MDL-21655 improved access control

diff --git a/admin/roles/override.php b/admin/roles/override.php
index 924fe63..3a58eda 100755 (executable)
--- a/admin/roles/override.php
+++ b/admin/roles/override.php
@@ -30,13 +30,7 @@ require_once("$CFG->dirroot/$CFG->admin/roles/lib.php");
 $contextid = required_param('contextid', PARAM_INT);   // context id
 $roleid    = required_param('roleid', PARAM_INT);   // requested role id
 
-// security first
 list($context, $course, $cm) = get_context_info_array($contextid);
-require_login($course, false, $cm);
-$safeoverridesonly = !has_capability('moodle/role:override', $context);
-if ($safeoverridesonly) {
-    require_capability('moodle/role:safeoverride', $context);
-}
 
 $PAGE->set_url('/admin/roles/override.php', array('contextid' => $contextid, 'roleid' => $roleid));
 $PAGE->set_context($context);
@@ -59,6 +53,13 @@ if ($course) {
     }
 }
 
+// security first
+require_login($course, false, $cm);
+$safeoverridesonly = !has_capability('moodle/role:override', $context);
+if ($safeoverridesonly) {
+    require_capability('moodle/role:safeoverride', $context);
+}
+
 $courseid = $course->id;
 
 $baseurl = $PAGE->url->out();

diff --git a/admin/roles/permissions.php b/admin/roles/permissions.php
index 22c6438..062a164 100644 (file)
--- a/admin/roles/permissions.php
+++ b/admin/roles/permissions.php
@@ -38,10 +38,7 @@ $allow      = optional_param('allow', 0, PARAM_BOOL);
 $unprohibit = optional_param('unprohibit', 0, PARAM_BOOL);
 $prohibit   = optional_param('prohibit', 0, PARAM_BOOL);
 
-// security first
 list($context, $course, $cm) = get_context_info_array($contextid);
-require_login($course, false, $cm);
-require_capability('moodle/role:review', $context);
 
 $PAGE->set_url('/admin/roles/permissions.php', array('contextid' => $contextid));
 $PAGE->set_context($context);
@@ -64,6 +61,10 @@ if ($course) {
     }
 }
 
+// security first
+require_login($course, false, $cm);
+require_capability('moodle/role:review', $context);
+
 $courseid = $course->id;