The previous implementation falsely reported all implicit capabilities
inherited from the authenticated user archetype. That caused a lot of
capabilities reported as missing, even if they were correctly granted.
This new implementation uses a different logic. Instead of seeking for
explicitly assigned capabilities, it searches for capabilities that are
not assigned to any of the user's role across the system.
Please refer to the inline documentation. This should be still used for
informative reports only, not for actual permissions evaluation. The
context has been ignored here, as well as all the overrides etc. This
patch just makes it a lesser evil.
This allows for better caching capabilities on servers. If a
cache key is passed and the web service call does not require
the user to be logged in we will attempt to use GET for the
request. This allows for things like proxy caching on URLs.
The cache key must be changed if we do not want to retrieve
what has been cached and want to perform the request again.
Private tokens are generated at the same time that the token.
They must be stored safely by the ws client, and they must be transmitted only via https.
component, filearea and itemid are now optional parameters.
In some contexts those parameteres are not necessary because is not
required to do a file rewrite via file_rewrite_pluginfile_urls
Also:
- We don't allow users to add deprecated functions to WS
- We show a debugging message when deprecated functions
are already being used in web services.
