From 092cb5856c0471d79e576e59c83b228c652bce2a Mon Sep 17 00:00:00 2001
From: Aaron Wells <aaronw@catalyst.net.nz>
Date: Tue, 8 Oct 2013 12:53:31 +1300
Subject: [PATCH] Image Gallery: Make sure the user has access to the selected
 folder

Bug 1236636

Change-Id: I69deb64a5113806ec89145c1213f6a1d10038d78
Signed-off-by: Aaron Wells <aaronw@catalyst.net.nz>
---
 htdocs/artefact/file/blocktype/gallery/lib.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/htdocs/artefact/file/blocktype/gallery/lib.php b/htdocs/artefact/file/blocktype/gallery/lib.php
index 714a783b8c..28ca09cec6 100644
--- a/htdocs/artefact/file/blocktype/gallery/lib.php
+++ b/htdocs/artefact/file/blocktype/gallery/lib.php
@@ -592,6 +592,15 @@ class PluginBlocktypeGallery extends PluginBlocktype {
                 }
             }
         }
+
+        if (!empty($values['folder'])) {
+            $folder = artefact_instance_from_id($values['folder']);
+            if (!($folder instanceof ArtefactTypeFolder) || !$USER->can_publish_artefact($folder)) {
+                $result['message'] = get_string('unrecoverableerror', 'error');
+                $form->set_error(null, $result['message']);
+                $form->reply(PIEFORM_ERR, $result);
+            }
+        }
     }
 
     public static function instance_config_save($values) {
-- 
GitLab