mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-19 06:18:28 +01:00
Code Issues Projects Releases Wiki Activity

blocks editing ui: MDL-19398 permissions checks when deleting a block.

Browse Source
This commit is contained in:
tjhunt 2009-07-14 11:16:21 +00:00
parent 1936f20b8b
commit 02b126af8a
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lang/en_utf8/moodle.php
View File

@ -403,6 +403,7 @@ $string['defaultcourseteacher'] = 'Teacher';
$string['defaultcourseteacherdescription'] = 'Teachers can do anything within a course, including changing the activities and grading students.';
$string['defaultcourseteachers'] = 'Teachers';
$string['delete'] = 'Delete';
$string['deleteablock'] = 'Delete a block';
$string['deleteall'] = 'Delete all';
$string['deleteallcannotundo'] = 'Delete all - cannot be undone';
$string['deleteallcomments'] = 'Delete all comments';

11
lib/blocklib.php
View File

@ -948,8 +948,13 @@ function block_process_url_delete($page) {
confirm_sesskey();
$instance = $page->blocks->find_instance($blockid);
blocks_delete_instance($instance->instance);
$block = $page->blocks->find_instance($blockid);
if (!$block->user_can_edit() || !$page->user_can_edit_blocks() || !$block->user_can_addto($page)) {
throw new moodle_exception('nopermissions', '', $page->url->out(), get_string('deleteablock'));
}
blocks_delete_instance($block->instance);
// If the page URL was a guses, it will contain the bui_... param, so we must make sure it is not there.
$page->ensure_param_not_in_url('bui_deleteid');
@ -963,7 +968,7 @@ function block_process_url_delete($page) {
* @return boolean true if anything was done. False if not.
*/
function block_process_url_show_hide($page) {
// TODO MDL-19398
}
///**