MDL-13000 Adding support for developers to add their own capabilities to local/db/access.php
This relies on a local/ language pack as well for the capability names.
Notes on implementation are in lib/locallib.php
More on MDL-11561 - fixed up path to local/ settings file to be more consistent,
added documentation in lib/locallib.php on how to create new local admin tree item
In the view pages I changed the container function call to a simple "echo 'div ...'" to avoid the custom_corners container overhead and page oddity.
In weblib I added "clearfix" handling to the function "print_box_start($classes ...". "clearfix" is handed over to the containing divs. This is a hack, but I didn't know how to handle it without rewriting too much areas.
This was a Google Summer of Code 2007 Project.
This introduces two new files, admin/cliupgrader.php and lib/installlib.php.
It also introduces a new PEAR library, Console_GetOpt. I have recieved permission from the upstream author to include this in GPL Moodle (essentially dual license it) - notes in lib/pear.
Most stuff that outputs html during install gets suppressed by the use of a constant.
Run the script like php admin/cliupgrade.php --help for info.
Note that this all uses strings from install/ rather than lang, so I have updated stringnames.txt accordingly and they'll all be broken until the cronjob that generates them runs.
With some subselect-outer-join poison-pill magic, when the we don't
want doanything users, we remove the roles that would grant such
dubious status.
Just a flick of the SQL muscle, actually.
After calling get_users_by_capability(), use
sort_by_roleassignment_authority() to mimic what older versions of
Moodle did.
Affects: get_teacher(), get_course_teachers()
MDL-12452
This will help us bridge the gap from olden-style order-by
user_teachers.id. From the phpdoc...
Will re-sort a $users results array (from get_users_by_capability(), usually)
based on a sorting policy. This is to support the odd practice of
sorting teachers by 'authority', where authority was "lowest id of the role
assignment".
Will execute 1 database query. Only suitable for small numbers of users, as it
uses an u.id IN() clause.
Notes about the sorting criteria.
As a default, we cannot rely on role.sortorder because then
admins/coursecreators will always win. That is why the sane
rule "is locality matters most", with sortorder as 2nd
consideration.
If you want role.sortorder, use the 'sortorder' policy, and
name explicitly what roles you want to cover. It's probably
a good idea to see what roles have the capabilities you want
(array_diff() them against roiles that have 'can-do-anything'
to weed out admin-ish roles. Or fetch a list of roles from
variables like $CFG->coursemanagers .
MDL-12452
get_users_by_capability() can no longer refer to properties of role
assignments or roles, as the capability aggregate is indirect.
Fixes:
get_teacher() - though the results will be poor, as we cannot provide
role.sortorder reliably
(used mainly by mod/workshop)
get_course_teachers() - which seems broken for a lot of situations as
its default parameters still refer to old tables.
MDL-12452
get_admins() and get_admin() were counting on
get_users_by_capability() returning a role-assignment id to pick the
"primary" admin account. With the get_users_by_capability() rewrite,
we no longer have an RA id to clearly blame for the capability.
So, rewrite get_admins() based on the known-good SQL used in
is_siteadmin().
MDL-12452
This fixes the handling of default roles as "tie breakers" for lower
RAs in conflict, and simplifies the code a lot.
The main loop in get_user_by_capability() runs a simpler state machine
that just collects role assignments (roleid and depth), and handles
pagination.
The complex part of the state machine has moved to
has_capability_from_rarc() which will walk the data structures
collected by get_user_by_capability() for each user.
Having all the complex state handling of $hascap there makes things a
lot easier for pagination and general sanity of
get_user_by_capability().
MDL-12452
we don't deal with RAs in the main SELECT -- we deal with _capabilities_
which is an entirely different matter ;-) -- so push the ra.hidden check
into the subselect.
Also, remove ra.hidden from the default list of fields. Hopefully no
callers are using ra.hidden -- if they are, they should be calling
something else, as this function deals with capabilities. So we might
need an audit of callers, to check that noone is expecting ra.hidden
to be there.
MDL-12452
With this commit, we can handle the complex cases with
- correct pagination, but not very efficient over large datasets
- mostly-correct application of the override rules
The structure of the code is fairly complex in that we want to do
it without holding all the recs in memory, so we use a small state
machine. We have to handle the complex override rules over 1 or 2
permissions (when $doanything is set) so it all ends up quite complex.
There is one known issue with this code, in cases where the default
role ends up as the decider between 2 conflicting RAs, we fail to
apply it. This will need a bit of reorg of how the loop works.
MDL-12452
The "simple" case SQL did not handle multiple enrolments for the same
user correctly -- it would generate multiple rows for those users,
incorrectly.
With this patch we move the join to RA to a subselect where DISTINCT
takes care of things.
MDL-12452
