MDL-68974 blocks: Check permission before generating content

diff --git a/calendar/lib.php b/calendar/lib.php
index 541f1b2..9195b28 100644 (file)
--- a/calendar/lib.php
+++ b/calendar/lib.php
@@ -1281,6 +1281,9 @@ class calendar_information {
      * @param string|null $view preference view options (eg: day, month, upcoming)
      */
     public function add_sidecalendar_blocks(core_calendar_renderer $renderer, $showfilters=false, $view=null) {
+        if (!has_capability('moodle/block:view', $this->context) ) {
+            return;
+        }
         if ($showfilters) {
             $filters = new block_contents();
             $filters->content = $renderer->event_filter();

diff --git a/lib/blocklib.php b/lib/blocklib.php
index 60a3335..0ca4559 100644 (file)
--- a/lib/blocklib.php
+++ b/lib/blocklib.php
@@ -1225,6 +1225,12 @@ class block_manager {
      */
     public function ensure_content_created($region, $output) {
         $this->ensure_instances_exist($region);
+
+        if (!has_capability('moodle/block:view', $this->page->context) ) {
+            $this->visibleblockcontent[$region] = [];
+            return;
+        }
+
         if (!array_key_exists($region, $this->visibleblockcontent)) {
             $contents = array();
             if (array_key_exists($region, $this->extracontent)) {