From 590088f118b38fc65cb133240054ed8a8ade330e Mon Sep 17 00:00:00 2001 From: Paul Holden Date: Wed, 30 Mar 2022 17:06:12 +0100 Subject: [PATCH] MDL-74344 comment: consistent capability check for accessing report. Co-authored-by: David Wipperfurth --- admin/settings/plugins.php | 5 ++++- comment/index.php | 3 --- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/admin/settings/plugins.php b/admin/settings/plugins.php index 21810412ad5..01ec1c0f756 100644 --- a/admin/settings/plugins.php +++ b/admin/settings/plugins.php @@ -492,7 +492,10 @@ if ($hassiteconfig && !empty($CFG->enableplagiarism)) { $plugin->load_settings($ADMIN, 'plagiarism', $hassiteconfig); } } -$ADMIN->add('reports', new admin_externalpage('comments', new lang_string('comments'), $CFG->wwwroot.'/comment/', 'moodle/site:viewreports')); + +// Comments report, note this page is really just a means to delete comments so check that. +$ADMIN->add('reports', new admin_externalpage('comments', new lang_string('comments'), $CFG->wwwroot . '/comment/index.php', + 'moodle/comment:delete')); // Course reports settings if ($hassiteconfig) { diff --git a/comment/index.php b/comment/index.php index 390b9deb045..77c383a9871 100644 --- a/comment/index.php +++ b/comment/index.php @@ -28,9 +28,6 @@ require_once($CFG->dirroot.'/comment/locallib.php'); admin_externalpage_setup('comments', '', null, '', array('pagelayout'=>'report')); -$context = context_system::instance(); -require_capability('moodle/comment:delete', $context); - $PAGE->requires->js_init_call('M.core_comment.init_admin', null, true); $action = optional_param('action', '', PARAM_ALPHA);