Home
Documentation
Downloads
Demo
Tracker
Development
Translation
Moodle.net
Search
projects
/
moodle.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
877a3f7
)
MDL-69093 enrol_manual: added check for allowed roles a user can assign
author
Víctor Déniz Falcón
<victor@moodle.com>
Wed, 1 Jul 2020 08:37:46 +0000
(09:37 +0100)
committer
Jenkins
<jenkins@worker08.test.in.moodle.com>
Tue, 7 Jul 2020 06:32:39 +0000
(08:32 +0200)
enrol/manual/ajax.php
patch
|
blob
|
blame
|
history
diff --git
a/enrol/manual/ajax.php
b/enrol/manual/ajax.php
index
29cb40e
..
22ccef2
100644
(file)
--- a/
enrol/manual/ajax.php
+++ b/
enrol/manual/ajax.php
@@
-100,6
+100,13
@@
switch ($action) {
if (empty($roleid)) {
$roleid = null;
+ } else {
+ if (!has_capability('moodle/role:assign', $context)) {
+ throw new enrol_ajax_exception('assignnotpermitted');
+ }
+ if (!array_key_exists($roleid, get_assignable_roles($context, ROLENAME_ALIAS, false))) {
+ throw new enrol_ajax_exception('invalidrole');
+ }
}
if (empty($startdate)) {