Added the refresh mobileuploadtoken feature/functionality and removed the erroneous mobileuploadtoken from usr object

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Also refresh quotas at the time of filebrowser pieform element creation.

Signed-off-by: Ruslan Kabalin <ruslan.kabalin@luns.net.uk>
Signed-off-by: Andrew Robert Nicols <andrew.nicols@luns.net.uk>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Absolutely any institution admin was granted editing permisions to artefacts
that use 'can_edit_artefact' method to check editing permision ("Comments" in
particular).

Signed-off-by: Ruslan Kabalin <ruslan.kabalin@luns.net.uk>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

These parameters were already sanitised.

Signed-off-by: Francois Marier <francois@catalyst.net.nz>

(based on http://www.petefreitag.com/tools/sql_reserved_words_checker/

)

Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Piers Harding <piers@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Penny Leach <penny@mjollnir.org>

    - disable editing of title and description for special view types,
      but give them good fixed values
    - include the description when installing profile and dashboard views,
      since they aren't included when copying a template
    - don't show view submission form for profile and dashboard views
    - move access control for the profile view to the "my portfolio" page
    - exclude dashboard views from search results

Signed-off-by: Evan Goldenberg <evang@catalyst.net.nz>

A global admin option allows site administrators to disable the
information entirely, though it is enabled by default for all new and
existing sites.

Users can opt not to show the information, and an account setting is
present if they wish to have it shown again. The information is shown
between the home page text set by the admin, and the user's dashboard
view.

Signed-off-by: Evan Goldenberg <evang@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Also included is an inbox blocktype for dashboard views which shows the
user's most recent notifications. Multiple instances of this block can
be present in a dashboard view, and the message types displayed in each
can be configured.

A default dashboard view is installed for each user the next time they
log in. Additionally, since the profile view is now shown in the view
list, it is installed on login, rather than when the profile is first
requested.

Conflicts:

	htdocs/lib/version.php
	htdocs/view/blocks.php

so that others in the chain can still be tried (bug #536959)

Signed-off-by: Piers Harding <piers@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Reload user institutions from db on institutional admin pages (bug #494484 - thanks to Ruslan Kabalin)

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

If a user is a member of multiple institutions, they would have typically
received the theme for the last institution (as returned in an unsorted
order from lib/user.php->load_user_institutions).

This patch introduces a check to determine the user's authentication
instance and the institution associated with that instance.
If a theme is set for that institution, this is used in priority.

Signed-off-by: Andrew Robert Nicols <andrew.nicols@luns.net.uk>

Revert "Prevent users from self deleting if they didn't authenticate from an internal auth mechanism"

This reverts commit 5a595f72.

Signed-off-by: Andrew Robert Nicols <andrew.nicols@luns.net.uk>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Without this fix, institution admins can login as site admins and do
other such administrative tasks (e.g. reset their password), if the site
admin joins their institution.

Reported by Ruslan Kabalin <r.kabalin@lancaster.ac.uk>, who supplied a
patch. My patch skips adding an extra method to find out if a given user
is an admin, though it's not any more performant.

Signed-off-by: Nigel McNie <nigel@catalyst.net.nz>

Without this fix, institution admins can login as site admins and do
other such administrative tasks (e.g. reset their password), if the site
admin joins their institution.

Reported by Ruslan Kabalin <r.kabalin@lancaster.ac.uk>, who supplied a
patch. My patch skips adding an extra method to find out if a given user
is an admin, though it's not any more performant.

Signed-off-by: Nigel McNie <nigel@catalyst.net.nz>

Signed-off-by: Nigel McNie <nigel@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

We've always had the ability for auth instances to define ->logout, this
adds ->login as well, along a very similar vein.