MDL-68974 blocks: Check permission before generating content
authorAndrew Nicols <andrew@nicols.co.uk>
Mon, 10 Aug 2020 02:08:17 +0000 (10:08 +0800)
committerJenkins <jenkins@worker08.test.in.moodle.com>
Tue, 8 Sep 2020 06:54:26 +0000 (08:54 +0200)
calendar/lib.php
lib/blocklib.php

index 541f1b2..9195b28 100644 (file)
@@ -1281,6 +1281,9 @@ class calendar_information {
      * @param string|null $view preference view options (eg: day, month, upcoming)
      */
     public function add_sidecalendar_blocks(core_calendar_renderer $renderer, $showfilters=false, $view=null) {
+        if (!has_capability('moodle/block:view', $this->context) ) {
+            return;
+        }
         if ($showfilters) {
             $filters = new block_contents();
             $filters->content = $renderer->event_filter();
index 60a3335..0ca4559 100644 (file)
@@ -1225,6 +1225,12 @@ class block_manager {
      */
     public function ensure_content_created($region, $output) {
         $this->ensure_instances_exist($region);
+
+        if (!has_capability('moodle/block:view', $this->page->context) ) {
+            $this->visibleblockcontent[$region] = [];
+            return;
+        }
+
         if (!array_key_exists($region, $this->visibleblockcontent)) {
             $contents = array();
             if (array_key_exists($region, $this->extracontent)) {