Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-34945 Repository: Creating an instance requires the user to have …

…the permission to view it
  • Loading branch information...
commit 1461ecc0e4848405045fbe524353caa3b66b8fea 1 parent 8f3c8e7
Frédéric Massart FMCorz authored
Showing with 16 additions and 6 deletions.
  1. +6 −0 repository/lib.php
  2. +10 −6 repository/manage_instances.php
6 repository/lib.php
View
@@ -1281,6 +1281,12 @@ public static function display_instances_list($context, $typename = null) {
$types = repository::get_editable_types($context);
foreach ($types as $type) {
if (!empty($type) && $type->get_visible()) {
+ // If the user does not have the permission to view the repository, it won't be displayed in
+ // the list of instances. Hiding the link to create new instances will prevent the
+ // user from creating them without being able to find them afterwards, which looks like a bug.
+ if (!has_capability('repository/'.$type->get_typename().':view', $context)) {
+ continue;
+ }
$instanceoptionnames = repository::static_function($type->get_typename(), 'get_instance_option_names');
if (!empty($instanceoptionnames)) {
$baseurl->param('new', $type->get_typename());
16 repository/manage_instances.php
View
@@ -106,12 +106,16 @@
$type = repository::get_type_by_id($instance->options['typeid']);
}
-if (isset($type) && !$type->get_visible()) {
- print_error('typenotvisible', 'repository', $baseurl);
-}
-
-if (isset($type) && !$type->get_contextvisibility($context)) {
- print_error('usercontextrepositorydisabled', 'repository', $baseurl);
+if (isset($type)) {
+ if (!$type->get_visible()) {
+ print_error('typenotvisible', 'repository', $baseurl);
+ }
+ // Prevents the user from creating/editing an instance if the repository is not visible in
+ // this context OR if the user does not have the capability to view this repository in this context.
+ $canviewrepository = has_capability('repository/'.$type->get_typename().':view', $context);
+ if (!$type->get_contextvisibility($context) || !$canviewrepository) {
+ print_error('usercontextrepositorydisabled', 'repository', $baseurl);
+ }
}
/// Create navigation links
Please sign in to comment.
Something went wrong with that request. Please try again.