mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-03-14 12:40:01 +01:00
Code Issues Projects Releases Wiki Activity

MDL-22764, added capability check on view.php, edit.php requires managefiles capability, use require_login to force logged in user in edit.php page

Browse Source
This commit is contained in:
Dongsheng Cai 2010-06-21 09:11:24 +00:00
parent a76982080e
commit 3ebb42aeea
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
mod/folder/edit.php
View File

@ -31,12 +31,12 @@ require_once("$CFG->dirroot/repository/lib.php");
$id = required_param('id', PARAM_INT); // Course module ID
$cm = get_coursemodule_from_id('folder', $id, 0, false, MUST_EXIST);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
$folder = $DB->get_record('folder', array('id'=>$cm->instance), '*', MUST_EXIST);
$course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
require_course_login($course, true, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
require_login($course, true, $cm);
require_capability('moodle/course:managefiles', $context);
add_to_log($course->id, 'folder', 'edit', 'edit.php?id='.$cm->id, $folder->id, $cm->id);

8
mod/folder/view.php
View File

@ -68,8 +68,10 @@ echo $OUTPUT->box_start('generalbox foldertree');
echo $OUTPUT->area_file_tree_viewer($context->id, 'folder_content', 0);
echo $OUTPUT->box_end();
echo $OUTPUT->container_start('mdl-align');
echo $OUTPUT->single_button(new moodle_url('/mod/folder/edit.php', array('id'=>$id)), get_string('edit'));
echo $OUTPUT->container_end();
if (has_capability('moodle/course:managefiles', $context)) {
echo $OUTPUT->container_start('mdl-align');
echo $OUTPUT->single_button(new moodle_url('/mod/folder/edit.php', array('id'=>$id)), get_string('edit'));
echo $OUTPUT->container_end();
}
echo $OUTPUT->footer();