]> git.mjollnir.org Git - moodle.git/commitdiff
projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e4897de)
"MDL-13766, check context id"
authordongsheng <dongsheng>
Thu, 4 Sep 2008 06:28:47 +0000 (06:28 +0000)
committerdongsheng <dongsheng>
Thu, 4 Sep 2008 06:28:47 +0000 (06:28 +0000)
lang/en_utf8/repository.php patch | blob | history
repository/lib.php patch | blob | history
repository/ws.php patch | blob | history

diff --git a/lang/en_utf8/repository.php b/lang/en_utf8/repository.php
index c124dc8d749cb496c138e735b8341675d81dc37f..aeaeeab0b0d112381318e2b73e7028ff1ad352ea 100644 (file)
--- a/lang/en_utf8/repository.php
+++ b/lang/en_utf8/repository.php
@@ -39,6 +39,7 @@ $string['loading'] = 'Loading...';
 $string['manage'] = 'Manage repositories';
 $string['manageurl'] = 'Manage';
 $string['manageuserrepository'] = 'Manage individual repository';
+$string['nopermissiontoaccess'] = 'No permission to access this repository';
 $string['noenter'] = 'Nothing entered';
 $string['operation'] = 'Operation';
 $string['openpicker'] = 'Choose a file...';
diff --git a/repository/lib.php b/repository/lib.php
index eb70d30d2b5d95b111c4e8bacadd8fe10604b1a2..04a6c99f35e6bdac284dbb69b464700310adeb79 100644 (file)
--- a/repository/lib.php
+++ b/repository/lib.php
@@ -870,6 +870,33 @@ abstract class repository {
 class repository_exception extends moodle_exception {
 }
 
+/**
+ * Check context
+ * @param int $ctx_id
+ * @return boolean
+ */
+function repository_check_context($ctx_id){
+    global $USER;
+    $context = get_context_instance_by_id($ctx_id);
+    $level = $context->contextlevel;
+    if ($level == CONTEXT_COURSE) {
+        if (!has_capability('moodle/course:view', $context)) {
+            return false;
+        } else {
+            return true;
+        }
+    } elseif ($level == CONTEXT_USER) {
+        $c = get_context_instance(CONTEXT_USER, $USER->id);
+        if ($c->id == $ctx_id) {
+            return true;
+        } else {
+            return false;
+        }
+    } elseif ($level == CONTEXT_SYSTEM) {
+        // it is always ok in system level
+    }
+    return false;
+}
 
 /**
  * Return repository instances
diff --git a/repository/ws.php b/repository/ws.php
index 301aaaa7764f998f418cb9afd3afc107f85dc57a..200d11a51c9b07a17a85cde4283fedbe93d716e6 100644 (file)
--- a/repository/ws.php
+++ b/repository/ws.php
@@ -35,6 +35,12 @@ if(!$repository = $DB->get_record_sql($sql)) {
     $type = $repository->type;
 }
 
+if (!repository_check_context($ctx_id)) {
+    $err = new stdclass;
+    $err->e = get_string('nopermissiontoaccess', 'repository');
+    die(json_encode($err));
+}
+
 if(file_exists($CFG->dirroot.'/repository/'.
     $type.'/repository.class.php'))
 {
Unnamed repository; edit this file to name it for gitweb.