mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-15 05:25:08 +02:00
Code Issues Projects Releases Wiki Activity

MDL-13776 assignment attachment access now verified in module context; merged from MOODLE_19_STABLE

Browse Source
This commit is contained in:
skodak 2008-07-05 14:18:30 +00:00
parent ff96219d2f
commit 9da3dfa4ac
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
file.php
View File

@ -106,10 +106,17 @@
and (strtolower($args[2]) == 'assignment')) {
$lifetime = 0; // do not cache assignments, students may reupload them
if (!has_capability('mod/assignment:grade', get_context_instance(CONTEXT_COURSE, $course->id))
and $args[4] != $USER->id) {
print_error('nopermissions');
}
if ($args[4] == $USER->id) {
//can view own assignemnt submissions
} else {
$instance = (int)$args[3];
if (!$cm = get_coursemodule_from_instance('assignment', $instance, $course->id)) {
not_found($course->id);
}
if (!has_capability('mod/assignment:grade', get_context_instance(CONTEXT_MODULE, $cm->id))) {
print_error('nopermissions');
}
}
}
// security: force download of all attachments submitted by students