Skip to content
Snippets Groups Projects
Commit 48dcb499 authored by Ron Lucke's avatar Ron Lucke Committed by Elmar Ludwig
Browse files

fix #2844 

Closes #2844

Merge request studip/studip!2006
parent 1403583c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/classes/JsonApi/Routes/Courseware/Authority.php
+ 4
0
View file @ 48dcb499
...@@ -549,5 +549,9 @@ class Authority ...@@ -549,5 +549,9 @@ class Authority
return self::canIndexClipboardsOfAUser($request_user, $user); return self::canIndexClipboardsOfAUser($request_user, $user);
} }
public static function canInsertFromClipboard(User $user, Clipboard $resource)
{
return $resource->user_id === $user->id;
}
} }
lib/classes/JsonApi/Routes/Courseware/ClipboardsInsert.php
+ 5
0
View file @ 48dcb499
...@@ -35,6 +35,11 @@ class ClipboardsInsert extends NonJsonApiController ...@@ -35,6 +35,11 @@ class ClipboardsInsert extends NonJsonApiController
} }
$user = $this->getUser($request); $user = $this->getUser($request);
if (!Authority::canInsertFromClipboard($user, $clipboard)) {
throw new AuthorizationFailedException();
}
$backup = json_decode($clipboard->backup); $backup = json_decode($clipboard->backup);
if ($clipboard->object_type === 'courseware-blocks') { if ($clipboard->object_type === 'courseware-blocks') {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment