manage roles: MDL-8313 fix bugs with safe overrides.

admin/roles/lib.php

@@ -818,7 +818,7 @@ class override_permissions_table_advanced extends capability_table_with_risks {
     /// Determine which capabilities should be locked.
         if ($safeoverridesonly) {
             foreach ($this->capabilities as $capid => $cap) {
-                if (!is_safe_capability($capability)) {
+                if (!is_safe_capability($cap)) {
                     $this->capabilities[$capid]->locked = true;
                     $this->haslockedcapabiltites = true;
                 }

admin/roles/override.php

@@ -98,8 +98,8 @@
 
 /// Make sure this user can override that role
     if ($roleid && !isset($overridableroles[$roleid])) {
-        $a = stdClass;
-        $a->role = $roleid;
+        $a = new stdClass;
+        $a->roleid = $roleid;
         $a->context = $contextname;
         print_error('cannotoverriderolehere', '', get_context_url($context), $a);
     }

lib/accesslib.php

@@ -1954,10 +1954,9 @@ function is_legacy($capabilityname) {
  *      safeoverrides capability should be allowed to change it.
  */
 function is_safe_capability($capability) {
-    return (RISK_DATALOSS | RISK_MANAGETRUST | RISK_CONFIG | RISK_XSS | RISK_PERSONAL) & $capability->riskbitmask;
+    return !((RISK_DATALOSS | RISK_MANAGETRUST | RISK_CONFIG | RISK_XSS | RISK_PERSONAL) & $capability->riskbitmask);
 }
 
-
 /**********************************
  * Context Manipulation functions *
  **********************************/