The API was incorrectly assuming that all uses of the API were for a
course, and that the instanceid of the communication instance was a
course id. These assumptions are both entirely wrong.
The API is intended to support a range of uses including use at the
site, user, and activity levels.
Furthermore, if a group were to be used, then the instanceid should be
of that group's id, and therefore the contextid would need to be fetched
or that group's course instead.
The only solution here is to add a new contextid field to the table, and
implement it all parts of the API.
Moves the data-filtercondition property to an element that always
exists regardless of whether the selected category from the filter
has questions or not. This will effectively solve the exception
that is being thrown due to the non-existing element and also
enable creation of random questions in a category that does not
have any questions yet. Also, the data-filtercondition attribute
is no longer used when creating a random question in a new category
as this value is not relevant in this case. Instead, a default
filter condition is generated in the webservice for the random
question based on the newly created category.
Group visibility was not taken into account when
generating SQL for getting enrolled users restricted
to a list of groups. This may have allowed users to
infer membership of groups they were not allowed to
see members of.
In some places we prevented cache poisoning, in others we did not. We
also did not place any restriction on the minimum value for a revision.
This change introduces a new set of functions for configonly endpoints
which validates the revision numbers passed in. If the revision is
either too old, or too new, it is rejected and the file content is not
cached. The content is still served, but caching headers are not sent,
and any local storage caching is prevented.
The current time is used as the maximum version, with 60 seconds added
to allow for any clock skew between cluster nodes. Previously some
locations used one hour, but there should never be such a large clock
skew on a correctly configured system.
Co-authored-by: Andrew Nicols <andrew@nicols.co.uk>
* We need to set a different meetingID when duplicating or importing a
BigBlueButtonBN activity to prevent unwanted sharing of recordings between
meetings.
With the new flow, users can go to the login page from the confirmed page,
and if the user successfully logs in, the user will be directed to the confirmed page.
To avoid that, the confirmed page can only be seen by users who are not logged in.
Render the output in shutdown handler was causing
issues in phpunit test_psr_classloader
This is an small fix to check that the output has been started.
Previously, the type of share (course/activity) was being injected into
the string, but not from a translation, so did not fully translate. The
MoodleNet type (resource) was working, but has also been replaced here
to avoid inserting one string into another (this was also unnecessary
while resource is the only possible option). This also meant the latter
string could be deprecated.
The Moodle XML export of multiple choice calculated questions was
missing proper escaping of answers. Also the indentation of the
generated xml was off.
Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
