From 297fe4557adbc7bf8a622f7c036e4e28d8b94477 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 14 May 2024 20:46:57 +0200
Subject: [server] DbLecture: Properly handle superadmin in getXml()

---
 .../bwlp/sat/database/mappers/DbLecture.java       | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java
index abe30a98..5e418873 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java
@@ -515,10 +515,16 @@ public class DbLecture {
 		// Handle user
 		String userFields = "";
 		String userJoin = "";
+		boolean isSuperUser = false;
 		if (user != null) {
-			userFields = " b.candownloaddefault, b.caneditdefault, b.canadmindefault,"
-					+ " ip.candownload, ip.canedit, ip.canadmin,";
-			userJoin = " LEFT JOIN imagepermission ip ON (b.imagebaseid = ip.imagebaseid AND ip.userid = :userid)";
+			if (User.isSuperUser(user)) {
+				isSuperUser = true;
+				user = null;
+			} else {
+				userFields = " b.candownloaddefault, b.caneditdefault, b.canadmindefault, b.ownerid,"
+						+ " ip.candownload, ip.canedit, ip.canadmin,";
+				userJoin = " LEFT JOIN imagepermission ip ON (b.imagebaseid = ip.imagebaseid AND ip.userid = :userid)";
+			}
 		}
 		// Query
 		try (MysqlConnection connection = Database.getConnection()) {
@@ -557,11 +563,17 @@ public class DbLecture {
 				int prio = 100;
 				// Check permissions
 				int allowEdit = 0;
-				if (user != null) {
+				if (isSuperUser) {
+					allowEdit = 3;
+				} else if (user != null) {
 					boolean admin;
 					boolean download;
 					boolean edit;
-					if (rs.getString("canadmin") != null) {
+					if (user.userId.equals(rs.getString("ownerid"))) {
+						admin = true;
+						edit = true;
+						download = true;
+					} else if (rs.getString("canadmin") != null) {
 						admin = rs.getBoolean("canadmin");
 						edit = rs.getBoolean("canedit");
 						download = rs.getBoolean("candownload");
-- 
cgit v1.2.3-55-g7522