Skip to content

Commit

Permalink
RBAC: Fix Access to Unsubscribe (ILIAS-eLearning#6514)
Browse files Browse the repository at this point in the history
  • Loading branch information
kergomard committed Dec 7, 2023
1 parent f2b8b0f commit ab56446
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 5 deletions.
9 changes: 5 additions & 4 deletions components/ILIAS/AccessControl/classes/class.ilAccess.php
Original file line number Diff line number Diff line change
Expand Up @@ -510,7 +510,7 @@ public function doActivationCheck(
int $a_obj_id,
string $a_type
): bool {
$cache_perm = ($a_permission == "visible")
$cache_perm = ($a_permission === "visible" || $a_permission === 'leave')
? "visible"
: "other";

Expand All @@ -519,7 +519,7 @@ public function doActivationCheck(
}

// nothings needs to be done if current permission is write permission
if ($a_permission == 'write') {
if ($a_permission === 'write') {
return true;
}

Expand Down Expand Up @@ -567,8 +567,9 @@ public function doActivationCheck(
return true;
}

// if current permission is visible and visible is set in activation
if ($a_permission == 'visible' && $item_data['visible']) {
// if current permission is visible or leave and visible is set in activation
if (($a_permission === 'visible' || $a_permission === 'leave')
&& $item_data['visible']) {
$this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
return true;
}
Expand Down
1 change: 1 addition & 0 deletions components/ILIAS/Course/classes/class.ilObjCourseGUI.php
Original file line number Diff line number Diff line change
Expand Up @@ -2392,6 +2392,7 @@ public function executeCommand(): void
&& $cmd != 'deliverCertificate'
&& $cmd != 'performUnsubscribe'
&& $cmd != 'removeFromDesk'
&& $cmd !== 'leave'
&& !$this->access->checkAccess("read", '', $this->object->getRefId())
|| $cmd == 'join'
|| $cmd == 'subscribe') {
Expand Down
10 changes: 9 additions & 1 deletion components/ILIAS/Object/classes/class.ilObjectGUI.php
Original file line number Diff line number Diff line change
Expand Up @@ -1563,8 +1563,16 @@ protected function checkPermission(string $perm, string $cmd = "", string $type
if ($perm != "create" && !is_object($this->object)) {
return;
}
throw new ilObjectException($this->lng->txt("permission_denied"));

ilSession::clear("il_rep_ref_id");

$this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_read'), true);
$parent_ref_id = $this->tree->getParentNodeData($this->object->getRefId())['ref_id'];
$this->ctrl->redirectToURL(ilLink::_getLink($parent_ref_id));
}

$this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_read'), true);
self::_gotoRepositoryRoot();
}
}

Expand Down

0 comments on commit ab56446

Please sign in to comment.