Uploaded image for project: 'Plugins'
  1. Plugins
  2. CONTRIB-5017

View access permission not checked in the Dataform view block and resource.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.6.2
    • Fix Version/s: 2.6.3
    • Component/s: Set: Dataform
    • Labels:
      None
    • Affected Branches:
      MOODLE_26_STABLE
    • Fixed Branches:
      MOODLE_26_STABLE

      Description

      View access permission not checked in the Dataform view block and resource.

      Possible solution:
      In mod_dataform_dataform::get_content_inline and mod_dataform_dataform::get_content_embedded check that the requested view id exists in the views menu which should contain only views the user can access.

              // Make sure user can access the view
              if (!array_key_exists($viewid, $viewman->views_menu)) {
                  return null;
              }
      

        Attachments

          Activity

            People

            • Assignee:
              itamart Itamar Tzadok
              Reporter:
              itamart Itamar Tzadok
              Tester:
              Itamar Tzadok
              Participants:
              Component watchers:
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                12/May/14