Browse files

MDL-37852 repository: Admins can't access user instances settings

  • Loading branch information...
1 parent d5a3a92 commit 173a201f90941604ae1811a1b79089be4d78707c @FMCorz FMCorz committed with damyon Mar 7, 2013
Showing with 8 additions and 3 deletions.
  1. +8 −3 admin/repositoryinstance.php
View
11 admin/repositoryinstance.php
@@ -62,6 +62,9 @@
if (!empty($edit) || !empty($new)) {
if (!empty($edit)) {
$instance = repository::get_instance($edit);
+ if ($instance->instance->contextid != $context->id) {
+ throw new repository_exception('nopermissiontoaccess', 'repository');
+ }
$instancetype = repository::get_type_by_id($instance->options['typeid']);
$classname = 'repository_' . $instancetype->get_typename();
$configs = $instance->get_instance_option_names();
@@ -118,10 +121,12 @@
$return = true;
} else if (!empty($delete)) {
$instance = repository::get_instance($delete);
- //if you try to delete an instance set as readonly, display an error message
if ($instance->readonly) {
- throw new repository_exception('readonlyinstance', 'repository');
- }
+ // If you try to delete an instance set as readonly, display an error message.
+ throw new repository_exception('readonlyinstance', 'repository');
+ } else if ($instance->instance->contextid != $context->id) {
+ throw new repository_exception('nopermissiontoaccess', 'repository');
+ }
if ($sure) {
if ($instance->delete($downloadcontents)) {
$deletedstr = get_string('instancedeleted', 'repository');

0 comments on commit 173a201

Please sign in to comment.