Now the db/service.php array can contain these extra keys to provide information
on how a webservice may be called:
'ajax' => true (Default is false)
Replaces the xx_is_allowed_from_ajax callback.
'loginrequired' => false (Default is true)
Means that this webservice can be called through lib/ajax/service-nosession.php
which sets NO_MOODLE_COOKIES to true (faster). This is only safe for webservices returning
static public data (e.g. get_string).
Some webservice functions need to be available without a login, e.g.
fetching strings and templates.
External functions must call validate_context if they require a valid login etc.
Added a new parameter to services.php: "loginrequired". Default is true.
This needs to be done before we can expose any webservices that
change state, or return private info to ajax (to prevent CSRF).
Currently there are no webservices exposed to ajax that meet these
criteria - so this issue is to prevent future security issues.
This is a new script that can call any function in the built-in AJAX webservice. This is
a new system service that is added at install time (like the mobile webservice). It has no
protocols added to it, but it accessible by a new ajax script /lib/ajax/service.php.
Requests and responses to the script are required to be in json format, and multiple functions can
be called in a single request.
