moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 08:56:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-69672 core_contentbank: Check used context level

Browse source
This commit is contained in:
Amaia Anabitarte 2020-09-16 17:10:39 +02:00
parent 8b026809c5
commit 3490f29ad9
5 changed files with 31 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

14
contentbank/classes/contentbank.php
View file

@ -36,6 +36,10 @@ use context;
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/ */
class contentbank { class contentbank {
/** @var array All the context levels allowed in the content bank */
private const ALLOWED_CONTEXT_LEVELS = [CONTEXT_SYSTEM, CONTEXT_COURSECAT, CONTEXT_COURSE];
/** @var array Enabled content types. */ /** @var array Enabled content types. */
private $enabledcontenttypes = null; private $enabledcontenttypes = null;
@ -348,4 +352,14 @@ class contentbank {
$contentclass = "\\$record->contenttype\\content"; $contentclass = "\\$record->contenttype\\content";
return new $contentclass($record); return new $contentclass($record);
} }
/**
* Whether the context is allowed.
*
* @param context $context Context to check.
* @return bool
*/
public function is_context_allowed(context $context): bool {
return in_array($context->contextlevel, self::ALLOWED_CONTEXT_LEVELS);
}
} }

6
contentbank/edit.php
View file

@ -30,6 +30,12 @@ $contextid = required_param('contextid', PARAM_INT);
$pluginname = required_param('plugin', PARAM_PLUGIN); $pluginname = required_param('plugin', PARAM_PLUGIN);
$id = optional_param('id', null, PARAM_INT); $id = optional_param('id', null, PARAM_INT);
$context = context::instance_by_id($contextid, MUST_EXIST); $context = context::instance_by_id($contextid, MUST_EXIST);
$cb = new \core_contentbank\contentbank();
if (!$cb->is_context_allowed($context)) {
print_error('contextnotallowed', 'core_contentbank');
}
require_capability('moodle/contentbank:access', $context); require_capability('moodle/contentbank:access', $context);
$returnurl = new \moodle_url('/contentbank/view.php', ['id' => $id]); $returnurl = new \moodle_url('/contentbank/view.php', ['id' => $id]);

6
contentbank/index.php
View file

@ -30,6 +30,11 @@ $contextid = optional_param('contextid', \context_system::instance()->id, PAR
$search = optional_param('search', '', PARAM_CLEAN); $search = optional_param('search', '', PARAM_CLEAN);
$context = context::instance_by_id($contextid, MUST_EXIST); $context = context::instance_by_id($contextid, MUST_EXIST);
$cb = new \core_contentbank\contentbank();
if (!$cb->is_context_allowed($context)) {
print_error('contextnotallowed', 'core_contentbank');
}
require_capability('moodle/contentbank:access', $context); require_capability('moodle/contentbank:access', $context);
$statusmsg = optional_param('statusmsg', '', PARAM_ALPHANUMEXT); $statusmsg = optional_param('statusmsg', '', PARAM_ALPHANUMEXT);
@ -47,7 +52,6 @@ $PAGE->set_heading($title);
$PAGE->set_pagetype('contentbank'); $PAGE->set_pagetype('contentbank');
// Get all contents managed by active plugins where the user has permission to render them. // Get all contents managed by active plugins where the user has permission to render them.
$cb = new \core_contentbank\contentbank();
$contenttypes = []; $contenttypes = [];
$enabledcontenttypes = $cb->get_enabled_content_types(); $enabledcontenttypes = $cb->get_enabled_content_types();
foreach ($enabledcontenttypes as $contenttypename) { foreach ($enabledcontenttypes as $contenttypename) {

7
contentbank/upload.php
View file

@ -32,9 +32,12 @@ require_login();
$contextid = optional_param('contextid', \context_system::instance()->id, PARAM_INT); $contextid = optional_param('contextid', \context_system::instance()->id, PARAM_INT);
$context = context::instance_by_id($contextid, MUST_EXIST); $context = context::instance_by_id($contextid, MUST_EXIST);
require_capability('moodle/contentbank:upload', $context);
$cb = new \core_contentbank\contentbank(); $cb = new \core_contentbank\contentbank();
if (!$cb->is_context_allowed($context)) {
print_error('contextnotallowed', 'core_contentbank');
}
require_capability('moodle/contentbank:upload', $context);
$id = optional_param('id', null, PARAM_INT); $id = optional_param('id', null, PARAM_INT);
if ($id) { if ($id) {

1
lang/en/contentbank.php
View file

@ -33,6 +33,7 @@ $string['contentrenamed'] = 'The content has been renamed.';
$string['contentsmoved'] = 'Content bank contents moved to {$a}.'; $string['contentsmoved'] = 'Content bank contents moved to {$a}.';
$string['contenttypenoaccess'] = 'You cannot view this {$a} instance.'; $string['contenttypenoaccess'] = 'You cannot view this {$a} instance.';
$string['contenttypenoedit'] = 'You can not edit this content'; $string['contenttypenoedit'] = 'You can not edit this content';
$string['contextnotallowed'] = 'Context is not allowed';
$string['emptynamenotallowed'] = 'Empty name is not allowed'; $string['emptynamenotallowed'] = 'Empty name is not allowed';
$string['eventcontentcreated'] = 'Content created'; $string['eventcontentcreated'] = 'Content created';
$string['eventcontentdeleted'] = 'Content deleted'; $string['eventcontentdeleted'] = 'Content deleted';