Uploaded image for project: 'Plugins'
  1. Plugins
  2. CONTRIB-5017

View access permission not checked in the Dataform view block and resource.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.6.2
    • Fix Version/s: 2.6.3
    • Component/s: Set: Dataform
    • Labels:
      None
    • Affected Branches:
      MOODLE_26_STABLE
    • Fixed Branches:
      MOODLE_26_STABLE

      Description

      View access permission not checked in the Dataform view block and resource.

      Possible solution:
      In mod_dataform_dataform::get_content_inline and mod_dataform_dataform::get_content_embedded check that the requested view id exists in the views menu which should contain only views the user can access.

              // Make sure user can access the view
              if (!array_key_exists($viewid, $viewman->views_menu)) {
                  return null;
              }
      

        Attachments

          Activity

            People

            Assignee:
            itamart Itamar Tzadok
            Reporter:
            itamart Itamar Tzadok
            Tester:
            Itamar Tzadok
            Participants:
            Component watchers:
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              12/May/14