The last access implementation also fixes an existing bug,
where it was assumed never accessed would be 0, when it also needed to
handle null to return correct results. Related userlib unit tests also
updated to reflect this, as well as some incorrect comment wording.
Added new MESSAGE_CONVERSATION_TYPE_SELF type for self-conversations
and upgraded legacy self-conversations to the new type, removing
repeated members in the message_conversation_members table.
Besides, from now, a self-conversation will be created by default for
all the existing users.
All the self-conversations have been also starred and a default message
will be displayed always to explain how to use them.
This had a relatively simply check for course profile visibility, which
meant that users in separate groups could see one another's profile.
This has been replaced with the more correct check in
user_can_view_profile().
Purge cache just for the current user to avoid redirection when 2
simultaneous users try to sign up at the same time and some policy
has to be agreed.
The 'createduser' invalidation event has been removed also because
is not used any more.
Thanks John Azinheira for spotting it!
A new optional parameter $context has been added to the
core_group::groups_get_members_join() function.
Besides, some core_group methods now accept -1 (USERSWITHOUTHGROUP) for
the groupid field.
The core API function user_create_user() did not check the case when the
given username was empty.
Also adding a missing string 'usernamelowercase' for the existing lower
case check and unit tests.
Adds a new callback, <plugin>_control_view_profile. Plugins may
return core_user::VIEWPROFILE_PREVENT to prevent access,
core_user::VIEWPROFILE_DO_NOT_PREVENT to make no change, or
core_user::VIEWPROFILE_FORCE_ALLOW to allow access even when Moodle
would normally prevent it.
This allows third-party plugins to restrict (or allow) access to
profile pages in response to arbitrary business logic.
Adds 'email' to hiddenuserfields, which allows:
* user to view email on their own profile,
* users with cap site:viewuseridentity to view email on any profile (admins/teachers)
* admin to veto display of email to users without site:viewuseridentity (except viewing their own)
* unprivileged users to view if the profile's maildisplay permits it.
Changes in user/lib.php include removal of is_siteadmin() test, which
is redundant due to checks via has_capability().
Fixes regression from 2.9 (MDL-45774).
Sometimes the "theme" and "lang" fields in the user and course tables
in the database are set to incorrect values (uninstalled or
non-existent themes and language packs).
This makes Web Services functions to fail because the WS server
validate the returned data using the validate_param function that clean
parameters.
Make sure to check that $user in enrolled in $course before checking
whether the current user has capabilities in that course, and make sure
that we don't check user context caps when handling a specific course.
This function used to check only those courses shared by both users
when it should have been checking all courses in which $user is
enrolled. Managers can view a user's course profile without necessarily
sharing the course (being enrolled in) with the $user.
Removed the edit link variable which was used in the heading
'Users with the role ..' but was never displayed due to filters.
Other minor tidy ups as well.
Part of MDL-59290.
