Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

MDL-28432 use enrol/cohort and enrol/manual capabilities correctly in…

… cohort enrol UI and fix input validation in ajax
  • Loading branch information...
commit 6b0b96c581a6dc06de89fba2325713f057e60be1 1 parent ac30618
Petr Skoda skodak authored

Showing 2 changed files with 15 additions and 1 deletion. Show diff stats Hide diff stats

  1. +14 1 enrol/ajax.php
  2. +1 0  enrol/cohort/addinstance.php
15 enrol/ajax.php
@@ -102,16 +102,29 @@
102 102 break;
103 103 case 'enrolcohort':
104 104 require_capability('moodle/course:enrolconfig', $context);
  105 + require_capability('enrol/cohort:config', $context);
105 106 $roleid = required_param('roleid', PARAM_INT);
  107 + if (!array_key_exists($roleid, $manager->get_assignable_roles())) {
  108 + throw new enrol_ajax_exception('invalidrole');
  109 + }
106 110 $cohortid = required_param('cohortid', PARAM_INT);
  111 + if (!array_key_exists($cohortid, $manager->get_cohorts())) {
  112 + throw new enrol_ajax_exception('errorenrolcohort');
  113 + }
107 114 if (!$manager->enrol_cohort($cohortid, $roleid)) {
108 115 throw new enrol_ajax_exception('errorenrolcohort');
109 116 }
110 117 break;
111 118 case 'enrolcohortusers':
112   - require_capability('moodle/course:enrolconfig', $context);
  119 + require_capability('enrol/manual:enrol', $context);
113 120 $roleid = required_param('roleid', PARAM_INT);
  121 + if (!array_key_exists($roleid, $manager->get_assignable_roles())) {
  122 + throw new enrol_ajax_exception('invalidrole');
  123 + }
114 124 $cohortid = required_param('cohortid', PARAM_INT);
  125 + if (!array_key_exists($cohortid, $manager->get_cohorts())) {
  126 + throw new enrol_ajax_exception('errorenrolcohortusers');
  127 + }
115 128 $result = $manager->enrol_cohort_users($cohortid, $roleid);
116 129 if ($result === false) {
117 130 throw new enrol_ajax_exception('errorenrolcohortusers');
1  enrol/cohort/addinstance.php
@@ -35,6 +35,7 @@
35 35
36 36 require_login($course);
37 37 require_capability('moodle/course:enrolconfig', $context);
  38 +require_capability('enrol/cohort:config', $context);
38 39
39 40 $PAGE->set_url('/enrol/cohort/addinstance.php', array('id'=>$course->id));
40 41 $PAGE->set_pagelayout('admin');

0 comments on commit 6b0b96c

Please sign in to comment.
Something went wrong with that request. Please try again.