From 57d9a750e3da6708dba13513e9b05e84a895ad9f Mon Sep 17 00:00:00 2001
From: Juan Leyva <juanleyvadelgado@gmail.com>
Date: Tue, 28 Apr 2015 12:30:17 +0200
Subject: [PATCH] MDL-49994 files: Prevent to browse private files when are
 disabled

---
 files/externallib.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/externallib.php b/files/externallib.php
index 389cc73e16421..3a4d051cbae25 100644
--- a/files/externallib.php
+++ b/files/externallib.php
@@ -336,6 +336,7 @@ public static function upload($contextid, $component, $filearea, $itemid, $filep
         $context = self::get_context_from_params($fileinfo);
         self::validate_context($context);
         if (($fileinfo['component'] == 'user' and $fileinfo['filearea'] == 'private')) {
+            require_capability('moodle/user:manageownfiles', $context);
             debugging('Uploading directly to user private files area is deprecated. Upload to a draft area and then move the files with core_user::add_user_private_files');
         }