From bf6d65f55eacde61e996b3b08994ddc6e66e0424 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 28 Mar 2018 14:30:22 +0200
Subject: [dozmod] Simplify permissions, don't link user in userlist if
 actionlog is inaccessible

Closes #3332
---
 modules-available/dozmod/pages/actionlog.inc.php | 11 +++--------
 modules-available/dozmod/pages/users.inc.php     |  5 ++++-
 2 files changed, 7 insertions(+), 9 deletions(-)

(limited to 'modules-available/dozmod/pages')

diff --git a/modules-available/dozmod/pages/actionlog.inc.php b/modules-available/dozmod/pages/actionlog.inc.php
index 6cbd2868..a014ddf7 100644
--- a/modules-available/dozmod/pages/actionlog.inc.php
+++ b/modules-available/dozmod/pages/actionlog.inc.php
@@ -8,6 +8,7 @@ class SubPage
 
 	public static function doPreprocess()
 	{
+		User::assertPermission("actionlog.view");
 		self::$action = Request::get('action', '', 'string');
 		if (self::$action !== '' && self::$action !== 'showtarget' && self::$action !== 'showuser') {
 			Util::traceError('Invalid action for actionlog: "' . self::$action . '"');
@@ -29,13 +30,9 @@ class SubPage
 				. " LEFT JOIN sat.lecture l ON (l.lectureid = targetid)"
 				. " ORDER BY al.dateline DESC LIMIT 500", array(), true, true);
 		} elseif (self::$action === 'showuser') {
-			if (User::hasPermission("actionlog.showuser")) {
-				self::listUser();
-			}
+			self::listUser();
 		} else {
-			if (User::hasPermission("actionlog.showtarget")) {
-				self::listTarget();
-			}
+			self::listTarget();
 		}
 	}
 
@@ -155,8 +152,6 @@ class SubPage
 			$data['showTarget'] = true;
 		}
 
-		$data['allowedShowUser'] = User::hasPermission("actionlog.showuser");
-		$data['allowedShowTarget'] = User::hasPermission("actionlog.showtarget");
 		Render::addTemplate('actionlog-log', $data);
 	}
 
diff --git a/modules-available/dozmod/pages/users.inc.php b/modules-available/dozmod/pages/users.inc.php
index 0791da2e..0c958feb 100644
--- a/modules-available/dozmod/pages/users.inc.php
+++ b/modules-available/dozmod/pages/users.inc.php
@@ -48,7 +48,10 @@ class SubPage
 			$row['lastlogin'] = date('d.m.Y', $row['lastlogin']);
 			$rows[] = $row;
 		}
-		Render::addTemplate('userlist', array('users' => $rows));
+		Render::addTemplate('userlist', array(
+			'users' => $rows,
+			'nameTag' => User::hasPermission('actionlog.view') ? 'a' : 'span',
+		));
 	}
 
 	private static function listOrganizations()
-- 
cgit v1.2.3-55-g7522