A new optional parameter $context has been added to the
core_group::groups_get_members_join() function.
Besides, some core_group methods now accept -1 (USERSWITHOUTHGROUP) for
the groupid field.
The core API function user_create_user() did not check the case when the
given username was empty.
Also adding a missing string 'usernamelowercase' for the existing lower
case check and unit tests.
Adds a new callback, <plugin>_control_view_profile. Plugins may
return core_user::VIEWPROFILE_PREVENT to prevent access,
core_user::VIEWPROFILE_DO_NOT_PREVENT to make no change, or
core_user::VIEWPROFILE_FORCE_ALLOW to allow access even when Moodle
would normally prevent it.
This allows third-party plugins to restrict (or allow) access to
profile pages in response to arbitrary business logic.
Adds 'email' to hiddenuserfields, which allows:
* user to view email on their own profile,
* users with cap site:viewuseridentity to view email on any profile (admins/teachers)
* admin to veto display of email to users without site:viewuseridentity (except viewing their own)
* unprivileged users to view if the profile's maildisplay permits it.
Changes in user/lib.php include removal of is_siteadmin() test, which
is redundant due to checks via has_capability().
Fixes regression from 2.9 (MDL-45774).
Sometimes the "theme" and "lang" fields in the user and course tables
in the database are set to incorrect values (uninstalled or
non-existent themes and language packs).
This makes Web Services functions to fail because the WS server
validate the returned data using the validate_param function that clean
parameters.
Make sure to check that $user in enrolled in $course before checking
whether the current user has capabilities in that course, and make sure
that we don't check user context caps when handling a specific course.
This function used to check only those courses shared by both users
when it should have been checking all courses in which $user is
enrolled. Managers can view a user's course profile without necessarily
sharing the course (being enrolled in) with the $user.
Removed the edit link variable which was used in the heading
'Users with the role ..' but was never displayed due to filters.
Other minor tidy ups as well.
Part of MDL-59290.
A bug introduced with MDL-45893 meant that the failure count was being
reset, causing the footer code to be skipped. This patch fixes that
bug and adds behat tests covering the displayloginfailures feature.
This commit replace as much as possible of clean_param and PARAM_ usages related to user object.
Also few unit tests has been changed to match the new validation
The new validation were added to user_create_user and user_update_user,
displaying debug message if some invalid data has been found.
Also the unit tests of those methods has been changed to match the methods behaviour.
