MDL-69093 enrol_manual: added check for allowed roles a user can assign

author Víctor Déniz Falcón <victor@moodle.com>

Wed, 1 Jul 2020 08:37:46 +0000 (09:37 +0100)

committer Jenkins <jenkins@worker08.test.in.moodle.com>

Tue, 7 Jul 2020 06:32:39 +0000 (08:32 +0200)
author Víctor Déniz Falcón <victor@moodle.com>
Wed, 1 Jul 2020 08:37:46 +0000 (09:37 +0100)
committer Jenkins <jenkins@worker08.test.in.moodle.com>
Tue, 7 Jul 2020 06:32:39 +0000 (08:32 +0200)
diff --git a/enrol/manual/ajax.php b/enrol/manual/ajax.php

index 29cb40e..22ccef2 100644 (file)
--- a/enrol/manual/ajax.php
+++ b/enrol/manual/ajax.php
@@ -100,6 +100,13 @@ switch ($action) {
  
          if (empty($roleid)) {
              $roleid = null;
+        } else {
+            if (!has_capability('moodle/role:assign', $context)) {
+                throw new enrol_ajax_exception('assignnotpermitted');
+            }
+            if (!array_key_exists($roleid, get_assignable_roles($context, ROLENAME_ALIAS, false))) {
+                throw new enrol_ajax_exception('invalidrole');
+            }
          }
  
          if (empty($startdate)) {
author	Víctor Déniz Falcón <victor@moodle.com>
	Wed, 1 Jul 2020 08:37:46 +0000 (09:37 +0100)
committer	Jenkins <jenkins@worker08.test.in.moodle.com>
	Tue, 7 Jul 2020 06:32:39 +0000 (08:32 +0200)