"MDL-13766, check context id"

moodle · Sep 4, 2008 · 2057487 · 2057487
1 parent e4897de
commit 2057487
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 0 deletions.
diff --git a/lang/en_utf8/repository.php b/lang/en_utf8/repository.php
@@ -39,6 +39,7 @@
 $string['manage'] = 'Manage repositories';
 $string['manageurl'] = 'Manage';
 $string['manageuserrepository'] = 'Manage individual repository';
+$string['nopermissiontoaccess'] = 'No permission to access this repository';
 $string['noenter'] = 'Nothing entered';
 $string['operation'] = 'Operation';
 $string['openpicker'] = 'Choose a file...';

diff --git a/repository/lib.php b/repository/lib.php
@@ -870,6 +870,33 @@ public static function get_instance_option_names(){
 class repository_exception extends moodle_exception {
 }
 
+/**
+ * Check context
+ * @param int $ctx_id
+ * @return boolean
+ */
+function repository_check_context($ctx_id){
+    global $USER;
+    $context = get_context_instance_by_id($ctx_id);
+    $level = $context->contextlevel;
+    if ($level == CONTEXT_COURSE) {
+        if (!has_capability('moodle/course:view', $context)) {
+            return false;
+        } else {
+            return true;
+        }
+    } elseif ($level == CONTEXT_USER) {
+        $c = get_context_instance(CONTEXT_USER, $USER->id);
+        if ($c->id == $ctx_id) {
+            return true;
+        } else {
+            return false;
+        }
+    } elseif ($level == CONTEXT_SYSTEM) {
+        // it is always ok in system level
+    }
+    return false;
+}
 
 /**
  * Return repository instances

diff --git a/repository/ws.php b/repository/ws.php
@@ -35,6 +35,12 @@
     $type = $repository->type;
 }
 
+if (!repository_check_context($ctx_id)) {
+    $err = new stdclass;
+    $err->e = get_string('nopermissiontoaccess', 'repository');
+    die(json_encode($err));
+}
+
 if(file_exists($CFG->dirroot.'/repository/'.
     $type.'/repository.class.php'))
 {