From: Daniel Karbach <daniel.karbach@localhorst.tv>
Date: Thu, 21 Aug 2025 22:20:33 +0000 (+0200)
Subject: show unconfirmed episodes to privileged users
X-Git-Url: https://git.localhorst.tv/?a=commitdiff_plain;h=529c417fd912fc290955b3eb1aee7ff0b37cc398;p=alttp.git

show unconfirmed episodes to privileged users
---

diff --git a/app/Http/Controllers/EpisodeController.php b/app/Http/Controllers/EpisodeController.php
index 159629f..97d2aad 100644
--- a/app/Http/Controllers/EpisodeController.php
+++ b/app/Http/Controllers/EpisodeController.php
@@ -244,14 +244,16 @@ class EpisodeController extends Controller {
 		if (isset($validatedData['before'])) {
 			$episodes = $episodes->where('episodes.start', '<=', $validatedData['before']);
 		}
-		$privIDs = $this->getUserPrivilegedEvents($request);
-		if (!empty($privIDs)) {
-			$episodes->where(function (Builder $query) use ($privIDs) {
-				$query->where('episodes.confirmed', '=', true);
-				$query->orWhereIn('episodes.event_id', $privIDs);
-			});
-		} else {
-			$episodes->where('episodes.confirmed', '=', true);
+		if (!$this->userMaySeeAllEvents($request)) {
+			$privIDs = $this->getUserPrivilegedEvents($request);
+			if (!empty($privIDs)) {
+				$episodes->where(function (Builder $query) use ($privIDs) {
+					$query->where('episodes.confirmed', '=', true);
+					$query->orWhereIn('episodes.event_id', $privIDs);
+				});
+			} else {
+				$episodes->where('episodes.confirmed', '=', true);
+			}
 		}
 		if (!empty($validatedData['event'])) {
 			if (isset($validatedData['eventInvert']) && $validatedData['eventInvert']) {
@@ -301,6 +303,13 @@ class EpisodeController extends Controller {
 		return $episode->toJson();
 	}
 
+	private function userMaySeeAllEvents(Request $request) {
+		if (!$request->user()) {
+			return false;
+		}
+		return $request->user()->isPrivileged();
+	}
+
 	private function getUserPrivilegedEvents(Request $request): array {
 		if (!$request->user()) {
 			return [];