This change ensures that all capabilities at module context level are
shown within a module, only filtering out those which belong to another
module or the subplugins of another module.
This has the effect that module-level capabilities are included
providing they relate to
- the module being queried
- any subplugin of that module
- any capability at module level which does not belong to another module
or its subplugin
- any other explicitly included capability
This allows permissions to be defined on a capability at a context
level.
Whenever the role_capabilities table is changed, we need to remember
to clear the cache for the role(s) being modified. This is far simpler
when all of those changes happen in a single file, i.e. accesslib.php,
allowing other parts of the application to use the public functions
without requiring knowledge of the cache internals.
Thanks to MDL-49398, we can separate the combined user session and role
definition cache clearing function into two separate functions. At the
same time, we want to identify and remove mark_dirty() calls that were
added for role definition changes but were incorrectly left behind.
Change highlights:
- Remove unnecessary mark_dirty() calls performed after
assign_capability(), unassign_capability(), delete_role(),
deleted contexts, brand new contexts
- Move role definition cache clear from the user-centric
accesslib_clear_all_caches() to the newly created,
role-dedicated accesslib_reset_role_cache()
Fixed to return both those roles in the profileroles site policy and
any roles which the current user can assign in the respective context,
meaning a user can see a link to any role they can assign.
This change removes the complex and partial loading of role definition data for users.
It is replaced by keeping one system-wide definition for each role in MUC.
This is cheaper to regenerate as it avoids complex database queries (repeated LEFT JOIN to context).
Memory usage is kept low thanks to array CoW for each user access data.
Refactor similar SQL generation code from get_users_by_capability
and get_enrolled_uses to make get_with_capability_sql.
Modified files: accesslib.php, enrollib.php, grouplib.php, new tests.
The new query is logically equivalen, but much, much faster, at
least on Postgred. (15ms, instead of 700ms, in one example I tried
on the database for the OU's main Moodle site.)
The function get_role_users() requires the caller to include the $sort fields in
the $fields argument. On PostgreSQL this will cause the function to fail when
the default $sort fields aren't part of the requested fields. The behavior of
the function is augmented to add the $sort fields to $fields if they are not
already present.
With no PHPDocs and $instanceid as name some module developers confuse
context_module::instance argument to be instanceid of the module while
it actually should be cmid.
The count_role_users function in lib/accesslib.php gives the wrong results if a user has the
same role at multiple levels in a context path.
For example a user is a coursecreator on a course and the category that the course is in,
in this case they would be counted twice, rather than being recognised as the same user.
This change will make the function only count unique users.
