Commit 87940642 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Check edit permission in blog owner pagination script (bug #771644)



Change-Id: If4eb9eebb778fbe12f800a4fb1d4edc8396aefcc
Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent 69301aa0
......@@ -36,6 +36,10 @@ $id = param_integer('id');
$limit = param_integer('limit', 5);
$offset = param_integer('offset', 0);
if (!$USER->can_edit_artefact(new ArtefactTypeBlog($id))) {
json_reply(true, get_string('accessdenied', 'error'));
}
$posts = ArtefactTypeBlogPost::get_posts($id, $limit, $offset);
$template = 'artefact:blog:posts.tpl';
$pagination = array(
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment