Skip to content
Browse files

MDL-37852 repository: Prevent user from deleting a site-wide instance

  • Loading branch information...
1 parent a28da5d commit 103efbc271ea20219982fa1873fa93b8b6327048 @FMCorz FMCorz committed with damyon Mar 7, 2013
Showing with 10 additions and 5 deletions.
  1. +10 −5 repository/manage_instances.php
View
15 repository/manage_instances.php
@@ -106,6 +106,14 @@
$type = repository::get_type_by_id($instance->options['typeid']);
}
+// The context passed MUST match the context of the repository. And as both have to be
+// similar, this also ensures that the context is either a user one, or a course one.
+if (!empty($instance)) {
+ if ($instance->instance->contextid != $context->id) {
+ print_error('invalidcontext');
+ }
+}
+
if (isset($type)) {
if (!$type->get_visible()) {
print_error('typenotvisible', 'repository', $baseurl);
@@ -150,11 +158,6 @@
if ($instance->readonly) {
throw new repository_exception('readonlyinstance', 'repository');
}
- // System instances settings should not be accessible here.
- $repocontext = context::instance_by_id($instance->instance->contextid);
- if ($repocontext->contextlevel == CONTEXT_SYSTEM) {
- throw new repository_exception('nopermissiontoaccess', 'repository');
- }
// Check if we can read the content of the repository, if not exception is thrown.
repository::check_capability($context->id, $instance);
$instancetype = repository::get_type_by_id($instance->options['typeid']);
@@ -213,6 +216,8 @@
if ($instance->readonly) {
throw new repository_exception('readonlyinstance', 'repository');
}
+ // Check if we can read the content of the repository, if not exception is thrown.
+ repository::check_capability($context->id, $instance);
if ($sure) {
if (!confirm_sesskey()) {
print_error('confirmsesskeybad', '', $baseurl);

0 comments on commit 103efbc

Please sign in to comment.
Something went wrong with that request. Please try again.