Bug #794385 - Implemented as a checkbox on the institution details
page. This checkbox is disabled if the site wide setting is not set.

Additional method on the User class that returns true if any of
the institutions that the user belongs to allows public views.

Change-Id: I0d58d1056efb0d84eb5ee092c4ee2db978853ce6
Signed-off-by: Darryl Hamilton <darrylh@catalyst.net.nz>

These closing tags are unnecessary and against our coding
guidelines. Let's get rid of them all in one go.

Change-Id: Ia94f103e525185597ee3780a3839d7577cdd0c29
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

This happens on public site pages because the view
owner is 0 by default, and the LiveUser object has
id 0.

Bug #778240

Change-Id: Idec3fe8f4a9a877eaf02bfb304f1809f6b556ab0
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

Allow users to see images that have been published inside forum posts they're allowed to see (bug #655631)

Change-Id: Ib93464176d0093a27d2aa63d9fb73bc9b91b9879
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>
Reviewed-on: https://reviews.mahara.org/2

Reviewed-by: Ruslan Kabalin <ruslan.kabalin@luns.net.uk>
Reviewed-by: Francois Marier <francois@catalyst.net.nz>
Tested-by: Richard Mansfield <richardm@mahara.org>

Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Signed-off-by: Andrew Robert Nicols <andrew.nicols@luns.net.uk>

Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Added the refresh mobileuploadtoken feature/functionality and removed the erroneous mobileuploadtoken from usr object

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Also refresh quotas at the time of filebrowser pieform element creation.
Signed-off-by: Ruslan Kabalin <ruslan.kabalin@luns.net.uk>
Signed-off-by: Andrew Robert Nicols <andrew.nicols@luns.net.uk>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Absolutely any institution admin was granted editing permisions to artefacts
that use 'can_edit_artefact' method to check editing permision ("Comments" in
particular).
Signed-off-by: Ruslan Kabalin <ruslan.kabalin@luns.net.uk>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

These parameters were already sanitised.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

(based on http://www.petefreitag.com/tools/sql_reserved_words_checker/

)
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Piers Harding <piers@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Penny Leach <penny@mjollnir.org>

    - disable editing of title and description for special view types,
      but give them good fixed values
    - include the description when installing profile and dashboard views,
      since they aren't included when copying a template
    - don't show view submission form for profile and dashboard views
    - move access control for the profile view to the "my portfolio" page
    - exclude dashboard views from search results
Signed-off-by: Evan Goldenberg <evang@catalyst.net.nz>

A global admin option allows site administrators to disable the
information entirely, though it is enabled by default for all new and
existing sites.

Users can opt not to show the information, and an account setting is
present if they wish to have it shown again. The information is shown
between the home page text set by the admin, and the user's dashboard
view.
Signed-off-by: Evan Goldenberg <evang@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Also included is an inbox blocktype for dashboard views which shows the
user's most recent notifications. Multiple instances of this block can
be present in a dashboard view, and the message types displayed in each
can be configured.

A default dashboard view is installed for each user the next time they
log in. Additionally, since the profile view is now shown in the view
list, it is installed on login, rather than when the profile is first
requested.

Conflicts:

	htdocs/lib/version.php
	htdocs/view/blocks.php

so that others in the chain can still be tried (bug #536959)
Signed-off-by: Piers Harding <piers@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Reload user institutions from db on institutional admin pages (bug #494484 - thanks to Ruslan Kabalin)
Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

If a user is a member of multiple institutions, they would have typically
received the theme for the last institution (as returned in an unsorted
order from lib/user.php->load_user_institutions).

This patch introduces a check to determine the user's authentication
instance and the institution associated with that instance.
If a theme is set for that institution, this is used in priority.
Signed-off-by: Andrew Robert Nicols <andrew.nicols@luns.net.uk>

Revert "Prevent users from self deleting if they didn't authenticate from an internal auth mechanism"

This reverts commit 5a595f72.

Signed-off-by: Andrew Robert Nicols <andrew.nicols@luns.net.uk>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Without this fix, institution admins can login as site admins and do
other such administrative tasks (e.g. reset their password), if the site
admin joins their institution.

Reported by Ruslan Kabalin <r.kabalin@lancaster.ac.uk>, who supplied a
patch. My patch skips adding an extra method to find out if a given user
is an admin, though it's not any more performant.
Signed-off-by: Nigel McNie <nigel@catalyst.net.nz>