MDL-60548 profile: Show profile email when 'maildisplay' allows it.

Adds 'email' to hiddenuserfields, which allows:
 * user to view email on their own profile,
 * users with cap site:viewuseridentity to view email on any profile (admins/teachers)
 * admin to veto display of email to users without site:viewuseridentity (except viewing their own)
 * unprivileged users to view if the profile's maildisplay permits it.

Changes in user/lib.php include removal of is_siteadmin() test, which
is redundant due to checks via has_capability().

Fixes regression from 2.9 (MDL-45774).

admin/settings/users.php

@@ -150,6 +150,7 @@ if ($hassiteconfig
         $temp->add(new admin_setting_configmultiselect('hiddenuserfields', new lang_string('hiddenuserfields', 'admin'),
                    new lang_string('confighiddenuserfields', 'admin'), array(),
                        array('description' => new lang_string('description'),
+                             'email' => new lang_string('email'),
                              'city' => new lang_string('city'),
                              'country' => new lang_string('country'),
                              'timezone' => new lang_string('timezone'),

lib/myprofilelib.php

@@ -127,7 +127,8 @@ function core_myprofile_navigation(core_user\output\myprofile\tree $tree, $user,
     } else {
         $hiddenfields = array_flip(explode(',', $CFG->hiddenuserfields));
     }
-    if (has_capability('moodle/site:viewuseridentity', $courseorusercontext)) {
+    $canviewuseridentity = has_capability('moodle/site:viewuseridentity', $courseorusercontext);
+    if ($canviewuseridentity) {
         $identityfields = array_flip(explode(',', $CFG->showuseridentity));
     } else {
         $identityfields = array();
@@ -151,11 +152,14 @@ function core_myprofile_navigation(core_user\output\myprofile\tree $tree, $user,
         $tree->add_node($node);
     }
 
-    if (isset($identityfields['email']) and ($iscurrentuser
+    if ($iscurrentuser
-                                             or $user->maildisplay == 1
+        or (!isset($hiddenfields['email']) and (
-                                             or has_capability('moodle/course:useremail', $courseorusercontext)
+            $user->maildisplay == core_user::MAILDISPLAY_EVERYONE
-                                             or has_capability('moodle/site:viewuseridentity', $courseorusercontext)
+            or ($user->maildisplay == core_user::MAILDISPLAY_COURSE_MEMBERS_ONLY and enrol_sharing_course($user, $USER))
-                                             or ($user->maildisplay == 2 and enrol_sharing_course($user, $USER)))) {
+            or has_capability('moodle/course:useremail', $courseorusercontext) // TODO: Deprecate/remove for MDL-37479.
+        ))
+        or (isset($identityfields['email']) and $canviewuseridentity)
+       ) {
         $node = new core_user\output\myprofile\node('contact', 'email', get_string('email'), null, null,
             obfuscate_mailto($user->email, ''));
         $tree->add_node($node);

user/lib.php

@@ -463,12 +463,15 @@ function user_get_user_details($user, $course = null, array $userfields = array(
         }
     }
 
-    if (in_array('email', $userfields) && ($isadmin // The admin is allowed the users email.
+    if (in_array('email', $userfields) && (
-      or $currentuser // Of course the current user is as well.
+            $currentuser
-      or $canviewuseremail  // This is a capability in course context, it will be false in usercontext.
+            or (!isset($hiddenfields['email']) and (
+                $user->maildisplay == core_user::MAILDISPLAY_EVERYONE
+                or ($user->maildisplay == core_user::MAILDISPLAY_COURSE_MEMBERS_ONLY and enrol_sharing_course($user, $USER))
+                or $canviewuseremail  // TODO: Deprecate/remove for MDL-37479.
+            ))
             or in_array('email', $showuseridentityfields)
-      or $user->maildisplay == 1
+       )) {
-      or ($user->maildisplay == 2 and enrol_sharing_course($user, $USER)))) {
         $userdetails['email'] = $user->email;
     }