MDL-35429 restore: fixed downloading of automated backup files

diff --git a/lib/filebrowser/file_info_context_course.php b/lib/filebrowser/file_info_context_course.php
index 3e9ffa3..7afca6c 100644 (file)
--- a/lib/filebrowser/file_info_context_course.php
+++ b/lib/filebrowser/file_info_context_course.php
@@ -338,7 +338,9 @@ class file_info_context_course extends file_info {
             }
         }
 
-        $downloadable = has_capability('moodle/site:config', $this->context);
+        // Automated backup files are only downloadable if the user has both 'backup:downloadfile and 'restore:userinfo'.
+        $downloadable = has_capability('moodle/backup:downloadfile', $this->context) &&
+                        has_capability('moodle/restore:userinfo', $this->context);
         $uploadable   = false;
 
         $urlbase = $CFG->wwwroot.'/pluginfile.php';

diff --git a/lib/filelib.php b/lib/filelib.php
index 05cac2d..6adebda 100644 (file)
--- a/lib/filelib.php
+++ b/lib/filelib.php
@@ -4623,7 +4623,8 @@ function file_pluginfile($relativepath, $forcedownload, $preview = null, $offlin
             // Backup files that were generated by the automated backup systems.
 
             require_login($course);
-            require_capability('moodle/site:config', $context);
+            require_capability('moodle/backup:downloadfile', $context);
+            require_capability('moodle/restore:userinfo', $context);
 
             $filename = array_pop($args);
             $filepath = $args ? '/'.implode('/', $args).'/' : '/';