Only api_is_allowed_to_edit() users can create groups see BT#10948

jmontoyaa · jmontoyaa · commit 98bd509a528b · 2016-03-18T11:33:05.000+01:00
diff --git a/main/group/group_creation.php b/main/group/group_creation.php
@@ -15,8 +15,11 @@
 // Notice for unauthorized people.
 api_protect_course_script(true);
 
-/*	Create the groups */
+if (!api_is_allowed_to_edit(false, true)) {
+	api_not_allowed(true);
+}
 
+/*	Create the groups */
 if (isset($_POST['action'])) {
     switch ($_POST['action']) {
         case 'create_groups':
@@ -79,15 +82,8 @@
 $interbreadcrumb[] = array ('url' => 'group.php', 'name' => get_lang('Groups'));
 Display :: display_header($nameTools, 'Group');
 
-if (!api_is_allowed_to_edit(false, true)) {
-    api_not_allowed();
-}
-
-/*	MAIN TOOL CODE */
-
 /*	Show group-settings-form */
-
-elseif (isset($_POST['number_of_groups'])) {
+if (isset($_POST['number_of_groups'])) {
     if (!is_numeric($_POST['number_of_groups']) || intval($_POST['number_of_groups']) < 1) {
         Display :: display_error_message(get_lang('PleaseEnterValidNumber').'<br /><br /><a href="group_creation.php?'.api_get_cidreq().'">&laquo; '.get_lang('Back').'</a>', false);
     } else {
