From d575afb8362aff32506d3a96623528d57a2322ee Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Tue, 28 Aug 2007 21:57:34 +0000
Subject: [PATCH] MDL-11027 user key manager for grade exports - adding
 forgotten ownership test

---
 grade/export/key.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/grade/export/key.php b/grade/export/key.php
index 659f88a065..a65fef8cec 100644
--- a/grade/export/key.php
+++ b/grade/export/key.php
@@ -37,6 +37,11 @@ require_login($course);
 $context = get_context_instance(CONTEXT_COURSE, $course->id);
 require_capability('moodle/grade:export', $context);
 
+// extra security check
+if (!empty($key->userid) and $USER->id != $key->userid) {
+    error('You are not owner of this key');
+}
+
 $returnurl = $CFG->wwwroot.'/grade/export/keymanager.php?id='.$course->id;
 
 if ($id and $delete) {
-- 
2.39.5