The "simple" case SQL did not handle multiple enrolments for the same
user correctly -- it would generate multiple rows for those users,
incorrectly.
With this patch we move the join to RA to a subselect where DISTINCT
takes care of things.
MDL-12452
With this patch, get_user_by_capability() can handle the cases where
users have multiple role assignments to the same course, and PREVENTs
and PROHIBITs affect the rolecaps of this course.
Without stored procedures we cannot resolve this entirely on the
server side - so in the complex cases we do as much as we can on SQL,
and post-process the data on the PHP side, including SQL-style
pagination.
MDL-12452
This patch reorganises the conditions and field handling so
we can spot if this is a call we can resolve in a single SQL
query that we just pass back the results.
If there are any PREVENTs or PROHIBITs, we need to delve into
more involved stuff...
MDL-12452
cleanup_contexts() was not working on Oracle - mostly due to 2 SQL
syntax problems. So probably marginally working elsewhere.
- We should not use AS when naming table/subselect aliases - only
when referring to column aliases in the resultset
- level is a reserved word - oops! - so back to contextlevel
With this patch, we respect rdef locality when two roles
assignments in the same context have conflicting rdefs.
In that case, the most local rdef wins.
So RA locality still matters most. If you are a teacher
sitewide and a student in course X, student role trumps
teacher.
For a use case, see the discussion here
http://moodle.org/mod/forum/discuss.php?d=84472
Notes:
- If we wanted to have locality of RDEF trump everything
we can. A comment in this patch shows how.
- I don't know how to reproduce this in pure SQL.
And Also:
This patch also fixes a bug where if CAP_PROHIBIT was set
_and_ another role added to it in the same context, we would
add or substract 1 to CAP_PROHIBIT, and it would lose its magic.
And while at it, tighten the code to avoid casts. All the
ints are unambiguously ints.
... where it belongs ;-)
load_all_capabiloties() gets called at several points where we don't
want to be re-querying the enrolment backends. It needs to be called
before load_all_capabilities() and only by callers that are setting up
a logon session.
Those callers need to be calling complete_user_login() anyway, as they
need to set the Moodle cookie, log the logon action, etc. In fact,
those callers duplicate a lot of that code already.
The callers that don't duplicate code for the login are actually the
cases where the backend enrolment plugins should not be queried.
To be followed by callers cleanup...
* user_lastaccess deleted when deleting course
* rewritten deleting of contexts - does not use get_context_instance() anymore because it is much more strict now
* added deleting of grade_letters and settings when deleting course
* improved handling of dirty contexts in general - caching, switching in cron, marking, loading, etc.
* role_assing() and role_unassign() now marks dirty contexts because we use has_capability() in this function - we can not do it later outside to speedup bulk operations
* fixed some inline docs
* fixed notice from rs closing
* removed cached $CONTEXT from has_capability() - $context is now required parameter; this was hiding serious bugs when context did not exist or ppl passed false as parameter
* removed some ===, we can not use these on function parameters - we must support ints, strings, '', nulls, etc. - this could be a source of really dangerous bugs in future
* some other improvements and fixes - documented inline
MDL-11527 fixed warning from $CFG->defaultuserroleid when installing and upgrading
+ removed reusing of previous contexts in has_capability() and get_context_instance() because it was hiding critical errors when context was false, not specified, etc.
+ tweaked roles defaults - faster and defaults are applied when roles exist
+ SYSCONTEXTID may be specified in config.php to eliminate 1 db query
+ static context cache is now reset after rebuilding of context paths
+ path field in context table is now nullable - pg compatibility requirement
+ other minor fixes
get_dirty_contexts() and mark_context_dirty() now use cache_flags
infrastructure. Remove deprecated cleanup_dirty_contexts() - this is
now handled by gc_cache_flags() in a more generic way.
