Permalink
Browse files

MDL-37852 repository: Admins can't access user instances settings

  • Loading branch information...
1 parent c3d1c73 commit ac5fc5953426befb1232106ade9e42ff239d9b63 @FMCorz FMCorz committed with damyon Mar 7, 2013
Showing with 8 additions and 3 deletions.
  1. +8 −3 admin/repositoryinstance.php
@@ -62,6 +62,9 @@
if (!empty($edit) || !empty($new)) {
if (!empty($edit)) {
$instance = repository::get_instance($edit);
+ if (!$instance->can_be_edited_by_user()) {
+ throw new repository_exception('nopermissiontoaccess', 'repository');
+ }
$instancetype = repository::get_type_by_id($instance->options['typeid']);
$classname = 'repository_' . $instancetype->get_typename();
$configs = $instance->get_instance_option_names();
@@ -118,10 +121,12 @@
$return = true;
} else if (!empty($delete)) {
$instance = repository::get_instance($delete);
- //if you try to delete an instance set as readonly, display an error message
if ($instance->readonly) {
- throw new repository_exception('readonlyinstance', 'repository');
- }
+ // If you try to delete an instance set as readonly, display an error message.
+ throw new repository_exception('readonlyinstance', 'repository');
+ } else if (!$instance->can_be_edited_by_user()) {
+ throw new repository_exception('nopermissiontoaccess', 'repository');
+ }
if ($sure) {
if ($instance->delete($downloadcontents)) {
$deletedstr = get_string('instancedeleted', 'repository');

0 comments on commit ac5fc59

Please sign in to comment.