This new function called load_all_capabilities() should be used whenever

you want to completely reload the capabilities for the current user.

Basically it will deal nicely with the default site-wide permissions
depending on the current user.

More background in the comments on MDL-6963

Merged from stable

diff --git a/admin/user.php b/admin/user.php
index ff014601214726cdbb7b219724514daa436ff8de..46234674b91c1b91c6ef9f18f9af13ec10db1089 100644 (file)
--- a/admin/user.php
+++ b/admin/user.php
@@ -65,7 +65,7 @@
 
         sesskey();   // For added security, used to check script parameters
 
-        load_user_capability();
+        load_all_capabilities();
 
         redirect("$CFG->wwwroot/user/edit.php?id=$user->id&course=$site->id");  // Edit thyself
         exit;

diff --git a/course/enrol.php b/course/enrol.php
index 25cf3dbe38d053122615674aea65d14e9ed579f4..795e299b219127fc0b541547aa3de2d944b8e26b 100644 (file)
--- a/course/enrol.php
+++ b/course/enrol.php
@@ -26,7 +26,7 @@
 
 /// Refreshing all current role assignments for the current user
 
-    load_user_capability();
+    load_all_capabilities();
 
 /// Double check just in case they are actually enrolled already and 
 /// thus got to this script by mistake.  This might occur if enrolments 

diff --git a/course/loginas.php b/course/loginas.php
index 8af13550826646c42af8190b38ed450228628a3a..8be8fff0a606dffe7a03005a3dd6cb32b5ed31b2 100644 (file)
--- a/course/loginas.php
+++ b/course/loginas.php
@@ -9,7 +9,7 @@
 
     if (!empty($USER->realuser)) {
         $USER = get_complete_user_data('id', $USER->realuser);
-        load_user_capability();   // load all this user's normal capabilities
+        load_all_capabilities();   // load all this user's normal capabilities
 
         if (isset($SESSION->oldcurrentgroup)) {      // Restore previous "current group" cache.
             $SESSION->currentgroup = $SESSION->oldcurrentgroup;

diff --git a/enrol/paypal/return.php b/enrol/paypal/return.php
index 28c4adec9614f0152a0e2111e8c3c1cc3ffd02f2..1f2f4c2dc298a211929ebb4136bd2d1f4f4a41d0 100644 (file)
--- a/enrol/paypal/return.php
+++ b/enrol/paypal/return.php
@@ -16,7 +16,7 @@
     require_login();
 
 /// Refreshing enrolment data in the USER session
-    load_user_capability();
+    load_all_capabilities();
 
     if ($SESSION->wantsurl) {
         $destination = $SESSION->wantsurl;

diff --git a/lib/accesslib.php b/lib/accesslib.php
index b35ec3b0c26451c45e115594a94d677e5edc6ffd..fb45c6f56e2b8a40fe63365b10672a7b10d355bb 100755 (executable)
--- a/lib/accesslib.php
+++ b/lib/accesslib.php
@@ -538,6 +538,10 @@ function load_user_capability($capability='', $context ='', $userid='') {
 
     global $USER, $CFG;
 
+    if (empty($CFG->rolesactive)) {
+        return false;
+    }
+
     if (empty($userid)) {
         if (empty($USER->id)) {               // We have no user to get capabilities for
             debugging('User not logged in for load_user_capability!');
@@ -754,10 +758,30 @@ function load_user_capability($capability='', $context ='', $userid='') {
     if (!empty($otheruserid)) {
         return $usercap; // return the array
     }
-    // see array in session to see what it looks like
+}
+
+
+/*
+ *  A convenience function to completely load all the capabilities 
+ *  for the current user.   This is what gets called from login, for example.
+ */
+function load_all_capabilities() {
+    global $USER;
+
+    if (empty($USER->username)) {
+        return;
+    }
 
+    load_user_capability();         // Load basic capabilities assigned to this user
+
+    if ($USER->username == 'guest') {
+        load_guest_role();          // All non-guest users get this by default
+    } else {
+        load_defaultuser_role();    // All non-guest users get this by default
+    }
 }
 
+
 /*
  * Check all the login enrolment information for the given user object
  * by querying the enrolment plugins
@@ -1646,7 +1670,7 @@ function role_assign($roleid, $userid, $groupid, $contextid, $timestart=0, $time
 
     /// If the user is the current user, then reload the capabilities too.
         if (!empty($USER->id) && $USER->id == $userid) {
-            load_user_capability();
+            load_all_capabilities();
         }
         
     /// Ask all the modules if anything needs to be done for this user
@@ -1711,7 +1735,7 @@ function role_unassign($roleid=0, $userid=0, $groupid=0, $contextid=0) {
 
                 /// If the user is the current user, then reload the capabilities too.
                 if (!empty($USER->id) && $USER->id == $ra->userid) {
-                    load_user_capability();
+                    load_all_capabilities();
                 }
                 $context = get_record('context', 'id', $ra->contextid);
 

diff --git a/login/index.php b/login/index.php
index 05c94bece7500401efee92645856c27399f6401c..70ec4c9e8066ae7699e54fda7a5b5dde8d3c23d2 100644 (file)
--- a/login/index.php
+++ b/login/index.php
@@ -207,10 +207,9 @@
             }
 
             reset_login_count();
-            if (!empty($CFG->rolesactive)) {
-                load_user_capability(); // load user's capabilities
-                load_defaultuser_role();    // All users get this by default
-            }
+
+            load_all_capabilities();     /// This is what lets the user do anything on the site  :-)
+
             redirect($urltogo);
 
             exit;