MDL-34945 Repository: Creating an instance requires the user to have …

…the permission to view it
moodle · Sep 4, 2012 · 1461ecc · 1461ecc
1 parent 8f3c8e7
commit 1461ecc
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 6 deletions.
diff --git a/repository/lib.php b/repository/lib.php
@@ -1281,6 +1281,12 @@ public static function display_instances_list($context, $typename = null) {
             $types = repository::get_editable_types($context);
             foreach ($types as $type) {
                 if (!empty($type) && $type->get_visible()) {
+                    // If the user does not have the permission to view the repository, it won't be displayed in
+                    // the list of instances. Hiding the link to create new instances will prevent the
+                    // user from creating them without being able to find them afterwards, which looks like a bug.
+                    if (!has_capability('repository/'.$type->get_typename().':view', $context)) {
+                        continue;
+                    }
                     $instanceoptionnames = repository::static_function($type->get_typename(), 'get_instance_option_names');
                     if (!empty($instanceoptionnames)) {
                         $baseurl->param('new', $type->get_typename());

diff --git a/repository/manage_instances.php b/repository/manage_instances.php
@@ -106,12 +106,16 @@
     $type = repository::get_type_by_id($instance->options['typeid']);
 }
 
-if (isset($type) && !$type->get_visible()) {
-    print_error('typenotvisible', 'repository', $baseurl);
-}
-
-if (isset($type) && !$type->get_contextvisibility($context)) {
-    print_error('usercontextrepositorydisabled', 'repository', $baseurl);
+if (isset($type)) {
+    if (!$type->get_visible()) {
+        print_error('typenotvisible', 'repository', $baseurl);
+    }
+    // Prevents the user from creating/editing an instance if the repository is not visible in
+    // this context OR if the user does not have the capability to view this repository in this context.
+    $canviewrepository = has_capability('repository/'.$type->get_typename().':view', $context);
+    if (!$type->get_contextvisibility($context) || !$canviewrepository) {
+        print_error('usercontextrepositorydisabled', 'repository', $baseurl);
+    }
 }
 
 /// Create navigation links