* Looping the environment results and skipping some items mean that
if a test gets skipped, the rest of the environment results won't be
tested. It's better to use a data provider for this in order to
individually test each environment result.
MDL-46783, MDL-63772 and MDL-63818 were originally coded on the
assumption that MDL-46783 would get integrated first. However it wasn't.
Therefore, it was not easy to add unit tests for MDL-63772 and MDL-63818
at the time, but it is now, so here they are.
The capabilities changed ('contextlevel' => CONTEXT_COURSE changed to
'contextlevel' => CONTEXT_MODULE) are:
* moodle/site:accessallgroups
* moodle/site:viewfullnames
* moodle/site:trustcontent
* moodle/site:viewuseridentity
This list came from reviewing the _get_extra_capabilities functions in
all core activities. They were all somewhat inconsistent, but I think it
makes sense that these capabilities are consistently overridable in all
activities. E.g. moodle/site:accessallgroups affects conditional
availability even if there is no other user of groups, and
moodle/site:viewuseridentity and moodle/site:viewfullnames affect the
logs report, if nothing else.
As a result of this, several _get_extra_capabilities functions are no
longer needed, and all the rest have been simplified.
Not all AMD modules need an explicit function call to start working. The
patch makes the function name optional, in which case the js_call_amd()
simply loads the module.
This chagne adds support for a new feature known as Context Locking.
This allows a context to be locked, thereby removing all write
capabilities for all users (including admin) for that context, and all
child contexts.
We need to be able to delay calling all member processors with localised
event data if a DB transaction is taking place. This code treats a
conversation message as a single item of work to be buffered, and stores
all localised eventdata, and processorlists for later reference. When
processing the buffer, we pass off all localised eventdata items to
their respective member's processors, before firing a single event.
CSRF protection for the login form. The authenticate_user_login function was
extended to validate the token (in \core\session\manager) but by default it
does not perform the extra validation. Existing uses of this function from
auth plugins and features like "change password" will continue to work without
changes. New config value $CFG->disablelogintoken can bypass this check.
* New button allows to create standard issuer for nextcloud
* Since the endpoints url has to be https and nextcloud relys on the
baseurl to create the endpoints, the baseurl of issuers has now to be
https as well (or empty).
* Google's baseurl was changed to https (there was no reason not to),
whereas Facebook and Microsoft baseurls remain empty.
* In case of the creation of a nextcloud issuer, the baseurl is
required.
* Nextcloud requires the baseurl, therefore a parameter is added to
create_standard_issuer($type, $baseurl = false). That parameter not
required (or used) for anything but Nextcloud.
Improve the format of the HTML representing a forum post.
1. Use <article> tag to mark it correctly.
2. Use <time> tag to include the real datetime information.
3. Use <address> tag to specify who and when the post came from.
4. Use heading level tags to mark the subject of each post.
5. Properly nest reply posts within their parent <article>
6. Use a header tab for each article to split the metadata from the content.
7. Use CSS to separate links, not text content.
Because posts are now nested properly, the heading for each one refers to it's own article
and we don't need to generate arbitrary heading level tags depending on how deep the post
is nested.
A new optional parameter $context has been added to the
core_group::groups_get_members_join() function.
Besides, some core_group methods now accept -1 (USERSWITHOUTHGROUP) for
the groupid field.
