From 529c417fd912fc290955b3eb1aee7ff0b37cc398 Mon Sep 17 00:00:00 2001
From: Daniel Karbach <daniel.karbach@localhorst.tv>
Date: Fri, 22 Aug 2025 00:20:33 +0200
Subject: [PATCH] show unconfirmed episodes to privileged users

---
 app/Http/Controllers/EpisodeController.php | 25 +++++++++++++++-------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/app/Http/Controllers/EpisodeController.php b/app/Http/Controllers/EpisodeController.php
index 159629f..97d2aad 100644
--- a/app/Http/Controllers/EpisodeController.php
+++ b/app/Http/Controllers/EpisodeController.php
@@ -244,14 +244,16 @@ class EpisodeController extends Controller {
 		if (isset($validatedData['before'])) {
 			$episodes = $episodes->where('episodes.start', '<=', $validatedData['before']);
 		}
-		$privIDs = $this->getUserPrivilegedEvents($request);
-		if (!empty($privIDs)) {
-			$episodes->where(function (Builder $query) use ($privIDs) {
-				$query->where('episodes.confirmed', '=', true);
-				$query->orWhereIn('episodes.event_id', $privIDs);
-			});
-		} else {
-			$episodes->where('episodes.confirmed', '=', true);
+		if (!$this->userMaySeeAllEvents($request)) {
+			$privIDs = $this->getUserPrivilegedEvents($request);
+			if (!empty($privIDs)) {
+				$episodes->where(function (Builder $query) use ($privIDs) {
+					$query->where('episodes.confirmed', '=', true);
+					$query->orWhereIn('episodes.event_id', $privIDs);
+				});
+			} else {
+				$episodes->where('episodes.confirmed', '=', true);
+			}
 		}
 		if (!empty($validatedData['event'])) {
 			if (isset($validatedData['eventInvert']) && $validatedData['eventInvert']) {
@@ -301,6 +303,13 @@ class EpisodeController extends Controller {
 		return $episode->toJson();
 	}
 
+	private function userMaySeeAllEvents(Request $request) {
+		if (!$request->user()) {
+			return false;
+		}
+		return $request->user()->isPrivileged();
+	}
+
 	private function getUserPrivilegedEvents(Request $request): array {
 		if (!$request->user()) {
 			return [];
-- 
2.47.2