Commit 787ec240 authored by Marina Glancy's avatar Marina Glancy Committed by Damyon Wiese
Browse files

MDL-53772 inplace_editable: set context in callbacks

parent 56fa860e
......@@ -61,6 +61,7 @@ class cohortidnumber extends \core\output\inplace_editable {
global $DB;
$cohort = $DB->get_record('cohort', array('id' => $cohortid), '*', MUST_EXIST);
$cohortcontext = \context::instance_by_id($cohort->contextid);
\external_api::validate_context($cohortcontext);
require_capability('moodle/cohort:manage', $cohortcontext);
$record = (object)array('id' => $cohort->id, 'idnumber' => $newvalue, 'contextid' => $cohort->contextid);
cohort_update_cohort($record);
......
......@@ -61,6 +61,7 @@ class cohortname extends \core\output\inplace_editable {
global $DB;
$cohort = $DB->get_record('cohort', array('id' => $cohortid), '*', MUST_EXIST);
$cohortcontext = \context::instance_by_id($cohort->contextid);
\external_api::validate_context($cohortcontext);
require_capability('moodle/cohort:manage', $cohortcontext);
$newvalue = clean_param($newvalue, PARAM_TEXT);
if (strval($newvalue) !== '') {
......
......@@ -86,15 +86,15 @@ class course_module_name extends \core\output\inplace_editable {
* @return static
*/
public static function update($itemid, $newvalue) {
list($course, $cm) = get_course_and_cm_from_cmid($itemid);
$context = context_module::instance($cm->id);
global $PAGE;
$context = context_module::instance($itemid);
// Check access.
require_login($course, false, $cm, true, true);
\external_api::validate_context($context);
require_capability('moodle/course:manageactivities', $context);
// Update value.
set_coursemodule_name($cm->id, $newvalue);
set_coursemodule_name($PAGE->cm->id, $newvalue);
// Return instance.
$cm = get_fast_modinfo($course)->get_cm($cm->id);
$cm = get_fast_modinfo($PAGE->course)->get_cm($PAGE->cm->id);
return new static($cm, true);
}
}
......@@ -1089,8 +1089,8 @@ abstract class format_base {
*/
public function inplace_editable_update_section_name($section, $itemtype, $newvalue) {
if ($itemtype === 'sectionname' || $itemtype === 'sectionnamenl') {
require_login($section->course, false, null, true, true);
$context = context_course::instance($section->course);
external_api::validate_context($context);
require_capability('moodle/course:update', $context);
$newtitle = clean_param($newvalue, PARAM_TEXT);
......
......@@ -386,7 +386,6 @@ class core_external extends external_api {
if (!$tmpl || !($tmpl instanceof \core\output\inplace_editable)) {
throw new \moodle_exception('inplaceeditableerror');
}
$PAGE->set_context(null); // To prevent warning if context was not set in the callback.
return $tmpl->export_for_template($PAGE->get_renderer('core'));
}
......
......@@ -302,7 +302,6 @@ class core_tag_external extends external_api {
$context = $params['ctx'] ? context::instance_by_id($params['ctx']) : context_system::instance();
require_login(null, false, null, false, true);
self::validate_context($context);
$PAGE->set_context(null);
$tag = core_tag_tag::get_by_name($params['tc'], $params['tag'], '*', MUST_EXIST);
$tagareas = core_tag_collection::get_areas($params['tc']);
......
......@@ -50,6 +50,7 @@ function tag_page_type_list($pagetype, $parentcontext, $currentcontext) {
* @return \core\output\inplace_editable
*/
function core_tag_inplace_editable($itemtype, $itemid, $newvalue) {
\external_api::validate_context(context_system::instance());
if ($itemtype === 'tagname') {
return \core_tag\output\tagname::update($itemid, $newvalue);
} else if ($itemtype === 'tagareaenable') {
......
......@@ -157,6 +157,7 @@ class core_tag_external_testcase extends externallib_advanced_testcase {
$this->resetAfterTest(true);
$tag = $this->getDataGenerator()->create_tag();
$this->setUser($this->getDataGenerator()->create_user());
// Call service for core_tag component without necessary permissions.
try {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment