Permalink
Browse files

MDL-29762 Blocks: Modified checks to show image in html block

Conflicts:

	blocks/html/lib.php
  • Loading branch information...
1 parent f4b03cf commit c36c0ccc1e5adc661405bb3c149a9ca29acb0529 Rajesh Taneja committed Oct 15, 2012
Showing with 19 additions and 3 deletions.
  1. +19 −3 blocks/html/lib.php
View
@@ -24,13 +24,29 @@
*/
function block_html_pluginfile($course, $birecord_or_cm, $context, $filearea, $args, $forcedownload) {
- global $SCRIPT;
+ global $DB, $CFG;
if ($context->contextlevel != CONTEXT_BLOCK) {
send_file_not_found();
}
- require_course_login($course);
+ // If block is in course context, then check if user has capability to access course.
+ if ($context->get_course_context(false)) {
+ require_course_login($course);
+ } else if ($CFG->forcelogin) {
+ require_login();
+ } else {
+ // Get parent context and see if user have proper permission.
+ $parentcontext = $context->get_parent_context();
+ if ($parentcontext->contextlevel === CONTEXT_COURSECAT) {
+ // Check if category is visible and user can view this category.
+ $category = $DB->get_record('course_categories', array('id' => $parentcontext->instanceid), '*', MUST_EXIST);
+ if (!$category->visible) {
+ require_capability('moodle/category:viewhiddencategories', $parentcontext);
+ }
+ }
+ // At this point there is no way to check SYSTEM or USER context, so ignoring it.
+ }
if ($filearea !== 'content') {
send_file_not_found();
@@ -79,4 +95,4 @@ function block_html_global_db_replace($search, $replace) {
}
}
$instances->close();
-}
+}

0 comments on commit c36c0cc

Please sign in to comment.