Commit 787ec240 authored by Marina Glancy's avatar Marina Glancy Committed by Damyon Wiese
Browse files

MDL-53772 inplace_editable: set context in callbacks

parent 56fa860e
...@@ -61,6 +61,7 @@ class cohortidnumber extends \core\output\inplace_editable { ...@@ -61,6 +61,7 @@ class cohortidnumber extends \core\output\inplace_editable {
global $DB; global $DB;
$cohort = $DB->get_record('cohort', array('id' => $cohortid), '*', MUST_EXIST); $cohort = $DB->get_record('cohort', array('id' => $cohortid), '*', MUST_EXIST);
$cohortcontext = \context::instance_by_id($cohort->contextid); $cohortcontext = \context::instance_by_id($cohort->contextid);
\external_api::validate_context($cohortcontext);
require_capability('moodle/cohort:manage', $cohortcontext); require_capability('moodle/cohort:manage', $cohortcontext);
$record = (object)array('id' => $cohort->id, 'idnumber' => $newvalue, 'contextid' => $cohort->contextid); $record = (object)array('id' => $cohort->id, 'idnumber' => $newvalue, 'contextid' => $cohort->contextid);
cohort_update_cohort($record); cohort_update_cohort($record);
......
...@@ -61,6 +61,7 @@ class cohortname extends \core\output\inplace_editable { ...@@ -61,6 +61,7 @@ class cohortname extends \core\output\inplace_editable {
global $DB; global $DB;
$cohort = $DB->get_record('cohort', array('id' => $cohortid), '*', MUST_EXIST); $cohort = $DB->get_record('cohort', array('id' => $cohortid), '*', MUST_EXIST);
$cohortcontext = \context::instance_by_id($cohort->contextid); $cohortcontext = \context::instance_by_id($cohort->contextid);
\external_api::validate_context($cohortcontext);
require_capability('moodle/cohort:manage', $cohortcontext); require_capability('moodle/cohort:manage', $cohortcontext);
$newvalue = clean_param($newvalue, PARAM_TEXT); $newvalue = clean_param($newvalue, PARAM_TEXT);
if (strval($newvalue) !== '') { if (strval($newvalue) !== '') {
......
...@@ -86,15 +86,15 @@ class course_module_name extends \core\output\inplace_editable { ...@@ -86,15 +86,15 @@ class course_module_name extends \core\output\inplace_editable {
* @return static * @return static
*/ */
public static function update($itemid, $newvalue) { public static function update($itemid, $newvalue) {
list($course, $cm) = get_course_and_cm_from_cmid($itemid); global $PAGE;
$context = context_module::instance($cm->id); $context = context_module::instance($itemid);
// Check access. // Check access.
require_login($course, false, $cm, true, true); \external_api::validate_context($context);
require_capability('moodle/course:manageactivities', $context); require_capability('moodle/course:manageactivities', $context);
// Update value. // Update value.
set_coursemodule_name($cm->id, $newvalue); set_coursemodule_name($PAGE->cm->id, $newvalue);
// Return instance. // Return instance.
$cm = get_fast_modinfo($course)->get_cm($cm->id); $cm = get_fast_modinfo($PAGE->course)->get_cm($PAGE->cm->id);
return new static($cm, true); return new static($cm, true);
} }
} }
...@@ -1089,8 +1089,8 @@ abstract class format_base { ...@@ -1089,8 +1089,8 @@ abstract class format_base {
*/ */
public function inplace_editable_update_section_name($section, $itemtype, $newvalue) { public function inplace_editable_update_section_name($section, $itemtype, $newvalue) {
if ($itemtype === 'sectionname' || $itemtype === 'sectionnamenl') { if ($itemtype === 'sectionname' || $itemtype === 'sectionnamenl') {
require_login($section->course, false, null, true, true);
$context = context_course::instance($section->course); $context = context_course::instance($section->course);
external_api::validate_context($context);
require_capability('moodle/course:update', $context); require_capability('moodle/course:update', $context);
$newtitle = clean_param($newvalue, PARAM_TEXT); $newtitle = clean_param($newvalue, PARAM_TEXT);
......
...@@ -386,7 +386,6 @@ class core_external extends external_api { ...@@ -386,7 +386,6 @@ class core_external extends external_api {
if (!$tmpl || !($tmpl instanceof \core\output\inplace_editable)) { if (!$tmpl || !($tmpl instanceof \core\output\inplace_editable)) {
throw new \moodle_exception('inplaceeditableerror'); throw new \moodle_exception('inplaceeditableerror');
} }
$PAGE->set_context(null); // To prevent warning if context was not set in the callback.
return $tmpl->export_for_template($PAGE->get_renderer('core')); return $tmpl->export_for_template($PAGE->get_renderer('core'));
} }
......
...@@ -302,7 +302,6 @@ class core_tag_external extends external_api { ...@@ -302,7 +302,6 @@ class core_tag_external extends external_api {
$context = $params['ctx'] ? context::instance_by_id($params['ctx']) : context_system::instance(); $context = $params['ctx'] ? context::instance_by_id($params['ctx']) : context_system::instance();
require_login(null, false, null, false, true); require_login(null, false, null, false, true);
self::validate_context($context); self::validate_context($context);
$PAGE->set_context(null);
$tag = core_tag_tag::get_by_name($params['tc'], $params['tag'], '*', MUST_EXIST); $tag = core_tag_tag::get_by_name($params['tc'], $params['tag'], '*', MUST_EXIST);
$tagareas = core_tag_collection::get_areas($params['tc']); $tagareas = core_tag_collection::get_areas($params['tc']);
......
...@@ -50,6 +50,7 @@ function tag_page_type_list($pagetype, $parentcontext, $currentcontext) { ...@@ -50,6 +50,7 @@ function tag_page_type_list($pagetype, $parentcontext, $currentcontext) {
* @return \core\output\inplace_editable * @return \core\output\inplace_editable
*/ */
function core_tag_inplace_editable($itemtype, $itemid, $newvalue) { function core_tag_inplace_editable($itemtype, $itemid, $newvalue) {
\external_api::validate_context(context_system::instance());
if ($itemtype === 'tagname') { if ($itemtype === 'tagname') {
return \core_tag\output\tagname::update($itemid, $newvalue); return \core_tag\output\tagname::update($itemid, $newvalue);
} else if ($itemtype === 'tagareaenable') { } else if ($itemtype === 'tagareaenable') {
......
...@@ -157,6 +157,7 @@ class core_tag_external_testcase extends externallib_advanced_testcase { ...@@ -157,6 +157,7 @@ class core_tag_external_testcase extends externallib_advanced_testcase {
$this->resetAfterTest(true); $this->resetAfterTest(true);
$tag = $this->getDataGenerator()->create_tag(); $tag = $this->getDataGenerator()->create_tag();
$this->setUser($this->getDataGenerator()->create_user());
// Call service for core_tag component without necessary permissions. // Call service for core_tag component without necessary permissions.
try { try {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment