MDL-19039 improved default frontpage role capability evealuation, needs to be manuall...

diff --git a/config-dist.php b/config-dist.php
index 37e4b1120318e613ae2c081d0230128f36519868..ae51dd501fb5e1d77017f27914e62a99f60eb260 100644 (file)
--- a/config-dist.php
+++ b/config-dist.php
@@ -193,6 +193,12 @@ $CFG->admin = 'admin';
 // logs in. The site front page will always show the same (logged-out) view.
 //     $CFG->disablemycourses = true;
 //
+// Enable this option if you need fully working default frontpage role,
+// please note it might cause serious memory and performance issues,
+// also there should not be any negative capabilities in default
+// frontpage role (MDL-19039).
+//     $CFG->fullusersbycapabilityonfrontpage = true;
+//
 // If this setting is set to true, then Moodle will track the IP of the
 // current user to make sure it hasn't changed during a session.  This
 // will prevent the possibility of sessions being hijacked via XSS, but it

diff --git a/lib/accesslib.php b/lib/accesslib.php
index ae25b370769eb387ae680294ece04acbabbe1b96..a9bb58004231c11aa11ff6b95cba5a26fea7a11a 100755 (executable)
--- a/lib/accesslib.php
+++ b/lib/accesslib.php
@@ -4874,6 +4874,20 @@ function get_users_by_capability($context, $capability, $fields='', $sort='',
         $defaultroleinteresting = false;
     }
 
+    // is the default role interesting? does it have
+    // a relevant rolecap? (we use this a lot later)
+    if (($isfrontpage or is_inside_frontpage($context)) and !empty($CFG->defaultfrontpageroleid) and in_array((int)$CFG->defaultfrontpageroleid, $roleids, true)) {
+        if (!empty($CFG->fullusersbycapabilityonfrontpage)) {
+            // new in 1.9.6 - full support for defaultfrontpagerole MDL-19039
+            $frontpageroleinteresting = true;
+        } else {
+            // old style 1.9.0-1.9.5 - much faster + fewer negative override problems on frontpage
+            $frontpageroleinteresting = ($context->contextlevel == CONTEXT_COURSE);
+        }
+    } else {
+        $frontpageroleinteresting = false;
+    }
+
     //
     // Prepare query clauses
     //
@@ -4963,9 +4977,7 @@ function get_users_by_capability($context, $capability, $fields='', $sort='',
     if (!$negperm) {
 
         // at the frontpage, and all site users have it - easy!
-        if ($isfrontpage && !empty($CFG->defaultfrontpageroleid)
-            && in_array((int)$CFG->defaultfrontpageroleid, $roleids, true)) {
-
+        if ($frontpageroleinteresting) {
             return $DB->get_records_sql("SELECT $fields
                                            FROM {user} u
                                           WHERE u.deleted = 0
@@ -5146,6 +5158,11 @@ function get_users_by_capability($context, $capability, $fields='', $sort='',
 
             // Did the last user end up with a positive permission?
             if ($lastuserid !=0) {
+                if ($frontpageroleinteresting) {
+                    // add frontpage role if interesting
+                    $ras[] = array('roleid' => $CFG->defaultfrontpageroleid,
+                                   'depth'  => $context->depth);
+                }
                 if ($defaultroleinteresting) {
                     // add the role at the end of $ras
                     $ras[] = array( 'roleid' => $CFG->defaultuserroleid,
@@ -5191,6 +5208,11 @@ function get_users_by_capability($context, $capability, $fields='', $sort='',
 
     // Prune last entry if necessary
     if ($lastuserid !=0) {
+        if ($frontpageroleinteresting) {
+            // add frontpage role if interesting
+            $ras[] = array('roleid' => $CFG->defaultfrontpageroleid,
+                           'depth'  => $context->depth);
+        }
         if ($defaultroleinteresting) {
             // add the role at the end of $ras
             $ras[] = array( 'roleid' => $CFG->defaultuserroleid,