MDL-11027 user key manager for grade exports - adding forgotten ownership test

author skodak <skodak>

Tue, 28 Aug 2007 21:57:34 +0000 (21:57 +0000)

committer skodak <skodak>

Tue, 28 Aug 2007 21:57:34 +0000 (21:57 +0000)
author skodak <skodak>
Tue, 28 Aug 2007 21:57:34 +0000 (21:57 +0000)
committer skodak <skodak>
Tue, 28 Aug 2007 21:57:34 +0000 (21:57 +0000)
diff --git a/grade/export/key.php b/grade/export/key.php

index 659f88a065838b09fa4383b44ee2ec2152b0ee06..a65fef8cecfdca5690d14786c2493cb302b488b0 100644 (file)
--- a/grade/export/key.php
+++ b/grade/export/key.php
@@ -37,6 +37,11 @@ require_login($course);
  $context = get_context_instance(CONTEXT_COURSE, $course->id);
  require_capability('moodle/grade:export', $context);
  
+// extra security check
+if (!empty($key->userid) and $USER->id != $key->userid) {
+    error('You are not owner of this key');
+}
+
  $returnurl = $CFG->wwwroot.'/grade/export/keymanager.php?id='.$course->id;
  
  if ($id and $delete) {