MDL-22764, added capability check on view.php, edit.php requires managefiles capabili...

diff --git a/mod/folder/edit.php b/mod/folder/edit.php
index dd526d1..6fb7dd2 100644 (file)
--- a/mod/folder/edit.php
+++ b/mod/folder/edit.php
@@ -31,12 +31,12 @@ require_once("$CFG->dirroot/repository/lib.php");
 $id = required_param('id', PARAM_INT);  // Course module ID
 
 $cm = get_coursemodule_from_id('folder', $id, 0, false, MUST_EXIST);
+$context = get_context_instance(CONTEXT_MODULE, $cm->id);
 $folder = $DB->get_record('folder', array('id'=>$cm->instance), '*', MUST_EXIST);
-
 $course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
 
-require_course_login($course, true, $cm);
-$context = get_context_instance(CONTEXT_MODULE, $cm->id);
+require_login($course, true, $cm);
+require_capability('moodle/course:managefiles', $context);
 
 add_to_log($course->id, 'folder', 'edit', 'edit.php?id='.$cm->id, $folder->id, $cm->id);
 

diff --git a/mod/folder/view.php b/mod/folder/view.php
index 028b621..1c1d9a2 100644 (file)
--- a/mod/folder/view.php
+++ b/mod/folder/view.php
@@ -68,8 +68,10 @@ echo $OUTPUT->box_start('generalbox foldertree');
 echo $OUTPUT->area_file_tree_viewer($context->id, 'folder_content', 0);
 echo $OUTPUT->box_end();
 
-echo $OUTPUT->container_start('mdl-align');
-echo $OUTPUT->single_button(new moodle_url('/mod/folder/edit.php', array('id'=>$id)), get_string('edit'));
-echo $OUTPUT->container_end();
+if (has_capability('moodle/course:managefiles', $context)) {
+    echo $OUTPUT->container_start('mdl-align');
+    echo $OUTPUT->single_button(new moodle_url('/mod/folder/edit.php', array('id'=>$id)), get_string('edit'));
+    echo $OUTPUT->container_end();
+}
 
 echo $OUTPUT->footer();