Commit Graph

397 Commits

Author SHA1 Message Date
moodler bb2c22bda5 I renamed these to help general readability of accesslib:
$ad -> $accessdata
    has_cap_fad ->  has_capability_in_accessdata()
    aggr_roles_fad  -> aggregate_roles_from_accessdata()

Resolves MDL-11173
2007-09-20 04:52:54 +00:00
martinlanghoff 21f10eb03e accesslib: load_all_capabilities() - remember to check_enrolment_plugins()!
When setting up accessdata for a newly-logged-in user, call the
enrolment plugins. Thanks to Matt Clarkson for the heads up.

Affects: MDL-11180
2007-09-20 03:23:12 +00:00
toyomoyo ba82dd3134 group should probably be passed into get_role_users() 2007-09-20 03:11:51 +00:00
martinlanghoff 55a814399f accesslib:build_context_path() refer to dbfamily instead of dbtype
so mysql's various drivers can be used.
2007-09-20 02:45:57 +00:00
martinlanghoff d20559f3e4 accesslib: build_context_path() - better UPDATE SQL
A bit of cleanup on the SQL we use for updates. Unfortunately, MySQL
uses non-SQL-standard syntax for updates reading or updating multiple
tables. After much testing across Pg and MySQL, I boiled it down to
the minimal differences -- but we still have different SQL.

The timings for this on a large reference install, calling
build_context_path(true):

 - MySQL incompatible 1s
 - Petr's fixes 60s -- DB complains of too many writes
 - This commit 24s  -- DB complains of too many writes

Also - fixed a remaining problem with $emptyclause

Affects MDL-11347
2007-09-20 01:03:35 +00:00
martinlanghoff 92b34bdd6c accesslib:build_Context_path() fix $emptyclause
We need 2 different empty clauses, one for updates, anotherone for
selects.
2007-09-20 00:16:22 +00:00
martinlanghoff 413a19dd4c accesslib:build_context_path() - fix $emptyclause to avoid Oracle's dirty hack
accesslib is now clean of Oracle's dirty hack. Thanks Eloy for the idea.

MDL-11347
2007-09-19 23:46:37 +00:00
stronk7 351e55fba6 Delete one excess parenthesis... Applying Bryce's patch to MDL-11347 2007-09-19 22:40:58 +00:00
skodak 203d964a4a MDL-11347 yet more beautification proposed by Eloy 2007-09-19 19:20:18 +00:00
skodak b37453d73d MDL-11347 yet more beautification proposed by Eloy 2007-09-19 19:13:49 +00:00
skodak 40c670d416 MDL-11347 improving sql syntax - thanks Eloy for comments 2007-09-19 19:01:32 +00:00
skodak 554bda0538 MDL-11347 fixed context c in update which Tim's pg did not like much 2007-09-19 17:40:20 +00:00
skodak 2e0eade37f MDL-11347 temporary patch for mysql trouble in build_context_path() 2007-09-19 15:51:04 +00:00
moodler 95ffcee0bf Only show SQL feedback during full forced update (ie upgrade) 2007-09-19 09:55:31 +00:00
moodler c122ad2a49 Just enabling SQL feedback so that errors like we're seeing in MySQL right now are exposed 2007-09-19 09:43:13 +00:00
martinlanghoff dcd6a7755f accesslib: update PHPDoc with intro to code
Explain what we mean by _fad(), $ad and $ctx. Might help resolve MDL-11173
2007-09-19 07:57:10 +00:00
martinlanghoff 4c4fc4ffb1 accesslib: janitorial - use $ad for accessdata everywhere
Make sure we always say $ad when we talk about accessdata. This patch
fixes a few leftover bits and pieces...
2007-09-19 07:56:56 +00:00
martinlanghoff f2a7ad77ec accesslib: cleanup_dirty_contexts() - also forget about CAST()s 2007-09-19 07:56:43 +00:00
martinlanghoff 70981363bf accesslib: get_dirty_contexts() - fix race condition, forget about CAST()s
In one tiny patch we do two things.

First, we fix the race condition around dirty context and accessdata
timestamps -- it is saner to offset the check than to offset the
recording of the change (as an earlier patch did).

    On a cluster, you still need NTP.

Second, we do away with CAST(). Ideally, the values should be compared
as ints but it's hard to get a CAST() syntax that is portable enough
to work on all our supported DBs. And Eloy pointed out (and I
corroborated testing) that we'll never have problems with the string
length, as our timestamps are always 10 chars as a string... and the
day they go to 11 chars we'll hit the unix Year-2038 bug.
2007-09-19 07:56:30 +00:00
martinlanghoff 99be2a7fad accesslib: build_context_path() now sets path/depth for other blocks
Blocks not on the coursepage should have their context "hanging" from the
site context. get_context_instance() was doing this correctly, but not
build_context_path().
2007-09-19 07:56:14 +00:00
martinlanghoff 348648a2a5 Revert "accesslib: mark_context_dirty() - fix race condition"
This reverts commit 2b65045c5e8259f5997b3bbf457ec9d05027a93c.
2007-09-19 07:55:59 +00:00
martinlanghoff 45ea1afb16 accesslib: make_context_subobj() now expects ctxlevel, and fix all callers
make_context_subobj() was not providing a contextlevel property, and
no callers fetched the field. This comes from its humble origins where
it was only ever called for course objects. These days it's used in
many other situations, so this patch DTRT and

 - fixes make_context_subobj() expect a cxtlevel and turn it into
   contextlevel

 - fixes all callers (accesslib, datalib) to provide it
2007-09-19 07:54:37 +00:00
martinlanghoff aba5f469f6 accesslib: get_user_access_sitewide() was skipping rdefs
The SQL query that would fetch rdefs not associated with any ra was
not being executed. Duh! For example, a user with a teacher RA sitewide
would never be affected by a role override at the category
level, because it was not being loaded into accessdata.
2007-09-19 07:54:06 +00:00
martinlanghoff 53fb75dc1f accesslib: get_user_access_bycontext() fetches all relevant rdefs
get_user_access_bycontext() was narrowing down too much the rdefs it
was fetching. With this patch, it now correctly retrieves the rdefs for
new roles assigned in lower contexts, and also correctly retrieves
rdefs present in the course context (fixing MDL-11220).

This also means that we now do the job in 2 DB queries (instead of 3),
and we move a bit more data, but those rows are actually needed ;-)
2007-09-19 07:53:49 +00:00
martinlanghoff c7a8ec8cf0 accesslib: has_cap_fad() respect local-context-wins permissions rule
The initial implementation of has_cap_fad() just added the permission
values regardless of the locality of the context. This patch adds
support (read: fixes bug) for the "local context wins" rule.

Additionally, it removes a related bug where we were exiting early
if we found a CAP_PROHIBIT, ignoring the $doanything flag.
2007-09-19 07:52:06 +00:00
martinlanghoff 1dcf763428 accesslib: get_user_access_bycontext() remove 2 unused var declarations (trivial) 2007-09-19 07:49:35 +00:00
martinlanghoff 987e7eb19a accesslib: is_siteadmin() bugfixes
Fixed two horrid bugs in is_siteadmin(). Both userid and the check for
matching cpabilities lines were wrong.
2007-09-19 07:48:43 +00:00
martinlanghoff 9f560a0ccb accesslib: fix SQL CAST()s to work on MySQL and PostgreSQL
CAST() target types aren't very portable. Use DECIMAL which works
for MySQL and Pg.

DECIMAL does seem to be supported in Oracle - but the syntax seems
different. We may still need a compat function.
2007-09-19 07:48:31 +00:00
martinlanghoff 9264620341 accesslib: remove has_capability_including_child_contexts()
No code is calling it, and it never appeared in any release.
2007-09-19 07:48:19 +00:00
martinlanghoff 41709a387f accesslib: replace join() and sql_intarray_to_in() with implode()
implode() is the PHP-ish way of saying this. join() is too Perlish and
may get confused (or misgrepped) with a SQL JOIN.
2007-09-19 07:47:11 +00:00
martinlanghoff 394074424a accesslib: Introducing is_siteadmin() to reliably check for siteadmins
is_siteadmin checks a few key capabilities to suss out if the user is
an admin. The main virtue of the function is that it does not use
the accesslib infrastructure -- it reads directly from the DB, which
is useful for the 1.9 accesslib upgrade.
2007-09-19 07:30:09 +00:00
martinlanghoff d4bec85829 accesslib: get_user_courses_bycap() fix to deal with empty $order
If we are passed an empty string for $order, still create valid
SQL. Some callers in 1.9 seem to not care about order, passing
an explicit ''. Shocking! ;-)
2007-09-19 07:29:43 +00:00
martinlanghoff 1e460fdfc2 accesslib: remove references to deprecated context_rel table and insert_context_rel()
These references to the deprecated functions were erroring out. Remove
them.

Note however that other role related cleanups done as part of
MDL-10679 "improvement to context_rel table and load_user_capability()"
are kept.
2007-09-19 07:29:31 +00:00
martinlanghoff ad4c7473a9 accesslib: build_context_path() is now much much cheaper
We now populate the context.path only where it's empty,
this means that we take 0.15s instead of 0.6s. More importantly,
we avoid thrashing the DB's indexes pointlessly.

We also support Oracle and its dirty hack here.

And the function now has a $force parameter that can be used to
actually overwrite the paths/depths in case they've been corrupted.
2007-09-19 07:29:07 +00:00
martinlanghoff a72921ae68 accesslib: Use sql_compat() to remove unportable PostgreSQL-isms 2007-09-19 07:28:31 +00:00
martinlanghoff 2dff3a0681 accesslib: get_assignable_roles() reworked to be constant-queries
get_assignable_roles() was calling user_can_assign() (cost of 1~2 DBq)
once-per-role. Instead, we can do a single DB query that answers
all our questions in one go.

On a Moodle w 8 roles defined, saves 19 DB queries for the course page
for teachers/admins.

NOTE NOTE NOTE! With this patch we drop the insane strip/escape bit.
Only the caller knows if this is for display on html or for other uses,
so we'll be true and not mangle the data.

A review of all callers in 1.8 shows no problem - the strings were being
strip/escaped already.
2007-09-19 07:27:46 +00:00
martinlanghoff 3cdf0dd253 accesslib: get_parent_contexts() bugfix 2007-09-19 07:26:15 +00:00
martinlanghoff 420bfab156 accesslib: has_capability() now loads sub-course accessdata for $ACCESS
When querying capabilities of non-logged-in users, has_capability()
will now load accessdata for the subcontexts as needed.

Without this patch, below-the-course RAs and rdefs were ignored when
checking caps for a user different from $USER. I don't think it is
ever done in current moodle code, so the problem wasn't visible.

In any case - it's fixed ;-)
2007-09-19 07:26:02 +00:00
martinlanghoff 3c2dbf376e accesslib: Fix dirty paths checks on PHPv4
$DIRTYPATHS and its derivatives are all arrays. Not objects.

Drop the silly -> notation.
2007-09-19 07:25:37 +00:00
martinlanghoff 41017705c3 accesslib: phpdoc update get_child_contexts() 2007-09-19 07:25:25 +00:00
martinlanghoff ad833c4283 accesslib: rm get_role_context_capability() and update phpdoc
Remove unused function.
2007-09-19 07:25:10 +00:00
martinlanghoff 7ac2bd55eb accesslib: remove role_add_lastaccess_entries(),role_remove_lastaccess_entries()
Both of them are dead code in 18_STABLE and HEAD. And if
role_add_lastaccess_entries() is ever used on a large site it will
hammer the DB to bits.

Remove before anyone is foolish enough to try it.
2007-09-19 07:24:57 +00:00
martinlanghoff efd6fce585 accesslib: require_capability() phpdoc notes 2007-09-19 07:24:43 +00:00
martinlanghoff 0315aeb02f accesslib: get_parent_cats() goes away too...
Not used anymore, and very inefficient.

If you need something like it, use course_category.path
just like we use context.path .
2007-09-19 07:24:26 +00:00
martinlanghoff 8612e194e8 accesslib: remove get_role_caps() merge_role_caps()
Both unused, and not part of the external API.
2007-09-19 07:24:14 +00:00
martinlanghoff 03160d776c accesslib: remove validate_context()
No longer used anywhere. Not really useful outside of accesslib, so no
point in keeping it.
2007-09-19 07:24:02 +00:00
martinlanghoff 56743fabc9 accesslib: get_context_instance() - ignore clearcache
"cleacache" is no longer needed, and nothing is calling it.

Still - handle it as a noop to avoid erroring out with custom/contrib
code.
2007-09-19 07:23:41 +00:00
martinlanghoff 564870b7b8 accesslib: get_parent_contexts() reworked to use context.path
Now that we can use $context->path trivially, and avoid touching the db
for data we already have... Just Do It!
2007-09-19 07:23:30 +00:00
martinlanghoff 5f38222405 accesslib: remove insert_context_rel(), build_context_rel() and others
The context_rel table is not used anymore. Get rid of all references
to it.

TODO: Drop the orphaned table - but we'll do that on HEAD.
2007-09-19 07:23:15 +00:00
martinlanghoff 8e9fa6b1a2 accesslib: mark_context_dirty() - fix race condition
We had a 1s race condition where a user could get their rights loaded
at the exact time an admin is changing roles/caps and see the "old"
data. Or even see a half-updated view of the access controls.

Yuck.

So we fix the race condition backdating the dirtyness. Cheap, but
effective. And then we backdate it some more to cover for minor clock
flutter on clusters (you still need ntp however!).
2007-09-19 07:23:01 +00:00