1');
 			$benutzerExistsRes = $this->BenutzergruppeModel->loadWhere(
 				array(
 					'uid' => $uid,
@@ -170,6 +192,26 @@ class Gruppenmanagement extends Auth_Controller
 			$result = error('Uid missing');
 		else
 		{
+			$this->GruppemanagerModel->addSelect('1');
+			$isManagerRes = $this->GruppemanagerModel->loadWhere(
+				array(
+					'uid' => $this->_uid,
+					'gruppe_kurzbz' => $gruppe_kurzbz
+				)
+			);
+
+			if (isError($isManagerRes))
+			{
+				$this->outputJsonError(getError($isManagerRes));
+				return;
+			}
+
+			if (!hasData($isManagerRes))
+			{
+				$this->outputJsonError($this->p->t('gruppenmanagement', 'nichtZumEditierenDerGruppeBerechtigt'));
+				return;
+			}
+
 			$result = $this->BenutzergruppeModel->delete(
 				array(
 					'uid' => $uid,

application/controllers/system/MigrateContract.php

@@ -16,7 +16,9 @@ class MigrateContract extends CLI_Controller
 {
 
 	private $matching_ba1_vertragsart;
-	private $OE_DEFAULT = 'gst';
+	private $OE_DEFAULT;
+
+	protected $configerrors;
 
 	/**
 	 * Constructor
@@ -28,29 +30,70 @@ class MigrateContract extends CLI_Controller
 		$this->load->model('codex/bisverwendung_model', 'BisVerwendungModel');
 		$this->load->model('person/benutzerfunktion_model', 'BenutzerfunktionModel');
 
-		$this->matching_ba1_vertragsart = array(
-			'101'=>'externerlehrender',
-			'102'=>'DV anderen Gebietskörperschaft',
-			'103'=>'echterdv',
-			'104'=>'studentischehilfskr',
-			'105'=>'externerlehrender',
-			'106'=>'Andere Bildungseinrichtung',
-			'107'=>'werkvertrag',
-			'108'=>'studentischehilfskr',
-			'109'=>'ueberlassungsvertrag',
-			'110'=>'echterfreier',
-			'111'=>'echterdv', //All-In
-		);
+		$this->load->config('migratecontract');
+
+		$this->OE_DEFAULT = $this->config->item('migratecontract_oe_default');
+		$this->matching_ba1_vertragsart = $this->config->item('migratecontract_matching_ba1_vertragsart');
+		$this->configerrors = array();
 	}
 
 	// -----------------------------------------------------------------------------------------------------------------
 	// Public methods
+	public function checkConfig()
+	{
+	    echo "OE_DEFAULT: " . $this->OE_DEFAULT . "\n";
+	    echo "matching_ba1_vertragsart: " . print_r($this->matching_ba1_vertragsart, true);
+
+	    $this->checkOE_DEFAULT();
+	    $this->checkMatching_ba1_vertragsart();
+
+	    if( count($this->configerrors) > 0 )
+	    {
+		foreach($this->configerrors AS $configerror)
+		{
+		    echo $configerror . "\n";
+		}
+		die("Fehler in der Konfiguration. Abbruch!\n");
+	    }
+	    else
+	    {
+		echo "Konfiguration OK.\n";
+	    }
+	}
+
+	protected function checkOE_DEFAULT()
+	{
+	    $db = new DB_Model();
+	    $oesql = 'SELECT * FROM public.tbl_organisationseinheit WHERE oe_kurzbz = ?';
+	    $oeres = $db->execReadOnlyQuery($oesql, array($this->OE_DEFAULT));
+	    if( !hasData($oeres) )
+	    {
+		$this->configerrors[] = 'Default Organisationseinheit: "'
+		    . $this->OE_DEFAULT . '" nicht gefunden.';
+	    }
+	}
+
+	protected function checkMatching_ba1_vertragsart() {
+	    $db = new DB_Model();
+	    foreach( $this->matching_ba1_vertragsart AS $vertragsart_kurzbz )
+	    {
+		$vasql = 'SELECT * FROM hr.tbl_vertragsart WHERE vertragsart_kurzbz = ?';
+		$vares = $db->execReadOnlyQuery($vasql, array($vertragsart_kurzbz));
+		if( !hasData($vares) )
+		{
+		    $this->configerrors[] = 'Vertragsart "' . $vertragsart_kurzbz
+			. '" nicht gefunden.';
+		}
+	    }
+	}
 
 	/**
 	 * Everything has a beginning
 	 */
 	public function index($user = null)
 	{
+		$this->checkConfig();
+
 		if (!is_null($user))
 		{
 			$contracts = $this->_transformUser($user);
@@ -400,6 +443,11 @@ class MigrateContract extends CLI_Controller
 	 */
 	private function _addVertragsbestandteilZeitaufzeichnung(&$contracts, $dv, $row_verwendung)
 	{
+		if( is_null($row_verwendung->zeitaufzeichnungspflichtig) || is_null($row_verwendung->azgrelevant) )
+		{
+		    return;
+		}
+
 		if (isset($contracts['dv'][$dv]['vbs']))
 		{
 			foreach ($contracts['dv'][$dv]['vbs'] as $index_vbs=>$row_vbs)

application/controllers/system/MigrateHourlyRate.php

@@ -4,14 +4,15 @@ if (! defined('BASEPATH')) exit('No direct script access allowed');
 
 class MigrateHourlyRate extends CLI_Controller
 {
-	
-	CONST DEFAULT_OE = 'gst';
 	CONST DEFAULT_DATE = '1970-01-01';
 	CONST STUNDENSTAZTYP_LEHRE = 'lehre';
 	CONST STUNDENSTAZTYP_KALKULATORISCH = 'kalkulatorisch';
 	
+	private $OE_DEFAULT;
 	private $_ci;
 
+	protected $configerrors;
+
 	public function __construct()
 	{
 		parent::__construct();
@@ -21,10 +22,38 @@ class MigrateHourlyRate extends CLI_Controller
 		$this->load->model('codex/Bisverwendung_model', 'BisVerwendungModel');
 		$this->load->model('person/Benutzerfunktion_model', 'BenutzerfunktionModel');
 		$this->load->model('ressource/Stundensatz_model', 'StundensatzModel');
+
+		$this->load->config('migratecontract');
+
+		$this->OE_DEFAULT = $this->config->item('migratecontract_oe_default');
+		$this->configerrors = array();
+	}
+
+	public function checkConfig()
+	{
+	    echo "OE_DEFAULT: " . $this->OE_DEFAULT . "\n";
+
+	    $this->checkOE_DEFAULT();
+
+	    if( count($this->configerrors) > 0 )
+	    {
+		foreach($this->configerrors AS $configerror)
+		{
+		    echo $configerror . "\n";
+		}
+		die("Fehler in der Konfiguration. Abbruch!\n");
+	    }
+	    else
+	    {
+		echo "Konfiguration OK.\n";
+	    }
 	}
 
 	public function index($user = null)
 	{
+		$this->checkConfig();
+
+		echo "Lehre Stundensaetze werden migriert.\n";
 		$mitarbeiterResult = $this->_getMitarbeiterStunden($user);
 		if (isError($mitarbeiterResult)) return $mitarbeiterResult;
 		if (!hasData($mitarbeiterResult)) return error('Keine Mitarbeiterstunden gefunden');
@@ -38,20 +67,71 @@ class MigrateHourlyRate extends CLI_Controller
 			if (isError($insertResult)) return $insertResult;
 		}
 		
-		$sapResult = $this->_getSapStunden($user);
-		if (isError($sapResult)) return $sapResult;
-		if (!hasData($sapResult)) return error('Keinen kalkulatorischen Stundensaetze gefunden');
-
-		$mitarbeiterArray = getData($sapResult);
-
-		foreach ($mitarbeiterArray as $mitarbeiter)
+		if( $this->checkIfSAPSyncTableExists() )
 		{
-			$this->_getUnternehmen($mitarbeiter);
-			$insertResult = $this->_addStundensatz($mitarbeiter, self::STUNDENSTAZTYP_KALKULATORISCH, date_format(date_create($mitarbeiter->beginn), 'Y-m-d'));
-			if (isError($insertResult)) return $insertResult;
+			echo "SAP Sync Tabelle gefunden. SAP Stundensaetze werden migriert.\n";
+			$sapResult = $this->_getSapStunden($user);
+			if (isError($sapResult)) return $sapResult;
+			if (!hasData($sapResult)) return error('Keinen kalkulatorischen Stundensaetze gefunden');
+
+			$mitarbeiterArray = getData($sapResult);
+
+			foreach ($mitarbeiterArray as $mitarbeiter)
+			{
+				$this->_getUnternehmen($mitarbeiter);
+				$insertResult = $this->_addStundensatz($mitarbeiter, self::STUNDENSTAZTYP_KALKULATORISCH, date_format(date_create($mitarbeiter->beginn), 'Y-m-d'));
+				if (isError($insertResult)) return $insertResult;
+			}
+		}
+		else
+		{
+		    echo "SAP Sync Tabelle nicht gefunden. Ignoriere SAP Stundensaetze.\n";
 		}
 	}
 
+	protected function checkOE_DEFAULT()
+	{
+	    $db = new DB_Model();
+	    $oesql = 'SELECT * FROM public.tbl_organisationseinheit WHERE oe_kurzbz = ?';
+	    $oeres = $db->execReadOnlyQuery($oesql, array($this->OE_DEFAULT));
+	    if( !hasData($oeres) )
+	    {
+		$this->configerrors[] = 'Default Organisationseinheit: "'
+		    . $this->OE_DEFAULT . '" nicht gefunden.';
+	    }
+	}
+
+	protected function checkIfSAPSyncTableExists()
+	{
+	    $dbModel = new DB_Model();
+	    $params = array(
+		DB_NAME,
+		'sync',
+		'tbl_sap_stundensatz'
+	    );
+
+	    $sql = "SELECT
+			    1 AS exists
+		    FROM
+			    information_schema.tables
+		    WHERE
+			    table_catalog = ? AND
+			    table_schema = ? AND
+			    table_name = ?";
+
+	    $res = $dbModel->execReadOnlyQuery($sql, $params);
+
+	    if( hasData($res) )
+	    {
+		return true;
+	    }
+	    else
+	    {
+		return false;
+	    }
+	}
+
+
 	private function _getSapStunden($user = null)
 	{
 		$dbModel = new DB_Model();
@@ -127,7 +207,7 @@ class MigrateHourlyRate extends CLI_Controller
 			$unternehmenResult = $this->_findUnternehmen($mitarbeiter->uid, "'kstzuordnung', 'oezuordnung'");
 		}
 
-		$unternehmen = self::DEFAULT_OE;
+		$unternehmen = $this->OE_DEFAULT;
 
 		if (hasData($unternehmenResult))
 			$unternehmen = getData($unternehmenResult)[0]->oe_kurzbz;

application/controllers/system/Navigation.php

@@ -22,6 +22,7 @@ if (! defined('BASEPATH')) exit('No direct script access allowed');
  * This controller operates between (interface) the JS (GUI) and the NavigationLib (back-end)
  * Provides data to the ajax get calls about the filter
  * This controller works with JSON calls on the HTTP GET or POST and the output is always JSON
+ * TODO(chris): deprecated
  */
 class Navigation extends FHC_Controller
 {

application/controllers/system/TestSearch.php

@@ -1,44 +0,0 @@
-<?php
-
-if (! defined('BASEPATH')) exit('No direct script access allowed');
-
-/**
- * Test Search Vue Component
- */
-class TestSearch extends Auth_Controller
-{
-	/**
-	 * Constructor
-	 */
-	public function __construct()
-	{
-		parent::__construct(
-			array(
-				'index' => 'system/developer:r'
-			)
-		);
-
-		// Loads WidgetLib
-		$this->load->library('WidgetLib');
-
-		// Loads phrases system
-		$this->loadPhrases(
-			array(
-				'global',
-				'ui',
-				'filter'
-			)
-		);
-	}
-
-	// -----------------------------------------------------------------------------------------------------------------
-	// Public methods
-
-	/**
-	 * Everything has a beginning
-	 */
-	public function index()
-	{
-		$this->load->view('system/logs/testSearch.php');
-	}
-}

application/controllers/system/infocenter/InfoCenter.php

@@ -337,10 +337,13 @@ class InfoCenter extends Auth_Controller
 		$persondata = $this->_loadPersonData($person_id);
 
 		$checkPerson = $this->PersonModel->checkDuplicate($person_id);
-
 		if (isError($checkPerson)) show_error(getError($checkPerson));
 
-		$duplicate = array('duplicated' => getData($checkPerson));
+		$checkUnruly = $this->PersonModel->checkUnruly($persondata['stammdaten']->vorname, $persondata['stammdaten']->nachname, $persondata['stammdaten']->gebdatum);
+		if (isError($checkUnruly)) show_error(getError($checkUnruly));
+
+		$duplicate = array('duplicate' => getData($checkPerson));
+		$unruly = array('unruly' => getData($checkUnruly));
 
 		$prestudentdata = $this->_loadPrestudentData($person_id);
 
@@ -351,7 +354,8 @@ class InfoCenter extends Auth_Controller
 			$persondata,
 			$prestudentdata,
 			$dokumentdata,
-			$duplicate
+			$duplicate,
+			$unruly
 		);
 
 		$data[self::FHC_CONTROLLER_ID] = $this->getControllerId();
@@ -1285,67 +1289,28 @@ class InfoCenter extends Auth_Controller
 			$this->terminateWithJsonError($this->p->t('ui', 'fehlerBeimSpeichern'));
 
 		$kontakte = $this->input->post('kontakt');
-		foreach ($kontakte as $kontakt)
-		{
-			$kontaktExists = $this->KontaktModel->loadWhere(array(
-				'kontakt_id' => $kontakt['id'],
-				'person_id' => $person_id,
-			));
+		if($kontakte) {
 
-			if (hasData($kontaktExists))
-			{
-				$kontaktExists = getData($kontaktExists)[0];
+			foreach ($kontakte as $kontakt) {
+				$kontaktExists = $this->KontaktModel->loadWhere(array(
+					'kontakt_id' => $kontakt['id'],
+					'person_id' => $person_id,
+				));
 
-				if ($kontaktExists->kontakt === $kontakt['value'])
-					continue;
+				if (hasData($kontaktExists)) {
+					$kontaktExists = getData($kontaktExists)[0];
 
-				$update = $this->KontaktModel->update(
-					array
-					(
-						'kontakt_id' => $kontakt['id']
-					),
-					array
-					(
-						'kontakt' => isEmptyString($kontakt['value']) ? null : $kontakt['value'],
-						'updateamum' => date('Y-m-d H:i:s'),
-						'updatevon' => $this->_uid
-					)
-				);
+					if ($kontaktExists->kontakt === $kontakt['value'])
+						continue;
 
-				if (isError($update))
-					$this->terminateWithJsonError($this->p->t('ui', 'fehlerBeimSpeichern'));
-			}
-		}
-
-		$adressen = $this->input->post('adresse');
-
-		foreach ($adressen as $adresse)
-		{
-			$adresseExists = $this->AdresseModel->loadWhere(array(
-				'adresse_id' => $adresse['id'],
-				'person_id' => $person_id,
-			));
-
-			if (hasData($adresseExists))
-			{
-				$adresse = $adresse['value'];
-				$adresseExists = getData($adresseExists)[0];
-				if ($adresseExists->strasse !== $adresse['strasse'] ||
-					$adresseExists->plz !== $adresse['plz'] ||
-					$adresseExists->ort !== $adresse['ort'] ||
-					$adresseExists->nation !== $adresse['nation'])
-				{
-					$update = $this->AdresseModel->update(
+					$update = $this->KontaktModel->update(
 						array
 						(
-							'adresse_id' => $adresseExists->adresse_id
+							'kontakt_id' => $kontakt['id']
 						),
 						array
 						(
-							'strasse' => isEmptyString($adresse['strasse']) ? null : $adresse['strasse'],
-							'plz' => isEmptyString($adresse['plz']) ? null : $adresse['plz'],
-							'ort' => isEmptyString($adresse['ort']) ? null : $adresse['ort'],
-							'nation' => isEmptyString($adresse['nation']) ? null : $adresse['nation'],
+							'kontakt' => isEmptyString($kontakt['value']) ? null : $kontakt['value'],
 							'updateamum' => date('Y-m-d H:i:s'),
 							'updatevon' => $this->_uid
 						)
@@ -1354,7 +1319,48 @@ class InfoCenter extends Auth_Controller
 					if (isError($update))
 						$this->terminateWithJsonError($this->p->t('ui', 'fehlerBeimSpeichern'));
 				}
+			}
 
+		}
+
+		$adressen = $this->input->post('adresse');
+
+		if($adressen) {
+
+			foreach ($adressen as $adresse) {
+				$adresseExists = $this->AdresseModel->loadWhere(array(
+					'adresse_id' => $adresse['id'],
+					'person_id' => $person_id,
+				));
+
+				if (hasData($adresseExists)) {
+					$adresse = $adresse['value'];
+					$adresseExists = getData($adresseExists)[0];
+					if ($adresseExists->strasse !== $adresse['strasse'] ||
+						$adresseExists->plz !== $adresse['plz'] ||
+						$adresseExists->ort !== $adresse['ort'] ||
+						$adresseExists->nation !== $adresse['nation']) {
+						$update = $this->AdresseModel->update(
+							array
+							(
+								'adresse_id' => $adresseExists->adresse_id
+							),
+							array
+							(
+								'strasse' => isEmptyString($adresse['strasse']) ? null : $adresse['strasse'],
+								'plz' => isEmptyString($adresse['plz']) ? null : $adresse['plz'],
+								'ort' => isEmptyString($adresse['ort']) ? null : $adresse['ort'],
+								'nation' => isEmptyString($adresse['nation']) ? null : $adresse['nation'],
+								'updateamum' => date('Y-m-d H:i:s'),
+								'updatevon' => $this->_uid
+							)
+						);
+
+						if (isError($update))
+							$this->terminateWithJsonError($this->p->t('ui', 'fehlerBeimSpeichern'));
+					}
+
+				}
 			}
 		}
 
@@ -2383,4 +2389,4 @@ class InfoCenter extends Auth_Controller
 
 		$this->outputJsonSuccess("Success");
 	}
-}
+}

application/core/Auth_Controller.php

@@ -7,6 +7,10 @@ if (!defined('BASEPATH')) exit('No direct script access allowed');
  */
 abstract class Auth_Controller extends FHC_Controller
 {
+	// Special Permissions
+	const PERM_ANONYMOUS = 'anonymous'; // Everyone
+	const PERM_LOGGED = 'logged_in'; // Every registered user
+
 	/**
 	 * Extends this controller if authentication is required
 	 */
@@ -14,17 +18,41 @@ abstract class Auth_Controller extends FHC_Controller
 	{
         parent::__construct();
 
-		// Loads authentication library and starts authentication
-		$this->load->library('AuthLib');
+		if (!is_array($requiredPermissions) || isEmptyArray($requiredPermissions))
+			show_error('The given permissions is not a valid array or it is an empty one');
+		
+		if (!isset($requiredPermissions[$this->router->method]))
+			show_error('The given permission array does not contain the given method or is not correctly set');
+		
+		$anonAllowed = false;
+		if ($requiredPermissions[$this->router->method] == self::PERM_ANONYMOUS)
+			$anonAllowed = true;
+		elseif (is_array($requiredPermissions[$this->router->method])
+			&& in_array(self::PERM_ANONYMOUS, $requiredPermissions[$this->router->method]))
+			$anonAllowed = true;
 
-		// Checks if the caller is allowed to access to this content
-		$this->_isAllowed($requiredPermissions);
+		if ($anonAllowed) {
+			// Loads authentication library without authentication
+			$this->load->library('AuthLib', [false]);
+
+			// Loads helper since it would only be called on authentication
+			$this->load->helper('hlp_authentication');
+		} else {
+			// Loads authentication library and starts authentication
+			$this->load->library('AuthLib');
+
+			// Checks if the caller is allowed to access to this content
+			$this->_isAllowed($requiredPermissions);
+		}
 	}
 
 	/**
 	 * Checks if the caller is allowed to access to this content with the given permissions
 	 * If it is not allowed will set the HTTP header with code 401
 	 * Wrapper for permissionlib->isEntitled
+	 *
+	 * @param array					$requiredPermissions
+	 * @return void
 	 */
 	private function _isAllowed($requiredPermissions)
 	{
@@ -34,28 +62,145 @@ abstract class Auth_Controller extends FHC_Controller
 		// Checks if this user is entitled to access to this content
 		if (!$this->permissionlib->isEntitled($requiredPermissions, $this->router->method))
 		{
-			$this->output->set_status_header(REST_Controller::HTTP_UNAUTHORIZED); // set the HTTP header as unauthorized
-
-			$this->load->library('EPrintfLib'); // loads the EPrintfLib to format the output
-
-			// Prints the main error message
-			$this->eprintflib->printError('You are not allowed to access to this content');
-			// Prints the called controller name
-			$this->eprintflib->printInfo('Controller name: '.$this->router->class);
-			// Prints the called controller method name
-			$this->eprintflib->printInfo('Method name: '.$this->router->method);
-			// Prints the required permissions needed to access to this method
-			$this->eprintflib->printInfo('Required permissions: '.$this->_rpsToString($requiredPermissions, $this->router->method));
-
+			$this->_outputAuthError($requiredPermissions);
 			exit; // immediately terminate the execution
 		}
 	}
 
+	/**
+	 * Checks for Permissions depending if the given person is a
+	 * Mitarbeiter and/or Student
+	 * and exits/outputs an error if they are not met.
+	 *
+	 * @param integer 				$person_id
+	 * @param array 				$permMa		Perms if the person is a Mitarbeiter
+	 * @param array 				$permStud	Perms if the person is a Student
+	 *
+	 * @return void
+	 */
+	protected function checkPermissionsForPerson($person_id, $permMa, $permStud)
+	{
+		$res = $this->hasPermissionsForPerson($person_id, $permMa, $permStud);
+		
+		if ($res) {
+			$perm = array_keys(array_flip(array_merge($res|1 ? $permMa : [], $res|2 ? $permStud : [])));
+			$this->_outputAuthError([$this->router->method => $perm]);
+		}
+	}
+
+	/**
+	 * Checks for Permissions depending on the Studiengang of a Prestudent
+	 * and exits/outputs an error if they are not met.
+	 *
+	 * @param integer 				$prestudent_id
+	 * @param array 				$permStud	Perms if the person is a Student
+	 *
+	 * @return void
+	 */
+	protected function checkPermissionsForPrestudent($prestudent_id, $permStud)
+	{
+		if (!$this->hasPermissionsForPrestudent($prestudent_id, $permStud)) {
+			$this->_outputAuthError([$this->router->method => $permStud]);
+		}
+	}
+
+	/**
+	 * Checks for Permissions depending if the given person is a
+	 * Mitarbeiter and/or Student
+	 * and returns the result.
+	 *
+	 * @param integer 				$person_id
+	 * @param array 				$permMa		Perms if the person is a Mitarbeiter
+	 * @param array 				$permStud	Perms if the person is a Student
+	 *
+	 * @return integer				0 if permission is granted
+	 */
+	protected function hasPermissionsForPerson($person_id, $permMa, $permStud)
+	{
+		$res = 3;
+		$this->load->model('person/Person_model', 'PersonModel');
+		$this->PersonModel->addJoin('public.tbl_benutzer', 'person_id');
+		$this->PersonModel->addJoin('public.tbl_mitarbeiter', 'uid = mitarbeiter_uid');
+		$result = $this->PersonModel->load($person_id);
+		if (hasData($result)) {
+			if ($this->permissionlib->isEntitled(['a' => $permMa], 'a'))
+				return 0;
+			$res = 1;
+		}
+		$this->PersonModel->addJoin('public.tbl_prestudent', 'person_id');
+		$result = $this->PersonModel->load($person_id);
+		if (hasData($result)) {
+			$permStudConverted = [];
+			foreach (getData($result) as $row) {
+				foreach ($permStud as $k => $v) {
+					if (!isset($permStudConverted[$k])) {
+						$permStudConverted[$k] = $this->permissionlib->convertAccessType($v);
+					}
+					if ($this->permissionlib->isBerechtigt($permStudConverted[$k][0], $permStudConverted[$k][1], $row->studiengang_kz))
+						return 0;
+				}
+			}
+			$res += 2;
+		}
+		return $res;
+	}
+
+	/**
+	 * Checks for Permissions depending on the Studiengang of a Prestudent
+	 * and returns the result.
+	 *
+	 * @param integer 				$prestudent_id
+	 * @param array 				$permStud	Perms if the person is a Student
+	 *
+	 * @return boolean
+	 */
+	protected function hasPermissionsForPrestudent($prestudent_id, $permStud)
+	{
+		$this->load->model('crm/Prestudent_model', 'PrestudentModel');
+		$result = $this->PrestudentModel->load($prestudent_id);
+		if (!hasData($result))
+			show_404();
+		$stg = current(getData($result))->studiengang_kz;
+		foreach ($permStud as $k => $v) {
+			$perm = $this->permissionlib->convertAccessType($v);
+			if ($this->permissionlib->isBerechtigt($perm[0], $perm[1], $stg))
+				return true;
+		}
+		return false;
+	}
+
+	/**
+	 * Outputs an error message and sets the HTTP Header.
+	 * This function is protected so that it can be overwritten.
+	 *
+	 * @param array					$requiredPermissions
+	 * @return void
+	 */
+	protected function _outputAuthError($requiredPermissions)
+	{
+		$this->output->set_status_header(REST_Controller::HTTP_UNAUTHORIZED); // set the HTTP header as unauthorized
+
+		$this->load->library('EPrintfLib'); // loads the EPrintfLib to format the output
+
+		// Prints the main error message
+		$this->eprintflib->printError('You are not allowed to access to this content');
+		// Prints the called controller name
+		$this->eprintflib->printInfo('Controller name: '.$this->router->class);
+		// Prints the called controller method name
+		$this->eprintflib->printInfo('Method name: '.$this->router->method);
+		// Prints the required permissions needed to access to this method
+		$this->eprintflib->printInfo('Required permissions: '.$this->_rpsToString($requiredPermissions, $this->router->method));
+	}
+
 	/**
 	 * Converts an array of permissions to a string that contains them as a comma separated list
 	 * Ex: "<permission 1>, <permission 2>, <permission 3>"
+	 *
+	 * @param array					$requiredPermissions
+	 * @param string				$method
+	 * @return void
 	 */
-	private function _rpsToString($requiredPermissions, $method)
+	final protected function _rpsToString($requiredPermissions, $method)
 	{
 		$strRequiredPermissions = ''; // string that contains all the required permissions needed to access to this method
 

application/core/CI3_Events.php

@@ -46,6 +46,20 @@ class CI3_Events
  * NOTE(chris): Autoload Events config
  */
 require_once(APPPATH.'config/Events.php');
+
+$active_addons_array = explode(";", ACTIVE_ADDONS);
+
 foreach (scandir(APPPATH.'config/extensions') as $dir)
 	if ($dir[0] != '.' && file_exists(APPPATH.'config/extensions/'.$dir.'/Events.php'))
 		require_once APPPATH.'config/extensions/'.$dir.'/Events.php';
+
+foreach (scandir(FHCPATH.'addons') as $dir)
+	if ($dir[0] != '.' && file_exists(FHCPATH.'addons/'.$dir.'/Events.php'))
+	{
+		// only includes the Events of the addon if the addon is one of the active addons in the cis config
+		if(in_array($dir,$active_addons_array))
+		{
+			require_once FHCPATH . 'addons/' . $dir . '/Events.php';
+		}
+	}
+		

application/core/DB_Model.php

@@ -60,6 +60,9 @@ class DB_Model extends CI_Model
 	protected $pk;  	// Name of the PrimaryKey for DB-Update, Load, ...
 	protected $hasSequence;	// False if this table has a composite primary key that is not using a sequence
 				// True if this table has a primary key that uses a sequence
+	//protected $paginationOptions; // $page and $page_size together in an associative array
+	protected $page;
+	protected $page_size;
 
 	private $executedQueryMetaData;
 	private $executedQueryListFields;
@@ -531,7 +534,7 @@ class DB_Model extends CI_Model
 		if (!is_numeric($start) || (is_numeric($start) && $start <= 0))
 			return error('The start parameter is not valid', EXIT_MODEL);
 
-		if (is_numeric($end) && $end > $start)
+		if (is_numeric($end))
 		{
 			$this->db->limit($start, $end);
 		}
@@ -827,6 +830,23 @@ class DB_Model extends CI_Model
 		return $result;
 	}
 
+	public function getDbTable()
+	{
+		return $this->dbTable;
+	}
+
+	public function getPk()
+	{
+		return $this->pk;
+	}
+
+	public function getPks()
+	{
+		if (is_array($this->pk))
+			return $this->pk;
+		return [$this->pk];
+	}
+
 	// ------------------------------------------------------------------------------------------
 	// Protected methods
 
@@ -971,14 +991,17 @@ class DB_Model extends CI_Model
 
 						// Find and replace all the occurrences of the provided encrypted columns
 						// with the postgresql decryption function
-						$query = str_replace(
-							$encryptedColumn,
-							sprintf(
-								self::CRYPT_WHERE_TEMPLATE,
-								$encryptedColumn,
-								$decryptionPassword,
-								$definition[self::CRYPT_CAST]
-							),
+						$query = preg_replace_callback(
+							'/(?<! (as|AS) )\b(\w+\.)?(' . $encryptedColumn . ')\b/',
+							function($matches) use (&$decryptionPassword, &$definition) {
+							    $aliased_column = $matches[2] . $matches[3];
+								return sprintf(
+									self::CRYPT_WHERE_TEMPLATE,
+									$aliased_column,
+									$decryptionPassword,
+									$definition[self::CRYPT_CAST]
+								);
+							},
 							$query
 						);
 					}
@@ -1086,14 +1109,17 @@ class DB_Model extends CI_Model
 						{
 							// Find and replace all the occurrences of the provided encrypted columns
 							// with the postgresql decryption function
-							$where = str_replace(
-								$encryptedColumn,
-								sprintf(
-									self::CRYPT_WHERE_TEMPLATE,
-									$encryptedColumn,
-									$decryptionPassword,
-									$definition[self::CRYPT_CAST]
-								),
+							$where = preg_replace_callback(
+								'/(?<! (as|AS) )\b(\w+\.)?(' . $encryptedColumn . ')\b/',
+								function($matches) use (&$decryptionPassword, &$definition) {
+									$aliased_column = $matches[2] . $matches[3];
+									return sprintf(
+										self::CRYPT_WHERE_TEMPLATE,
+										$aliased_column,
+										$decryptionPassword,
+										$definition[self::CRYPT_CAST]
+									);
+								},
 								$where
 							);
 						}
@@ -1342,5 +1368,51 @@ class DB_Model extends CI_Model
 
 		return $udfs;
 	}
+
+	/**
+	 * addPagination
+	 * adds a limit and an optional offset depending on the arguments passed to the function
+	 * @param   int $page	page to be queried
+	 * @param   int $page_size	page_size used to calculate the offset of the pagination
+	 * @param   int | null $num_rows	used to calculate the total amout of pages that are available with the $page and $page_size arguments
+	 * 
+	 * @return	void
+	 */
+	function addPagination( $page, $page_size, $num_rows=null)
+	{
+		if (isset($page) && is_numeric($page) && isset($page_size) && is_numeric($page_size) && $page > 0 && $page_size > 0) {
+			
+			if (isset($num_rows) && is_numeric($num_rows) && $num_rows > 0) {
+				$floatMaxPageCount = $num_rows / $page_size;
+				$maxPageCount = ceil($floatMaxPageCount);
+				if($page > $maxPageCount){
+					$page = $maxPageCount;
+				}
+			}
+			$offset = (($page-1) * $page_size); 
+			$this->addLimit($page_size, $offset);
+
+		} else {
+			$this->addLimit($page_size);
+		}
+	}
+
+	/**
+	 * getQueryNumRows
+	 * returns the number of rows of the current build query of the codeigniter query builder instance
+	 * @param   bool $reset	resets the select of the query 
+	 * 
+	 * @return	Result_object $num_rows
+	 */
+	function getNumRows($reset=false)
+	{
+		// returns the number of rows when executing the current query without reseting the select statement of the query
+		$num_rows = $this->db->count_all_results($this->dbTable,$reset);
+		if($num_rows){
+			return success($num_rows);
+		}else{
+			return error($this->db->error(), EXIT_DATABASE);
+		}
+	}
 }
 

application/core/FHCAPI_Controller.php

@@ -5,7 +5,7 @@ if (!defined('BASEPATH')) exit('No direct script access allowed');
 /**
  * Controller using JSON
  */
-class FHCAPI_Controller extends FHC_Controller
+class FHCAPI_Controller extends Auth_Controller
 {
 
 	/**
@@ -19,12 +19,13 @@ class FHCAPI_Controller extends FHC_Controller
 	/**
 	 * Error types
 	 */
-	const ERROR_TYPE_PHP = 'php'; // TODO(chris): php types from severity?
+	const ERROR_TYPE_PHP = 'php';
 	const ERROR_TYPE_EXCEPTION = 'exception';
 	const ERROR_TYPE_GENERAL = 'general';
 	const ERROR_TYPE_404 = '404';
 	const ERROR_TYPE_DB = 'db';
 	const ERROR_TYPE_VALIDATION = 'validation';
+	const ERROR_TYPE_AUTH = 'auth';
 
 	/**
 	 * Return Object
@@ -45,10 +46,6 @@ class FHCAPI_Controller extends FHC_Controller
 		if (is_cli())
 			show_404();
 
-		parent::__construct();
-		
-		$this->config->set_item('error_views_path', VIEWPATH.'errors'.DIRECTORY_SEPARATOR.'json'.DIRECTORY_SEPARATOR);
-
 		global $g_result;
 		$g_result = $this;
 
@@ -74,18 +71,14 @@ class FHCAPI_Controller extends FHC_Controller
 				}
 			}
 
-			#$this->returnObj['test'] = implode('/n', headers_list());
-
 			return json_encode($this->returnObj);
 		});
 
-		// Load libraries
-		$this->load->library('AuthLib');
-		$this->load->library('PermissionLib');
-
-		// Checks if the caller is allowed to access to this content
-		$this->_isAllowed($requiredPermissions);
+		// NOTE(chris): overwrite error_views_path before constructor
+		load_class('Config')->set_item('error_views_path', VIEWPATH.'errors'.DIRECTORY_SEPARATOR.'json'.DIRECTORY_SEPARATOR);
 
+		parent::__construct($requiredPermissions);
+		
 		// For JSON Requests (as opposed to multipart/form-data) get the $_POST variable from the input stream instead
 		if ($this->input->get_request_header('Content-Type', true) == 'application/json')
 			$_POST = json_decode($this->security->xss_clean($this->input->raw_input_stream), true);
@@ -101,7 +94,7 @@ class FHCAPI_Controller extends FHC_Controller
 	// ---------------------------------------------------------------
 
 	/**
-	 * @param array					$data
+	 * @param string|array|object	$data
 	 * @param string				$type (optional)
 	 * @return void
 	 */
@@ -117,6 +110,8 @@ class FHCAPI_Controller extends FHC_Controller
 				$error['messages'] = $data;
 			else
 				$error = $data;
+		} elseif (is_object($data)) {
+			$error = (array)$data;
 		} else {
 			$error['message'] = $data;
 		}
@@ -124,6 +119,9 @@ class FHCAPI_Controller extends FHC_Controller
 		if ($type)
 			$error['type'] = $type;
 
+		if (!isset($error['type']))
+			$error['type'] = self::ERROR_TYPE_GENERAL;
+
 		$this->returnObj['errors'][] = $error;
 	}
 
@@ -136,15 +134,38 @@ class FHCAPI_Controller extends FHC_Controller
 		$this->returnObj['data'] = $data;
 	}
 
+	/**
+	 * @param string				$key
+	 * @param mixed					$value
+	 * @return void
+	 */
+	public function addMeta($key, $value)
+	{
+		if (!isset($this->returnObj['meta']))
+			$this->returnObj['meta'] = [];
+		$this->returnObj['meta'][$key] = $value;
+	}
+
+	/**
+	 * @param string				$key
+	 * @return mixed
+	 */
+	public function getMeta($key)
+	{
+		if (!isset($this->returnObj['meta']))
+			return null;
+		if (!isset($this->returnObj['meta'][$key]))
+			return null;
+		return $this->returnObj['meta'][$key];
+	}
+
 	/**
 	 * @param string				$status
 	 * @return void
 	 */
 	public function setStatus($status)
 	{
-		if (!isset($this->returnObj['meta']))
-			$this->returnObj['meta'] = [];
-		$this->returnObj['meta']['status'] = $status;
+		$this->addMeta('status', $status);
 	}
 
 
@@ -152,6 +173,17 @@ class FHCAPI_Controller extends FHC_Controller
 	// Handle Output object - Shortcut functions
 	// ---------------------------------------------------------------
 
+	/**
+	 * @param mixed					$data (optional)
+	 * @return void
+	 */
+	protected function terminateWithSuccess($data = null)
+	{
+		$this->setData($data);
+		$this->setStatus(self::STATUS_SUCCESS);
+		exit;
+	}
+
 	/**
 	 * @param array					$errors
 	 * @return void
@@ -165,24 +197,14 @@ class FHCAPI_Controller extends FHC_Controller
 	}
 
 	/**
-	 * @param mixed					$data (optional)
-	 * @return void
-	 */
-	protected function terminateWithSuccess($data = null)
-	{
-		$this->setData($data);
-		$this->setStatus(self::STATUS_SUCCESS);
-		exit;
-	}
-
-	/**
-	 * @param array					$error
+	 * @param string|array|object					$error
 	 * @param string				$type (optional)
+	 * @param integer				$status (optional)
 	 * @return void
 	 */
-	protected function terminateWithError($error, $type = null)
+	protected function terminateWithError($error, $type = null, $status = REST_Controller::HTTP_INTERNAL_SERVER_ERROR)
 	{
-		$this->output->set_status_header(REST_Controller::HTTP_INTERNAL_SERVER_ERROR);
+		$this->output->set_status_header($status);
 		$this->addError($error, $type);
 		$this->setStatus(self::STATUS_ERROR);
 		exit;
@@ -191,65 +213,37 @@ class FHCAPI_Controller extends FHC_Controller
 	/**
 	 * @param stdclass				$result
 	 * @param string				$errortype
-	 * @return void
+	 * @return mixed
 	 */
-	protected function checkForErrors($result, $errortype = self::ERROR_TYPE_GENERAL)
+	protected function getDataOrTerminateWithError($result, $errortype = self::ERROR_TYPE_GENERAL)
 	{
-		// TODO(chris): IMPLEMENT!
 		if (isError($result)) {
 			$this->terminateWithError(getError($result), $errortype);
 		}
 		return $result->retval;
 	}
 
-	// TODO(chris): complete list
-
 
 	// ---------------------------------------------------------------
 	// Security
 	// ---------------------------------------------------------------
 
 	/**
-	 * Checks if the caller is allowed to access to this content with the given permissions
-	 * If it is not allowed will set the HTTP header with code 401
-	 * Wrapper for permissionlib->isEntitled
+	 * Outputs an error message and sets the HTTP Header.
+	 * This overwrites the default behaviour to output a json object.
 	 *
 	 * @param array					$requiredPermissions
 	 * @return void
 	 */
-	protected function _isAllowed($requiredPermissions)
+	protected function _outputAuthError($requiredPermissions)
 	{
-		// Checks if this user is entitled to access to this content
-		if (!$this->permissionlib->isEntitled($requiredPermissions, $this->router->method))
-		{
-			$this->output->set_status_header(isLogged() ? REST_Controller::HTTP_FORBIDDEN : REST_Controller::HTTP_UNAUTHORIZED);
+		$this->output->set_status_header(isLogged() ? REST_Controller::HTTP_FORBIDDEN : REST_Controller::HTTP_UNAUTHORIZED);
 
-			$this->addError([
-				'message' => 'You are not allowed to access to this content',
-				'controller' => $this->router->class,
-				'method' => $this->router->method,
-				'required_permissions' => $this->_rpsToString($requiredPermissions, $this->router->method)
-			]);
-			exit; // immediately terminate the execution
-		}
-	}
-
-	/**
-	 * Converts an array of permissions to a string that contains them as a comma separated list
-	 * Ex: "<permission 1>, <permission 2>, <permission 3>"
-	 *
-	 * @param array					$requiredPermissions
-	 * @param string				$method
-	 * @return void
-	 */
-	protected function _rpsToString($requiredPermissions, $method)
-	{
-		if (!isset($requiredPermissions[$method]))
-			return '';
-
-		if (!is_array($requiredPermissions[$method]))
-			return $requiredPermissions[$method];
-
-		return implode(', ', $requiredPermissions[$method]);
+		$this->addError([
+			'message' => 'You are not allowed to access to this content',
+			'controller' => $this->router->class,
+			'method' => $this->router->method,
+			'required_permissions' => $this->_rpsToString($requiredPermissions, $this->router->method)
+		], self::ERROR_TYPE_AUTH);
 	}
 }