From 82e741a2d28b1713e94313be99b7b123225cc046 Mon Sep 17 00:00:00 2001
From: "florian.azizian" <florian.azizian@maarch.org>
Date: Wed, 11 Dec 2019 16:06:06 +0100
Subject: [PATCH] FEAT #11550 TIME 2:30 can not redirect disabled basket

---
 src/app/user/controllers/UserController.php | 44 ++++++++++++++++++++-
 1 file changed, 42 insertions(+), 2 deletions(-)

diff --git a/src/app/user/controllers/UserController.php b/src/app/user/controllers/UserController.php
index cb936da423c..1eba563a994 100755
--- a/src/app/user/controllers/UserController.php
+++ b/src/app/user/controllers/UserController.php
@@ -500,6 +500,13 @@ class UserController
             $user['canModifyPassword'] = false;
         }
 
+        foreach ($user['baskets'] as $key => $basket) {
+            if (!$basket['allowed']) {
+                unset($user['baskets'][$key]);
+            }
+        }
+        $user['baskets'] = array_values($user['baskets']);
+
         return $response->withJson($user);
     }
 
@@ -593,6 +600,17 @@ class UserController
                 return $response->withStatus(400)->withJson(['errors' => 'Some data are empty']);
             }
 
+            $userBasketPreference = UserBasketPreferenceModel::get([
+                'select' => ['display'], 
+                'where'  => ['basket_id =?', 'group_serial_id = ?', 'user_serial_id = ?'],
+                'data'   => [$value['basket_id'], $value['group_id'], $aArgs['id']]
+            ]);
+
+            if (empty($userBasketPreference)) {
+                unset($data[$key]);
+                continue;
+            }
+
             $check = UserModel::getById(['id' => $value['actual_user_id'], 'select' => ['1']]);
             if (empty($check)) {
                 DatabaseModel::rollbackTransaction();
@@ -649,9 +667,20 @@ class UserController
 
         $user = UserModel::getById(['id' => $aArgs['id'], 'select' => ['user_id']]);
 
+        $userBaskets = BasketModel::getBasketsByLogin(['login' => $user['user_id']]);
+
+        if ($GLOBALS['userId'] == $user['user_id']) {
+            foreach ($userBaskets as $key => $basket) {
+                if (!$basket['allowed']) {
+                    unset($userBaskets[$key]);
+                }
+            }
+            $userBaskets = array_values($userBaskets);
+        }
+
         return $response->withJson([
             'redirectedBaskets' => RedirectBasketModel::getRedirectedBasketsByUserId(['userId' => $aArgs['id']]),
-            'baskets'           => BasketModel::getBasketsByLogin(['login' => $user['user_id']])
+            'baskets'           => $userBaskets
         ]);
     }
 
@@ -698,8 +727,19 @@ class UserController
 
         DatabaseModel::commitTransaction();
 
+        $userBaskets = BasketModel::getBasketsByLogin(['login' => $user['user_id']]);
+
+        if ($GLOBALS['userId'] == $user['user_id']) {
+            foreach ($userBaskets as $key => $basket) {
+                if (!$basket['allowed']) {
+                    unset($userBaskets[$key]);
+                }
+            }
+            $userBaskets = array_values($userBaskets);
+        }
+
         return $response->withJson([
-            'baskets'   => BasketModel::getBasketsByLogin(['login' => $user['user_id']])
+            'baskets'   => $userBaskets
         ]);
     }
 
-- 
GitLab