Allow institutional admins to add non-members to favourites

See bug #799566

The initial implementation of the institution-controlled
favourites list was too strict.  Institutional admins should
only be able to edit the favourites lists for institution
members, but there should be no restrictions on who can be
added to a user's favourites list.

Change-Id: I0d56e265aaa122ec0a03a93e96198620a4831d7e
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

htdocs/lib/user.php

@@ -2271,19 +2271,10 @@ function update_favorites($owner, $shortname, $institution, $userlist) {
     }
 
     if (!empty($userlist)) {
-        $idstr = join(',', array_map('intval', $userlist));
-        if ($institution == 'mahara') {
-            $userids = get_column_sql("SELECT id FROM {usr} WHERE id IN ($idstr) AND deleted = 0", array());
-        }
-        else {
-            // Remove anyone who is not in this institution
-            $userids = get_column_sql('
-                SELECT u.id
-                FROM {usr} u JOIN {usr_institution} ui ON u.id = ui.usr AND ui.institution = ?
-                WHERE u.id IN (' . $idstr . ') AND u.deleted = 0',
-                array($institution)
-            );
-        }
+        $userids = get_column_sql('
+            SELECT id FROM {usr} WHERE id IN (' . join(',', array_fill(0, count($userlist), '?')) . ') AND deleted = 0',
+            array_map('intval', $userlist)
+        );
     }
 
     if (empty($userids)) {