Skip to content
Browse files

Merge branch 'wip-mdl-29762-m22' of git://github.com/rajeshtaneja/moo…

…dle into MOODLE_22_STABLE
  • Loading branch information...
2 parents a70978a + c36c0cc commit 9787d3a9b57024b9005d53238570007c703dfe0c @danpoltawski danpoltawski committed Oct 31, 2012
Showing with 19 additions and 3 deletions.
  1. +19 −3 blocks/html/lib.php
View
22 blocks/html/lib.php
@@ -24,13 +24,29 @@
*/
function block_html_pluginfile($course, $birecord_or_cm, $context, $filearea, $args, $forcedownload) {
- global $SCRIPT;
+ global $DB, $CFG;
if ($context->contextlevel != CONTEXT_BLOCK) {
send_file_not_found();
}
- require_course_login($course);
+ // If block is in course context, then check if user has capability to access course.
+ if ($context->get_course_context(false)) {
+ require_course_login($course);
+ } else if ($CFG->forcelogin) {
+ require_login();
+ } else {
+ // Get parent context and see if user have proper permission.
+ $parentcontext = $context->get_parent_context();
+ if ($parentcontext->contextlevel === CONTEXT_COURSECAT) {
+ // Check if category is visible and user can view this category.
+ $category = $DB->get_record('course_categories', array('id' => $parentcontext->instanceid), '*', MUST_EXIST);
+ if (!$category->visible) {
+ require_capability('moodle/category:viewhiddencategories', $parentcontext);
+ }
+ }
+ // At this point there is no way to check SYSTEM or USER context, so ignoring it.
+ }
if ($filearea !== 'content') {
send_file_not_found();
@@ -79,4 +95,4 @@ function block_html_global_db_replace($search, $replace) {
}
}
$instances->close();
-}
+}

0 comments on commit 9787d3a

Please sign in to comment.
Something went wrong with that request. Please try again.