Skip to content

Commit

Permalink
MDL-34945 Repository: Creating an instance requires the user to have …
Browse files Browse the repository at this point in the history
…the permission to view it
  • Loading branch information
Frederic Massart committed Aug 24, 2012
1 parent d71c486 commit 2c86955
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 6 deletions.
6 changes: 6 additions & 0 deletions repository/lib.php
Original file line number Diff line number Diff line change
Expand Up @@ -1490,6 +1490,12 @@ public static function display_instances_list($context, $typename = null) {
$types = repository::get_editable_types($context);
foreach ($types as $type) {
if (!empty($type) && $type->get_visible()) {
// If the user does not have the permission to view the repository, it won't be displayed in
// the list of instances. Hiding the link to create new instances will prevent the
// user from creating them without being able to find them afterwards, which looks like a bug.
if (!has_capability('repository/'.$type->get_typename().':view', $context)) {
continue;
}
$instanceoptionnames = repository::static_function($type->get_typename(), 'get_instance_option_names');
if (!empty($instanceoptionnames)) {
$baseurl->param('new', $type->get_typename());
Expand Down
16 changes: 10 additions & 6 deletions repository/manage_instances.php
Original file line number Diff line number Diff line change
Expand Up @@ -106,12 +106,16 @@
$type = repository::get_type_by_id($instance->options['typeid']);
}

if (isset($type) && !$type->get_visible()) {
print_error('typenotvisible', 'repository', $baseurl);
}

if (isset($type) && !$type->get_contextvisibility($context)) {
print_error('usercontextrepositorydisabled', 'repository', $baseurl);
if (isset($type)) {
if (!$type->get_visible()) {
print_error('typenotvisible', 'repository', $baseurl);
}
// Prevents the user from creating/editing an instance if the repository is not visible in
// this context OR if the user does not have the capability to view this repository in this context.
$canviewrepository = has_capability('repository/'.$type->get_typename().':view', $context);
if (!$type->get_contextvisibility($context) || !$canviewrepository) {
print_error('usercontextrepositorydisabled', 'repository', $baseurl);
}
}

/// Create navigation links
Expand Down

0 comments on commit 2c86955

Please sign in to comment.