Commit e922fe23 authored by Petr Skoda's avatar Petr Skoda
Browse files

MDL-29602 accesslib improvements

Refactoring and improvements of the accesslib.php library including prevention of access for not-logged-in users when forcelogin enabled, improved context caching, OOP refactoring of contexts, fixed context loading, deduplication of role definitions in user sessions, installation improvements, decoupling of enrolment checking from capability loading, added detection of deleted and non-existent users in has_capability(), new function accesslib test, auth and enrol upgrade notes.

More details are available in tracker subtasks.
parent 6731a04d
This diff is collapsed.
......@@ -1417,11 +1417,11 @@ function upgrade_core($version, $verbose) {
purge_all_caches();
// Clean up contexts - more and more stuff depends on existence of paths and contexts
cleanup_contexts();
create_contexts();
build_context_path();
$syscontext = get_context_instance(CONTEXT_SYSTEM);
mark_context_dirty($syscontext->path);
context_helper::cleanup_instances();
context_helper::create_instances(null, false);
context_helper::build_all_paths(false);
$syscontext = context_system::instance();
$syscontext->mark_dirty();
print_upgrade_part_end('moodle', false, $verbose);
} catch (Exception $ex) {
......
......@@ -56,6 +56,9 @@ if (!empty($user)) {
}
}
// let enrol plugins deal with new enrolments if necessary
enrol_check_plugins($user);
// setup user session to check capability
session_set_user($user);
......
......@@ -16,9 +16,9 @@
/**
* rss/file.php - entry point to serve rss streams
*
*
* This script simply checks the parameters to construct a $USER
* then finds and calls a function in the relevant component to
* then finds and calls a function in the relevant component to
* actually check security and create the RSS stream
*
* @package moodlecore
......@@ -81,7 +81,7 @@ if ($token==="$inttoken") {
if (!isset($modinfo->instances[$componentname])) {
$modinfo->instances[$componentname] = array();
}
foreach ($modinfo->instances[$componentname] as $modinstanceid=>$cm) {
if ($modinstanceid==$instanceid) {
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
......@@ -122,6 +122,10 @@ if ($token==="$inttoken") {
}
$user = get_complete_user_data('id', $userid);
// let enrol plugins deal with new enrolments if necessary
enrol_check_plugins($user);
session_set_user($user); //for login and capability checks
// Check the context actually exists
......
......@@ -654,6 +654,7 @@ abstract class webservice_server implements webservice_server_interface {
}
// now fake user login, the session is completely empty too
enrol_check_plugins($user);
session_set_user($user);
$this->userid = $user->id;
......
......@@ -66,6 +66,8 @@ $user = $DB->get_record('user', array('id'=>$token->userid, 'deleted'=>0), '*',
// log token access
$DB->set_field('external_tokens', 'lastaccess', time(), array('id'=>$token->id));
// let enrol plugins deal with new enrolments if necessary
enrol_check_plugins($user);
session_set_user($user);
$context = get_context_instance(CONTEXT_USER, $USER->id);
require_capability('moodle/user:manageownfiles', $context);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment