accesslib: mark_context_dirty() - fix race condition

We had a 1s race condition where a user could get their rights loaded
at the exact time an admin is changing roles/caps and see the "old"
data. Or even see a half-updated view of the access controls.

Yuck.

So we fix the race condition backdating the dirtyness. Cheap, but
effective. And then we backdate it some more to cover for minor clock
flutter on clusters (you still need ntp however!).

diff --git a/lib/accesslib.php b/lib/accesslib.php
index 344e80544498a1d6674f27a805d86c25ffed0a82..d122577b89df5c4c3d31428668ecc610804341d2 100755 (executable)
--- a/lib/accesslib.php
+++ b/lib/accesslib.php
@@ -4978,7 +4978,10 @@ function mark_context_dirty($path) {
 
     // only if it is a non-empty string
     if (is_string($path) && $path !== '') {
-        set_config($path, time(), 'accesslib/dirtycontexts');
+        // The timestamp is 2s in the past to cover for
+        // - race conditions within the 1s granularity
+        // - very small clock offsets in clusters (use ntpd!)
+        set_config($path, time()-2, 'accesslib/dirtycontexts');
     }
 }