Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-33950 Correctly initialise repository and check access in js and …

…non-js filepicker
  • Loading branch information...
commit d6571ad763484ab9764275ad79d0f9362376a6cf 1 parent 9599112
@marinaglancy marinaglancy authored danpoltawski committed
View
27 repository/filepicker.php
@@ -59,6 +59,7 @@
$maxfiles = optional_param('maxfiles', -1, PARAM_INT); // maxfiles
$maxbytes = optional_param('maxbytes', 0, PARAM_INT); // maxbytes
$subdirs = optional_param('subdirs', 0, PARAM_INT); // maxbytes
+$accepted_types = optional_param_array('accepted_types', '*', PARAM_RAW);
// the path to save files
$savepath = optional_param('savepath', '/', PARAM_PATH);
@@ -75,22 +76,16 @@
}
$PAGE->set_course($course);
-// init repository plugin
-$sql = 'SELECT i.name, i.typeid, r.type FROM {repository} r, {repository_instances} i '.
- 'WHERE i.id=? AND i.typeid=r.id';
-if ($repository = $DB->get_record_sql($sql, array($repo_id))) {
- $type = $repository->type;
- if (file_exists($CFG->dirroot.'/repository/'.$type.'/lib.php')) {
- require_once($CFG->dirroot.'/repository/'.$type.'/lib.php');
- $classname = 'repository_' . $type;
- try {
- $repo = new $classname($repo_id, $contextid, array('ajax'=>false, 'name'=>$repository->name, 'type'=>$type));
- } catch (repository_exception $e){
- print_error('pluginerror', 'repository');
- }
- } else {
- print_error('invalidplugin', 'repository');
- }
+if ($repo_id) {
+ // Get repository instance information
+ $repooptions = array(
+ 'ajax' => false,
+ 'mimetypes' => $accepted_types
+ );
+ $repo = repository::get_repository_by_id($repo_id, $contextid, $repooptions);
+
+ // Check permissions
+ $repo->check_capability();
}
$context = context::instance_by_id($contextid);
View
28 repository/lib.php
@@ -521,9 +521,10 @@ public function __construct($repositoryid, $context = SYSCONTEXTID, $options = a
*
* @param int $repositoryid repository ID
* @param stdClass|int $context context instance or context ID
+ * @param array $options additional repository options
* @return repository
*/
- public static function get_repository_by_id($repositoryid, $context) {
+ public static function get_repository_by_id($repositoryid, $context, $options = array()) {
global $CFG, $DB;
$sql = 'SELECT i.name, i.typeid, r.type FROM {repository} r, {repository_instances} i WHERE i.id=? AND i.typeid=r.id';
@@ -539,10 +540,15 @@ public static function get_repository_by_id($repositoryid, $context) {
if (is_object($context)) {
$contextid = $context->id;
}
- $repository = new $classname($repositoryid, $contextid, array('type'=>$type));
+ $options['type'] = $type;
+ $options['typeid'] = $record->typeid;
+ if (empty($options['name'])) {
+ $options['name'] = $record->name;
+ }
+ $repository = new $classname($repositoryid, $contextid, $options);
return $repository;
} else {
- throw new moodle_exception('error');
+ throw new repository_exception('invalidplugin', 'repository');
}
}
}
@@ -609,16 +615,16 @@ public static function get_types($visible=null) {
}
/**
- * To check if the context id is valid
+ * Checks if user has a capability to view the current repository in current context
*
- * @static
- * @param int $contextid
- * @param stdClass $instance
* @return bool
*/
- public static function check_capability($contextid, $instance) {
- $context = get_context_instance_by_id($contextid);
- $capability = has_capability('repository/'.$instance->type.':view', $context);
+ public final function check_capability() {
+ $capability = false;
+ if (preg_match("/^repository_(.*)$/", get_class($this), $matches)) {
+ $type = $matches[1];
+ $capability = has_capability('repository/'.$type.':view', $this->context);
+ }
if (!$capability) {
throw new repository_exception('nopermissiontoaccess', 'repository');
}
@@ -674,7 +680,7 @@ public function file_is_accessible($source) {
return false;
}
$browser = get_file_browser();
- $context = get_context_instance_by_id($params['contextid']);
+ $context = context::instance_by_id($params['contextid']);
$file_info = $browser->get_file_info($context, $params['component'], $params['filearea'],
$params['itemid'], $params['filepath'], $params['filename']);
return !empty($file_info);
View
30 repository/repository_ajax.php
@@ -70,17 +70,14 @@
}
// Get repository instance information
-$sql = 'SELECT i.name, i.typeid, r.type FROM {repository} r, {repository_instances} i WHERE i.id=? AND i.typeid=r.id';
-
-if (!$repository = $DB->get_record_sql($sql, array($repo_id))) {
- $err->error = get_string('invalidrepositoryid', 'repository');
- die(json_encode($err));
-} else {
- $type = $repository->type;
-}
+$repooptions = array(
+ 'ajax' => true,
+ 'mimetypes' => $accepted_types
+);
+$repo = repository::get_repository_by_id($repo_id, $contextid, $repooptions);
// Check permissions
-repository::check_capability($contextid, $repository);
+$repo->check_capability();
$moodle_maxbytes = get_user_max_upload_file_size($context);
// to prevent maxbytes greater than moodle maxbytes setting
@@ -121,21 +118,6 @@
break;
}
-if (file_exists($CFG->dirroot.'/repository/'.$type.'/lib.php')) {
- require_once($CFG->dirroot.'/repository/'.$type.'/lib.php');
- $classname = 'repository_' . $type;
- $repooptions = array(
- 'ajax' => true,
- 'name' => $repository->name,
- 'type' => $type,
- 'mimetypes' => $accepted_types
- );
- $repo = new $classname($repo_id, $contextid, $repooptions);
-} else {
- $err->error = get_string('invalidplugin', 'repository', $type);
- die(json_encode($err));
-}
-
// These actions all occur on the currently active repository instance
switch ($action) {
case 'sign':
Please sign in to comment.
Something went wrong with that request. Please try again.