With this patch, we respect rdef locality when two roles
assignments in the same context have conflicting rdefs.
In that case, the most local rdef wins.
So RA locality still matters most. If you are a teacher
sitewide and a student in course X, student role trumps
teacher.
For a use case, see the discussion here
http://moodle.org/mod/forum/discuss.php?d=84472
Notes:
- If we wanted to have locality of RDEF trump everything
we can. A comment in this patch shows how.
- I don't know how to reproduce this in pure SQL.
And Also:
This patch also fixes a bug where if CAP_PROHIBIT was set
_and_ another role added to it in the same context, we would
add or substract 1 to CAP_PROHIBIT, and it would lose its magic.
And while at it, tighten the code to avoid casts. All the
ints are unambiguously ints.
... where it belongs ;-)
load_all_capabiloties() gets called at several points where we don't
want to be re-querying the enrolment backends. It needs to be called
before load_all_capabilities() and only by callers that are setting up
a logon session.
Those callers need to be calling complete_user_login() anyway, as they
need to set the Moodle cookie, log the logon action, etc. In fact,
those callers duplicate a lot of that code already.
The callers that don't duplicate code for the login are actually the
cases where the backend enrolment plugins should not be queried.
To be followed by callers cleanup...
* user_lastaccess deleted when deleting course
* rewritten deleting of contexts - does not use get_context_instance() anymore because it is much more strict now
* added deleting of grade_letters and settings when deleting course
* improved handling of dirty contexts in general - caching, switching in cron, marking, loading, etc.
* role_assing() and role_unassign() now marks dirty contexts because we use has_capability() in this function - we can not do it later outside to speedup bulk operations
* fixed some inline docs
* fixed notice from rs closing
* removed cached $CONTEXT from has_capability() - $context is now required parameter; this was hiding serious bugs when context did not exist or ppl passed false as parameter
* removed some ===, we can not use these on function parameters - we must support ints, strings, '', nulls, etc. - this could be a source of really dangerous bugs in future
* some other improvements and fixes - documented inline
MDL-11527 fixed warning from $CFG->defaultuserroleid when installing and upgrading
+ removed reusing of previous contexts in has_capability() and get_context_instance() because it was hiding critical errors when context was false, not specified, etc.
+ tweaked roles defaults - faster and defaults are applied when roles exist
+ SYSCONTEXTID may be specified in config.php to eliminate 1 db query
+ static context cache is now reset after rebuilding of context paths
+ path field in context table is now nullable - pg compatibility requirement
+ other minor fixes
get_dirty_contexts() and mark_context_dirty() now use cache_flags
infrastructure. Remove deprecated cleanup_dirty_contexts() - this is
now handled by gc_cache_flags() in a more generic way.
new permanent context_temp table. Update for
Oracle added, extra NOT EXISTS cluse to avoid
insertion of duplicate records in potential
concurrency and minor refinements. MDL-11347
A bit of cleanup on the SQL we use for updates. Unfortunately, MySQL
uses non-SQL-standard syntax for updates reading or updating multiple
tables. After much testing across Pg and MySQL, I boiled it down to
the minimal differences -- but we still have different SQL.
The timings for this on a large reference install, calling
build_context_path(true):
- MySQL incompatible 1s
- Petr's fixes 60s -- DB complains of too many writes
- This commit 24s -- DB complains of too many writes
Also - fixed a remaining problem with $emptyclause
Affects MDL-11347
