MDL-37852 repository: Prevent user from deleting a site-wide instance
This commit is contained in:
committed by
Damyon Wiese
parent
a28da5d9b8
commit
103efbc271
@@ -106,6 +106,14 @@ if (!empty($new)){
|
||||
$type = repository::get_type_by_id($instance->options['typeid']);
|
||||
}
|
||||
|
||||
// The context passed MUST match the context of the repository. And as both have to be
|
||||
// similar, this also ensures that the context is either a user one, or a course one.
|
||||
if (!empty($instance)) {
|
||||
if ($instance->instance->contextid != $context->id) {
|
||||
print_error('invalidcontext');
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($type)) {
|
||||
if (!$type->get_visible()) {
|
||||
print_error('typenotvisible', 'repository', $baseurl);
|
||||
@@ -150,11 +158,6 @@ if (!empty($edit) || !empty($new)) {
|
||||
if ($instance->readonly) {
|
||||
throw new repository_exception('readonlyinstance', 'repository');
|
||||
}
|
||||
// System instances settings should not be accessible here.
|
||||
$repocontext = context::instance_by_id($instance->instance->contextid);
|
||||
if ($repocontext->contextlevel == CONTEXT_SYSTEM) {
|
||||
throw new repository_exception('nopermissiontoaccess', 'repository');
|
||||
}
|
||||
// Check if we can read the content of the repository, if not exception is thrown.
|
||||
repository::check_capability($context->id, $instance);
|
||||
$instancetype = repository::get_type_by_id($instance->options['typeid']);
|
||||
@@ -213,6 +216,8 @@ if (!empty($edit) || !empty($new)) {
|
||||
if ($instance->readonly) {
|
||||
throw new repository_exception('readonlyinstance', 'repository');
|
||||
}
|
||||
// Check if we can read the content of the repository, if not exception is thrown.
|
||||
repository::check_capability($context->id, $instance);
|
||||
if ($sure) {
|
||||
if (!confirm_sesskey()) {
|
||||
print_error('confirmsesskeybad', '', $baseurl);
|
||||
|
||||
Reference in New Issue
Block a user