Permalink
Browse files

MDL-28432 use enrol/cohort and enrol/manual capabilities correctly in…

… cohort enrol UI and fix input validation in ajax
  • Loading branch information...
1 parent ac30618 commit 6b0b96c581a6dc06de89fba2325713f057e60be1 @skodak skodak committed Jul 22, 2011
Showing with 15 additions and 1 deletion.
  1. +14 −1 enrol/ajax.php
  2. +1 −0 enrol/cohort/addinstance.php
View
15 enrol/ajax.php
@@ -102,16 +102,29 @@
break;
case 'enrolcohort':
require_capability('moodle/course:enrolconfig', $context);
+ require_capability('enrol/cohort:config', $context);
$roleid = required_param('roleid', PARAM_INT);
+ if (!array_key_exists($roleid, $manager->get_assignable_roles())) {
+ throw new enrol_ajax_exception('invalidrole');
+ }
$cohortid = required_param('cohortid', PARAM_INT);
+ if (!array_key_exists($cohortid, $manager->get_cohorts())) {
+ throw new enrol_ajax_exception('errorenrolcohort');
+ }
if (!$manager->enrol_cohort($cohortid, $roleid)) {
throw new enrol_ajax_exception('errorenrolcohort');
}
break;
case 'enrolcohortusers':
- require_capability('moodle/course:enrolconfig', $context);
+ require_capability('enrol/manual:enrol', $context);
$roleid = required_param('roleid', PARAM_INT);
+ if (!array_key_exists($roleid, $manager->get_assignable_roles())) {
+ throw new enrol_ajax_exception('invalidrole');
+ }
$cohortid = required_param('cohortid', PARAM_INT);
+ if (!array_key_exists($cohortid, $manager->get_cohorts())) {
+ throw new enrol_ajax_exception('errorenrolcohortusers');
+ }
$result = $manager->enrol_cohort_users($cohortid, $roleid);
if ($result === false) {
throw new enrol_ajax_exception('errorenrolcohortusers');
View
1 enrol/cohort/addinstance.php
@@ -35,6 +35,7 @@
require_login($course);
require_capability('moodle/course:enrolconfig', $context);
+require_capability('enrol/cohort:config', $context);
$PAGE->set_url('/enrol/cohort/addinstance.php', array('id'=>$course->id));
$PAGE->set_pagelayout('admin');

0 comments on commit 6b0b96c

Please sign in to comment.