Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-61276

Upload File to user draft area of another user with the WS Function core_files_upload



    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.4.1
    • Fix Version/s: None
    • Component/s: Files API, Web Services
    • Labels:
    • Affected Branches:


      I want to use the Webservice Function for Upload a File for different user.I tried this with this example, Rest API and the simpleserver.php
      Authentication with wsusername and wspassword.

      $fileinfo = array(
          'contextid' => 0, 
          'component' => 'user', 
          'filearea' => 'draft', 
          'itemid' => 0, 
          'filepath' => '/',
          'filename' => 'sample.txt',
          'filecontent' => base64_encode("Hello World!"), 
          'contextlevel' => 'user',
          'instanceid' => $userid,

      The Upload on files/externallib.php works and the file is on a temporary directory, but they exit (throw new moodle_exception('nofile'); ) - method upload

      // Move file to filepool. if ($dir = $browser->get_file_info($context, $component, $filearea, $itemid, $filepath, '.'))
      $dir is NULL


      My output from the variables context, component, filearea, itemid and filepath

      Context: object(context_user)#236 (5) {

      ["_id":protected]=> int(5)
      ["_contextlevel":protected]=> int(30)
      ["_instanceid":protected]=> string(1) "2"
      ["_path":protected]=> string(4) "/1/5"
      ["_depth":protected]=> string(1) "2" }

      Component: string(4) "user"

      Filearea: string(5) "draft"

      Itemid: int(176260806)

      Filepath: string(1) "/"

      I found a Problem at the file lib/filebrowser/file_info_context_user.php
      There is a check on Line 183

              // access control: only my files
              if ($this->user->id != $USER->id) {
                  return null;

      $this->user->id is the ID from the specified User (5) and $USER->id is the Webservice User.

      I hope someone can fix it.
      There are a lot of Forum Posts about this Error, but no one has a solution.
      All Examples used the webservice/upload.php with a Token - and this is not possible for our project.




            • Votes:
              8 Vote for this issue
              11 Start watching this issue


              • Created: