MDL-53772 inplace_editable: set context in callbacks

mpetrowi · Apr 14, 2016 · 787ec24 · 787ec24
1 parent 56fa860
commit 787ec24
Show file tree

Hide file tree

Showing 8 changed files with 10 additions and 8 deletions.
diff --git a/cohort/classes/output/cohortidnumber.php b/cohort/classes/output/cohortidnumber.php
@@ -61,6 +61,7 @@ public static function update($cohortid, $newvalue) {
         global $DB;
         $cohort = $DB->get_record('cohort', array('id' => $cohortid), '*', MUST_EXIST);
         $cohortcontext = \context::instance_by_id($cohort->contextid);
+        \external_api::validate_context($cohortcontext);
         require_capability('moodle/cohort:manage', $cohortcontext);
         $record = (object)array('id' => $cohort->id, 'idnumber' => $newvalue, 'contextid' => $cohort->contextid);
         cohort_update_cohort($record);

diff --git a/cohort/classes/output/cohortname.php b/cohort/classes/output/cohortname.php
@@ -61,6 +61,7 @@ public static function update($cohortid, $newvalue) {
         global $DB;
         $cohort = $DB->get_record('cohort', array('id' => $cohortid), '*', MUST_EXIST);
         $cohortcontext = \context::instance_by_id($cohort->contextid);
+        \external_api::validate_context($cohortcontext);
         require_capability('moodle/cohort:manage', $cohortcontext);
         $newvalue = clean_param($newvalue, PARAM_TEXT);
         if (strval($newvalue) !== '') {

diff --git a/course/classes/output/course_module_name.php b/course/classes/output/course_module_name.php
@@ -86,15 +86,15 @@ public function export_for_template(\renderer_base $output) {
      * @return static
      */
     public static function update($itemid, $newvalue) {
-        list($course, $cm) = get_course_and_cm_from_cmid($itemid);
-        $context = context_module::instance($cm->id);
+        global $PAGE;
+        $context = context_module::instance($itemid);
         // Check access.
-        require_login($course, false, $cm, true, true);
+        \external_api::validate_context($context);
         require_capability('moodle/course:manageactivities', $context);
         // Update value.
-        set_coursemodule_name($cm->id, $newvalue);
+        set_coursemodule_name($PAGE->cm->id, $newvalue);
         // Return instance.
-        $cm = get_fast_modinfo($course)->get_cm($cm->id);
+        $cm = get_fast_modinfo($PAGE->course)->get_cm($PAGE->cm->id);
         return new static($cm, true);
     }
 }
diff --git a/course/format/lib.php b/course/format/lib.php
@@ -1089,8 +1089,8 @@ public function inplace_editable_render_section_name($section, $linkifneeded = t
      */
     public function inplace_editable_update_section_name($section, $itemtype, $newvalue) {
         if ($itemtype === 'sectionname' || $itemtype === 'sectionnamenl') {
-            require_login($section->course, false, null, true, true);
             $context = context_course::instance($section->course);
+            external_api::validate_context($context);
             require_capability('moodle/course:update', $context);
 
             $newtitle = clean_param($newvalue, PARAM_TEXT);

diff --git a/lib/external/externallib.php b/lib/external/externallib.php
@@ -386,7 +386,6 @@ public static function update_inplace_editable($component, $itemtype, $itemid, $
         if (!$tmpl || !($tmpl instanceof \core\output\inplace_editable)) {
             throw new \moodle_exception('inplaceeditableerror');
         }
-        $PAGE->set_context(null); // To prevent warning if context was not set in the callback.
         return $tmpl->export_for_template($PAGE->get_renderer('core'));
     }
 

diff --git a/tag/classes/external.php b/tag/classes/external.php
@@ -302,7 +302,6 @@ public static function get_tagindex($params) {
         $context = $params['ctx'] ? context::instance_by_id($params['ctx']) : context_system::instance();
         require_login(null, false, null, false, true);
         self::validate_context($context);
-        $PAGE->set_context(null);
 
         $tag = core_tag_tag::get_by_name($params['tc'], $params['tag'], '*', MUST_EXIST);
         $tagareas = core_tag_collection::get_areas($params['tc']);

diff --git a/tag/lib.php b/tag/lib.php
@@ -50,6 +50,7 @@ function tag_page_type_list($pagetype, $parentcontext, $currentcontext) {
  * @return \core\output\inplace_editable
  */
 function core_tag_inplace_editable($itemtype, $itemid, $newvalue) {
+    \external_api::validate_context(context_system::instance());
     if ($itemtype === 'tagname') {
         return \core_tag\output\tagname::update($itemid, $newvalue);
     } else if ($itemtype === 'tagareaenable') {

diff --git a/tag/tests/external_test.php b/tag/tests/external_test.php
@@ -157,6 +157,7 @@ public function test_update_inplace_editable() {
 
         $this->resetAfterTest(true);
         $tag = $this->getDataGenerator()->create_tag();
+        $this->setUser($this->getDataGenerator()->create_user());
 
         // Call service for core_tag component without necessary permissions.
         try {