]> git.mjollnir.org Git - moodle.git/commitdiff
projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ff96219)
MDL-13776 assignment attachment access now verified in module context; merged from...
authorskodak <skodak>
Sat, 5 Jul 2008 14:18:30 +0000 (14:18 +0000)
committerskodak <skodak>
Sat, 5 Jul 2008 14:18:30 +0000 (14:18 +0000)
file.php patch | blob | history

diff --git a/file.php b/file.php
index 6772374c076b82c87ceb0b185d28d14437737611..51cc06247e3472cebdfdf40f36f263ef25283d4b 100644 (file)
--- a/file.php
+++ b/file.php
@@ -106,10 +106,17 @@
         and (strtolower($args[2]) == 'assignment')) {
 
         $lifetime = 0;  // do not cache assignments, students may reupload them
-        if (!has_capability('mod/assignment:grade', get_context_instance(CONTEXT_COURSE, $course->id))
-          and $args[4] != $USER->id) {
-           print_error('nopermissions');
-        }
+        if ($args[4] == $USER->id) {
+            //can view own assignemnt submissions
+        } else {
+            $instance = (int)$args[3];
+            if (!$cm = get_coursemodule_from_instance('assignment', $instance, $course->id)) {
+                not_found($course->id);
+            }
+            if (!has_capability('mod/assignment:grade', get_context_instance(CONTEXT_MODULE, $cm->id))) {
+                print_error('nopermissions');
+            }
+        } 
     }
 
     // security: force download of all attachments submitted by students
Unnamed repository; edit this file to name it for gitweb.