From b6d394e982255132ef3727c8bd2b3dae0c5ec67d Mon Sep 17 00:00:00 2001
From: jwacalex <ich-bin@jwacalex.de>
Date: Tue, 11 Apr 2017 17:25:34 +0200
Subject: first fix for #317. hidden rooms can be seen with admin_rooms
 priviledge

---
 includes/controller/rooms_controller.php |  8 +++++++-
 includes/model/Room_model.php            |  2 +-
 includes/sys_menu.php                    | 12 +++++++++---
 3 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/includes/controller/rooms_controller.php b/includes/controller/rooms_controller.php
index a79034fb..bba38bb5 100644
--- a/includes/controller/rooms_controller.php
+++ b/includes/controller/rooms_controller.php
@@ -16,8 +16,14 @@ function room_controller() {
   if (! in_array('view_rooms', $privileges)) {
     redirect(page_link_to());
   }
-  
+
+
   $room = load_room();
+
+  if($room['show'] != 'Y' && !in_array('admin_rooms', $privileges)) {
+      redirect(page_link_to());
+  }
+
   $all_shifts = Shifts_by_room($room);
   $days = [];
   foreach ($all_shifts as $shift) {
diff --git a/includes/model/Room_model.php b/includes/model/Room_model.php
index 6b6e269e..14935de0 100644
--- a/includes/model/Room_model.php
+++ b/includes/model/Room_model.php
@@ -46,7 +46,7 @@ function Room_create($name, $from_frab, $public) {
  * @param $room_id RID          
  */
 function Room($room_id) {
-  $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($room_id) . "' AND `show` = 'Y'");
+  $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($room_id) . "'");
   
   if ($room_source === false) {
     return false;
diff --git a/includes/sys_menu.php b/includes/sys_menu.php
index e1a6a12e..cb90fb7b 100644
--- a/includes/sys_menu.php
+++ b/includes/sys_menu.php
@@ -154,8 +154,10 @@ function make_room_navigation($menu) {
   if (! in_array('view_rooms', $privileges)) {
     return $menu;
   }
-  
-  $rooms = Rooms();
+
+  //get a list of all rooms
+  $rooms = Rooms(true);
+
   $room_menu = [];
   if (in_array('admin_rooms', $privileges)) {
     $room_menu[] = toolbar_item_link(page_link_to('admin_rooms'), 'list', _("Manage rooms"));
@@ -164,7 +166,11 @@ function make_room_navigation($menu) {
     $room_menu[] = toolbar_item_divider();
   }
   foreach ($rooms as $room) {
-    $room_menu[] = toolbar_item_link(room_link($room), 'map-marker', $room['Name']);
+    if($room['show'] == 'Y' || // room is public
+        ($room['show'] != 'Y' && in_array('admin_rooms', $privileges)) // room is not public, but user can admin_rooms
+     ) {
+      $room_menu[] = toolbar_item_link(room_link($room), 'map-marker', $room['Name']);
+    }
   }
   if (count($room_menu > 0)) {
     $menu[] = toolbar_dropdown('map-marker', _("Rooms"), $room_menu);
-- 
cgit v1.2.3-54-g00ecf