From 2f1a42481db375f8d8d0e8c93b017345cb23062a Mon Sep 17 00:00:00 2001
From: moodler <moodler>
Date: Mon, 23 Oct 2006 15:17:31 +0000
Subject: [PATCH] This new function called load_all_capabilities() should be
 used whenever you want to completely reload the capabilities for the current
 user.

Basically it will deal nicely with the default site-wide permissions
depending on the current user.

More background in the comments on MDL-6963

Merged from stable
---
 admin/user.php          |  2 +-
 course/enrol.php        |  2 +-
 course/loginas.php      |  2 +-
 enrol/paypal/return.php |  2 +-
 lib/accesslib.php       | 30 +++++++++++++++++++++++++++---
 login/index.php         |  7 +++----
 6 files changed, 34 insertions(+), 11 deletions(-)

diff --git a/admin/user.php b/admin/user.php
index ff01460121..46234674b9 100644
--- a/admin/user.php
+++ b/admin/user.php
@@ -65,7 +65,7 @@
 
         sesskey();   // For added security, used to check script parameters
 
-        load_user_capability();
+        load_all_capabilities();
 
         redirect("$CFG->wwwroot/user/edit.php?id=$user->id&amp;course=$site->id");  // Edit thyself
         exit;
diff --git a/course/enrol.php b/course/enrol.php
index 25cf3dbe38..795e299b21 100644
--- a/course/enrol.php
+++ b/course/enrol.php
@@ -26,7 +26,7 @@
 
 /// Refreshing all current role assignments for the current user
 
-    load_user_capability();
+    load_all_capabilities();
 
 /// Double check just in case they are actually enrolled already and 
 /// thus got to this script by mistake.  This might occur if enrolments 
diff --git a/course/loginas.php b/course/loginas.php
index 8af1355082..8be8fff0a6 100644
--- a/course/loginas.php
+++ b/course/loginas.php
@@ -9,7 +9,7 @@
 
     if (!empty($USER->realuser)) {
         $USER = get_complete_user_data('id', $USER->realuser);
-        load_user_capability();   // load all this user's normal capabilities
+        load_all_capabilities();   // load all this user's normal capabilities
 
         if (isset($SESSION->oldcurrentgroup)) {      // Restore previous "current group" cache.
             $SESSION->currentgroup = $SESSION->oldcurrentgroup;
diff --git a/enrol/paypal/return.php b/enrol/paypal/return.php
index 28c4adec96..1f2f4c2dc2 100644
--- a/enrol/paypal/return.php
+++ b/enrol/paypal/return.php
@@ -16,7 +16,7 @@
     require_login();
 
 /// Refreshing enrolment data in the USER session
-    load_user_capability();
+    load_all_capabilities();
 
     if ($SESSION->wantsurl) {
         $destination = $SESSION->wantsurl;
diff --git a/lib/accesslib.php b/lib/accesslib.php
index b35ec3b0c2..fb45c6f56e 100755
--- a/lib/accesslib.php
+++ b/lib/accesslib.php
@@ -538,6 +538,10 @@ function load_user_capability($capability='', $context ='', $userid='') {
 
     global $USER, $CFG;
 
+    if (empty($CFG->rolesactive)) {
+        return false;
+    }
+
     if (empty($userid)) {
         if (empty($USER->id)) {               // We have no user to get capabilities for
             debugging('User not logged in for load_user_capability!');
@@ -754,10 +758,30 @@ function load_user_capability($capability='', $context ='', $userid='') {
     if (!empty($otheruserid)) {
         return $usercap; // return the array
     }
-    // see array in session to see what it looks like
+}
+
+
+/*
+ *  A convenience function to completely load all the capabilities 
+ *  for the current user.   This is what gets called from login, for example.
+ */
+function load_all_capabilities() {
+    global $USER;
+
+    if (empty($USER->username)) {
+        return;
+    }
 
+    load_user_capability();         // Load basic capabilities assigned to this user
+
+    if ($USER->username == 'guest') {
+        load_guest_role();          // All non-guest users get this by default
+    } else {
+        load_defaultuser_role();    // All non-guest users get this by default
+    }
 }
 
+
 /*
  * Check all the login enrolment information for the given user object
  * by querying the enrolment plugins
@@ -1646,7 +1670,7 @@ function role_assign($roleid, $userid, $groupid, $contextid, $timestart=0, $time
 
     /// If the user is the current user, then reload the capabilities too.
         if (!empty($USER->id) && $USER->id == $userid) {
-            load_user_capability();
+            load_all_capabilities();
         }
         
     /// Ask all the modules if anything needs to be done for this user
@@ -1711,7 +1735,7 @@ function role_unassign($roleid=0, $userid=0, $groupid=0, $contextid=0) {
 
                 /// If the user is the current user, then reload the capabilities too.
                 if (!empty($USER->id) && $USER->id == $ra->userid) {
-                    load_user_capability();
+                    load_all_capabilities();
                 }
                 $context = get_record('context', 'id', $ra->contextid);
 
diff --git a/login/index.php b/login/index.php
index 05c94bece7..70ec4c9e80 100644
--- a/login/index.php
+++ b/login/index.php
@@ -207,10 +207,9 @@
             }
 
             reset_login_count();
-            if (!empty($CFG->rolesactive)) {
-                load_user_capability(); // load user's capabilities
-                load_defaultuser_role();    // All users get this by default
-            }
+
+            load_all_capabilities();     /// This is what lets the user do anything on the site  :-)
+
             redirect($urltogo);
 
             exit;
-- 
2.39.5