diff --git a/blog/edit_form.php b/blog/edit_form.php index 04c67e5b4cc..2eb767a06c0 100644 --- a/blog/edit_form.php +++ b/blog/edit_form.php @@ -134,27 +134,25 @@ class blog_edit_form extends moodleform { // validate course association if (!empty($data['courseassoc']) && has_capability('moodle/blog:associatecourse', $sitecontext)) { - $coursecontext = get_context_instance(CONTEXT_COURSE, $data['courseassoc']); + $coursecontext = context::instance_by_id($data['courseassoc'], IGNORE_MISSING); - if ($coursecontext) { + if ($coursecontext and $coursecontext->contextlevel == CONTEXT_COURSE) { if (!is_enrolled($coursecontext) and !is_viewing($coursecontext)) { $errors['courseassoc'] = get_string('studentnotallowed', '', fullname($USER, true)); } } else { - $errors['courseassoc'] = get_string('invalidcontextid', 'blog'); + $errors['courseassoc'] = get_string('error'); } } // validate mod association if (!empty($data['modassoc'])) { $modcontextid = $data['modassoc']; + $modcontext = context::instance_by_id($modcontextid, IGNORE_MISSING); - $modcontext = get_context_instance(CONTEXT_MODULE, $modcontextid); - - if ($modcontext) { + if ($modcontext and $modcontext->contextlevel == CONTEXT_MODULE) { // get context of the mod's course - $path = explode('/', $modcontext->path); - $coursecontext = get_context_instance_by_id($path[(count($path) - 2)]); + $coursecontext = $modcontext->get_course_context(true); // ensure only one course is associated if (!empty($data['courseassoc'])) { @@ -170,7 +168,7 @@ class blog_edit_form extends moodleform { $errors['modassoc'] = get_string('studentnotallowed', '', fullname($USER, true)); } } else { - $errors['modassoc'] = get_string('invalidcontextid', 'blog'); + $errors['modassoc'] = get_string('error'); } } diff --git a/blog/lib.php b/blog/lib.php index 06ed8acc3e6..991069c617d 100644 --- a/blog/lib.php +++ b/blog/lib.php @@ -529,7 +529,10 @@ function blog_get_options_for_course(stdClass $course, stdClass $user=null) { return $courseoptions[$key]; } - if (has_capability('moodle/blog:view', get_context_instance(CONTEXT_COURSE, $course->id))) { + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); + $canparticipate = (is_enrolled($coursecontext) or is_viewing($coursecontext)); + + if (has_capability('moodle/blog:view', $coursecontext)) { // We can view! if ($CFG->bloglevel >= BLOG_SITE_LEVEL) { // View entries about this course @@ -552,7 +555,7 @@ function blog_get_options_for_course(stdClass $course, stdClass $user=null) { } } - if (has_capability('moodle/blog:create', $sitecontext)) { + if (has_capability('moodle/blog:create', $sitecontext) and $canparticipate) { // We can blog about this course $options['courseadd'] = array( 'string' => get_string('blogaboutthiscourse', 'blog'), @@ -604,7 +607,10 @@ function blog_get_options_for_module($module, $user=null) { return $moduleoptions[$module->id]; } - if (has_capability('moodle/blog:view', get_context_instance(CONTEXT_MODULE, $module->id))) { + $modcontext = get_context_instance(CONTEXT_MODULE, $module->id); + $canparticipate = (is_enrolled($modcontext) or is_viewing($modcontext)); + + if (has_capability('moodle/blog:view', $modcontext)) { // We can view! if ($CFG->bloglevel >= BLOG_SITE_LEVEL) { // View all entries about this module @@ -632,7 +638,7 @@ function blog_get_options_for_module($module, $user=null) { } } - if (has_capability('moodle/blog:create', $sitecontext)) { + if (has_capability('moodle/blog:create', $sitecontext) and $canparticipate) { // The user can blog about this module $options['moduleadd'] = array( 'string' => get_string('blogaboutthismodule', 'blog', $module->modname),