Permalink
Browse files

MDL-38452 repositories: User logged in as have access to non-private …

…repositories
  • Loading branch information...
1 parent d43ba3c commit e00435478780373ebdd5cbc1ebbe7da046c5e02e @FMCorz FMCorz committed Mar 20, 2013
Showing with 8 additions and 1 deletion.
  1. +8 −1 repository/lib.php
View
@@ -652,7 +652,14 @@ public static function get_types($visible=null) {
// Prevent access to private repositories when logged in as.
if (session_is_loggedinas()) {
- $can = false;
+ $allowed = array('coursefiles', 'equella', 'filesystem', 'flickr_public', 'local', 'merlot', 'recent',
+ 's3', 'upload', 'url', 'user', 'webdav', 'wikimedia', 'youtube');
+ // Are only accessible the repositories which do not contain private data (any data
+ // that is not part of Moodle, "Private files" is not considered "Pivate"). And if they
+ // do not contain private data, then it should not be a user instance, which is private by definition.
+ if (!in_array($this->type, $allowed) || $repocontext->contextlevel == CONTEXT_USER) {
+ $can = false;
+ }
}
// We are going to ensure that the current context was legit, and reliable to check

0 comments on commit e004354

Please sign in to comment.