From 89cc9ad35e34d2938746b4ef5b86c8473417988b Mon Sep 17 00:00:00 2001
From: Gregor Kleen <kleen@cip.ifi.lmu.de>
Date: Tue, 1 Oct 2019 22:15:13 +0200
Subject: [PATCH] fix(course-news): prevent display of edit-functions unless
 auth'ed

---
 src/Handler/Course/Show.hs |  4 +++-
 templates/course.hamlet    | 15 +++++++++------
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/Handler/Course/Show.hs b/src/Handler/Course/Show.hs
index 36ff17ece..a4256ec92 100644
--- a/src/Handler/Course/Show.hs
+++ b/src/Handler/Course/Show.hs
@@ -85,7 +85,9 @@ getCShowR tid ssh csh = do
             & over (mapped . _1) E.unValue
             & over (mapped . _2) E.unValue
       lastEditText <- formatTime SelFormatDateTime $ maybe id max (guardOn visible =<< courseNewsVisibleFrom) courseNewsLastEdit
-      return (cID, n, visible, files, lastEditText)
+      mayEdit <- hasWriteAccessTo $ CNewsR tid ssh csh cID CNEditR
+      mayDelete <- hasWriteAccessTo $ CNewsR tid ssh csh cID CNDeleteR
+      return (cID, n, visible, files, lastEditText, mayEdit, mayDelete)
     return (cid,course,schoolName,participants,registration,lecturers,assistants,correctors,tutors,mAllocation,hasApplicationTemplate,mApplication,news)
 
   mDereg   <- traverse (formatTime SelFormatDateTime) $ courseDeregisterUntil course
diff --git a/templates/course.hamlet b/templates/course.hamlet
index c744a0ef9..92cbb2064 100644
--- a/templates/course.hamlet
+++ b/templates/course.hamlet
@@ -8,7 +8,7 @@ $newline never
     <dd .deflist__dd>
       $if not (null news)
         <ul .course-news .list--iconless>
-          $forall (cID, CourseNews{courseNewsTitle, courseNewsSummary, courseNewsContent}, isVisible, files, lastEditText) <- news
+          $forall (cID, CourseNews{courseNewsTitle, courseNewsSummary, courseNewsContent}, isVisible, files, lastEditText, mayEdit, mayDelete) <- news
             <li .course-news-item ##{"news-" <> toPathPiece cID}>
               $case (courseNewsTitle, courseNewsSummary)
 $#                 $of (Just title, Just summary)
@@ -50,11 +50,14 @@ $#                     #{summary}
                     \ _{MsgCourseNewsFiles}
               <p .course-news-item__last-edit>
                 _{MsgCourseNewsLastEdited lastEditText}
-              <ul .course-news-item__actions .list--inline .list--comma-separated>
-                <li>
-                  ^{modal (i18n MsgCourseNewsActionEdit) (Left (SomeRoute (CNewsR tid ssh csh cID CNEditR)))}
-                <li>
-                  ^{modal (i18n MsgCourseNewsActionDelete) (Left (SomeRoute (CNewsR tid ssh csh cID CNDeleteR)))}
+              $if mayEdit || mayDelete
+                <ul .course-news-item__actions .list--inline .list--comma-separated>
+                  $if mayEdit
+                    <li>
+                      ^{modal (i18n MsgCourseNewsActionEdit) (Left (SomeRoute (CNewsR tid ssh csh cID CNEditR)))}
+                  $if mayDelete
+                    <li>
+                      ^{modal (i18n MsgCourseNewsActionDelete) (Left (SomeRoute (CNewsR tid ssh csh cID CNDeleteR)))}
       $if mayCreateNews
         <div .div-p>
           ^{modal (i18n MsgCourseNewsActionCreate) (Left (SomeRoute (CourseR tid ssh csh CNewsNewR)))}