$h5p = false;
}
- if (!$h5p) {
- // The H5P content hasn't been deployed previously. It has to be validated and stored before displaying it.
- return $this->save_h5p($file, $config);
- } else {
+ if ($h5p) {
// The H5P content has been deployed previously.
$displayoptions = $this->get_display_options($config);
// Check if the user can set the displayoptions.
$this->core->h5pF->updateContentFields($h5p->id, ['displayoptions' => $displayoptions]);
}
return $h5p->id;
+ } else {
+ // The H5P content hasn't been deployed previously.
+
+ // Check if the user uploading the H5P content is "trustable". If the file hasn't been uploaded by a user with this
+ // capability, the content won't be deployed and an error message will be displayed.
+ if (!has_capability('moodle/h5p:deploy', $this->context, $file->get_userid())) {
+ $this->core->h5pF->setErrorMessage(get_string('nopermissiontodeploy', 'core_h5p'));
+ return false;
+ }
+
+ // Validate and store the H5P content before displaying it.
+ return $this->save_h5p($file, $config);
}
}
$string['missinguploadpermissions'] = 'Note that the libraries may exist in the file you uploaded, but you\'re not allowed to upload new libraries. Contact the site administrator about this.';
$string['nocopyright'] = 'No copyright information available for this content.';
$string['noextension'] = 'The file you uploaded is not a valid HTML5 Package (It does not have the .h5p file extension)';
+$string['nopermissiontodeploy'] = 'This file can\'t be displayed because it has been uploaded by a user without the required capability to deploy H5P content.';
$string['nojson'] = 'The main h5p.json file is not valid';
$string['nounzip'] = 'The file you uploaded is not a valid HTML5 Package (We are unable to unzip it)';
$string['offlineDialogBody'] = 'We were unable to send information about your completion of this task. Please check your internet connection.';
$string['grade:view'] = 'View own grades';
$string['grade:viewall'] = 'View grades of other users';
$string['grade:viewhidden'] = 'View hidden grades for owner';
+$string['h5p:deploy'] = 'Allow to deploy H5P content';
$string['h5p:setdisplayoptions'] = 'Set the display options to an H5P content';
$string['highlightedcellsshowdefault'] = 'The permissions highlighted in the table below are the defaults for the role archetype currently selected above.';
$string['highlightedcellsshowinherit'] = 'The highlighted cells in the table below show the permission (if any) that will be inherited. Apart from the capabilities whose permission you actually want to alter, you should leave everything set to Inherit.';
'editingteacher' => CAP_ALLOW,
)
),
+
+ // Allow to deploy H5P content.
+ 'moodle/h5p:deploy' => array(
+ 'riskbitmask' => RISK_XSS,
+ 'captype' => 'write',
+ 'contextlevel' => CONTEXT_MODULE,
+ 'archetypes' => array(
+ 'manager' => CAP_ALLOW,
+ 'editingteacher' => CAP_ALLOW,
+ )
+ ),
);
defined('MOODLE_INTERNAL') || die();
-$version = 2019102500.02; // YYYYMMDD = weekly release date of this DEV branch.
+$version = 2019102500.03; // YYYYMMDD = weekly release date of this DEV branch.
// RR = release increments - 00 in DEV branches.
// .XX = incremental changes.