This had a relatively simply check for course profile visibility, which
meant that users in separate groups could see one another's profile.
This has been replaced with the more correct check in
user_can_view_profile().
A new optional parameter $context has been added to the
core_group::groups_get_members_join() function.
Besides, some core_group methods now accept -1 (USERSWITHOUTHGROUP) for
the groupid field.
Thanks to MDL-49398, we can separate the combined user session and role
definition cache clearing function into two separate functions. At the
same time, we want to identify and remove mark_dirty() calls that were
added for role definition changes but were incorrectly left behind.
Change highlights:
- Remove unnecessary mark_dirty() calls performed after
assign_capability(), unassign_capability(), delete_role(),
deleted contexts, brand new contexts
- Move role definition cache clear from the user-centric
accesslib_clear_all_caches() to the newly created,
role-dedicated accesslib_reset_role_cache()
The core API function user_create_user() did not check the case when the
given username was empty.
Also adding a missing string 'usernamelowercase' for the existing lower
case check and unit tests.
Sometimes the "theme" and "lang" fields in the user and course tables
in the database are set to incorrect values (uninstalled or
non-existent themes and language packs).
This makes Web Services functions to fail because the WS server
validate the returned data using the validate_param function that clean
parameters.
- count() can only be called on arrays or Countable, it can not be called on null
- recordset is neither so iterator_count() should be used
- instanceof or get_class() can not be applied to non-objects
- class methods must have the same arguments as methods in parent class
This function used to check only those courses shared by both users
when it should have been checking all courses in which $user is
enrolled. Managers can view a user's course profile without necessarily
sharing the course (being enrolled in) with the $user.
The validation of the timezone field should not occur, especially
when it is automatically cleaned. Timezones can be volatile, we
must try hard to fallback on real timezones and must not lose reset
the values arbitrarily.
"There is absolutely no need to change $CFG->timezone and user timezones
in database - the timezones may come and go. If you change the value in
upgrade or on the fly you would not be able to get it back. This is the
reason why I implemented the "invalid timezone" thing in server and
user settings instead." - Petr Skoda (MDL-49684)
The new validation were added to user_create_user and user_update_user,
displaying debug message if some invalid data has been found.
Also the unit tests of those methods has been changed to match the methods behaviour.
Added an @array "options" parameter to user_get_user_navigation_info(),
for passing in avatarsize, and possibly other options in future.
Also removed an errant parameter in the /lib/outputrenderers.php
user_get_user_navigation_info() call, as there was no corresponding
parameter in the function definition.
(Test written by Jetha Chan.)
On some pages full user data is not stored before user_created/
user_updated event is triggred. So giving option to trigger that
manually, so it can be triggred after all data is saved
