Check user has edit permission on parent folder when uploading files

a37dd7e8 · Richard Mansfield · 4a2d44bd · a37dd7e8
Commit a37dd7e8 authored Feb 19, 2009 by Richard Mansfield
--- a/htdocs/artefact/file/upload.php
+++ b/htdocs/artefact/file/upload.php
@@ -50,32 +50,36 @@ $data->title = $title;
 $data->description = $description;
 $data->tags = $tags;
 $data->owner = null;
-if ($institution) {
-    $data->institution = $institution;
-} else if ($group) {
-    require_once(get_config('docroot') . 'artefact/lib.php');
-    require_once(get_config('libroot') . 'group.php');
-    if ($parentfolder && !$USER->can_edit_artefact(artefact_instance_from_id($parentfolder))) {
-        $result->error = 'local';
-        $result->message = get_string('cannoteditfolder', 'artefact.file');
-    } else if (!$parentfolder) {
-        $role = group_user_access($group);
-        if (!$role) {
-            $result->error = 'local';
-            $result->message = get_string('usernotingroup', 'mahara');
-        }
-        // Use default grouptype artefact permissions to check if the
-        // user can upload a file to the group's root directory
-        $permissions = group_get_default_artefact_permissions($group);
-        if (!$permissions[$role]->edit) {
-            $result->error = 'local';
-            $result->message = get_string('cannoteditfolder', 'artefact.file');
+
+require_once(get_config('docroot') . 'artefact/lib.php');
+if ($parentfolder && !$USER->can_edit_artefact(artefact_instance_from_id($parentfolder))) {
+    $result->error = 'local';
+    $result->message = get_string('cannoteditfolder', 'artefact.file');
+}
+else {
+    if ($institution) {
+        $data->institution = $institution;
+    } else if ($group) {
+        require_once(get_config('libroot') . 'group.php');
+        if (!$parentfolder) {
+            $role = group_user_access($group);
+            if (!$role) {
+                $result->error = 'local';
+                $result->message = get_string('usernotingroup', 'mahara');
+            }
+            // Use default grouptype artefact permissions to check if the
+            // user can upload a file to the group's root directory
+            $permissions = group_get_default_artefact_permissions($group);
+            if (!$permissions[$role]->edit) {
+                $result->error = 'local';
+                $result->message = get_string('cannoteditfolder', 'artefact.file');
+            }
        }
+        $data->group = $group;
+        $data->rolepermissions = (array) json_decode(param_variable('permissions'));
+    } else {
+        $data->owner = $USER->get('id');
    }
-    $data->group = $group;
-    $data->rolepermissions = (array) json_decode(param_variable('permissions'));
-} else {
-    $data->owner = $USER->get('id');
 }
 $data->container = 0;
 $data->locked = 0;