MDL-47190 Ensure badges cannot be awarded without a role

Signed-off-by: Yuliya Bozhko <yuliya.bozhko@totaralms.com>

diff --git a/badges/award.php b/badges/award.php
index e288fe2..f60bf39 100644 (file)
--- a/badges/award.php
+++ b/badges/award.php
@@ -81,6 +81,14 @@ $output = $PAGE->get_renderer('core', 'badges');
 // Roles that can award this badge.
 $acceptedroles = array_keys($badge->criteria[BADGE_CRITERIA_TYPE_MANUAL]->params);
 
+if (empty($acceptedroles)) {
+    echo $OUTPUT->header();
+    $return = html_writer::link(new moodle_url('recipients.php', array('id' => $badge->id)), $strrecipients);
+    echo $OUTPUT->notification(get_string('notacceptedrole', 'badges', $return));
+    echo $OUTPUT->footer();
+    die();
+}
+
 if (count($acceptedroles) > 1) {
     // If there is more than one role that can award a badge, prompt user to make a selection.
     // If it is an admin, include all accepted roles, otherwise only the ones that current user has in this context.

diff --git a/badges/criteria/award_criteria_manual.php b/badges/criteria/award_criteria_manual.php
index 616ba97..fd0ad2e 100644 (file)
--- a/badges/criteria/award_criteria_manual.php
+++ b/badges/criteria/award_criteria_manual.php
@@ -150,6 +150,11 @@ class award_criteria_manual extends award_criteria {
     public function review($userid, $filtered = false) {
         global $DB;
 
+        // Roles should always have a parameter.
+        if (empty($this->params)) {
+            return false;
+        }
+
         // Users were already filtered by criteria completion.
         if ($filtered) {
             return true;