diff --git a/repository/lib.php b/repository/lib.php index 0c4bf711889a5..edca90b7637d5 100644 --- a/repository/lib.php +++ b/repository/lib.php @@ -1281,6 +1281,12 @@ public static function display_instances_list($context, $typename = null) { $types = repository::get_editable_types($context); foreach ($types as $type) { if (!empty($type) && $type->get_visible()) { + // If the user does not have the permission to view the repository, it won't be displayed in + // the list of instances. Hiding the link to create new instances will prevent the + // user from creating them without being able to find them afterwards, which looks like a bug. + if (!has_capability('repository/'.$type->get_typename().':view', $context)) { + continue; + } $instanceoptionnames = repository::static_function($type->get_typename(), 'get_instance_option_names'); if (!empty($instanceoptionnames)) { $baseurl->param('new', $type->get_typename()); diff --git a/repository/manage_instances.php b/repository/manage_instances.php index 5b5d1c897e804..e3b0dc953e8e5 100644 --- a/repository/manage_instances.php +++ b/repository/manage_instances.php @@ -106,12 +106,16 @@ $type = repository::get_type_by_id($instance->options['typeid']); } -if (isset($type) && !$type->get_visible()) { - print_error('typenotvisible', 'repository', $baseurl); -} - -if (isset($type) && !$type->get_contextvisibility($context)) { - print_error('usercontextrepositorydisabled', 'repository', $baseurl); +if (isset($type)) { + if (!$type->get_visible()) { + print_error('typenotvisible', 'repository', $baseurl); + } + // Prevents the user from creating/editing an instance if the repository is not visible in + // this context OR if the user does not have the capability to view this repository in this context. + $canviewrepository = has_capability('repository/'.$type->get_typename().':view', $context); + if (!$type->get_contextvisibility($context) || !$canviewrepository) { + print_error('usercontextrepositorydisabled', 'repository', $baseurl); + } } /// Create navigation links