This feature adds standard license metadata fields on every artefact and every
artefact edit page. This allows users to specify the license for the content
they create or upload. For content originating elsewhere, the users can also
enter the name of the licensor and original URL.

Previously, adding license metadata to an artefact or page was achievable in an
ad hoc fashion using a block on a page, but had many limitations.

See also bug #1095499.

This commit changes the database schema and the artefact abstract data type.

Change-Id: Icf9143864a252b43fa91294825b24e5a65c0b4d5
Signed-off-by: Jiri Baum <jiri@catalyst-au.net>

Log events, including both user IDs when masquerading is in progress. The log
can be configured to log all events or only those while masquerading is in
progress or none. The log is expired after a configurable delay.

Note that this logs all events (or all masquerading events) even though this
feature only includes one report of one type of event.

Change-Id: I7a59d98b84b0527a55363b4d01448b9b1809aa9e
Signed-off-by: Jiri Baum <jiri@catalyst-au.net>

Add date limits (from-until) to groups; members will only be able to make
changes in the group during the specified time period.

This commit adds the date limit fields to the database schema.

Change-Id: I9feb44b247a8614020540102a30e595308f96f00
Signed-off-by: Jiri Baum <jiri@catalyst-au.net>

This adds a configuration option to the group edit page which allows
those who can admin the group to enable participation reports. The
default setting is off to avoid cluttering the menu for those who
don't care.

Change-Id: I2339d7c1693c44bf13b54b66d6563e93b12a1358
Signed-off-by: Melissa Draper <melissa@catalyst.net.nz>

These field will be used to enable collections in group and institution.
See also Bug#886080

Change-Id: I208ee9ee518a9d28e72930cdb0cf1dc4647eaf2f
Signed-off-by: Son Nguyen <son.nguyen@catalyst.net.nz>

Change-Id: Ifdc7dbaf2ec7c3ebaa40cb557e0a093423c5c71d
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

Change-Id: Ie0d96d6caa5b6aff66bdb49e14940ab349046147
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

Copied from the mahara.org registration table. It stores each registration field
in a local database with a timestamp of when the data was obtained.

This storage is done whether or not the data is actually sent to mahara.org.

Change-Id: Ib8478b0caa97c5cc5f04a7d5b44f2a9ac11f9ce8
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

Change-Id: I3841a74d47bf7f53a1e4f648cb95b71b0d1a9cff
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Bug #1006634, part 1

These columns will hold the portions of a full page url which relate
to users, groups, and views respectively.

Change-Id: I50e19f822ef2b8e2f0116db81f27cb4d3bb1bd53
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

When a user clicks on "BrowserID Login", one of three things will happen
1- If they have an account, they will login
2- If they don't but there is one authinstance with browserid is present
    AND it has weautocreateusers enabled, then they will get an account
    in that institution, and login
3- If none of the above is true, they will get redirected to a register
    page, which follows same self registration pattern as the internal
    authentication with the "confirm email" step removed.

Change-Id: Idde3166e0664bf2acdc1da32271125e91d43af9c
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

When a new user registers for an institution that requires approval,
allow the institutional admin assign staff permissions during the
approval process, based on the user's (confirmed) email address.

This is done by adding an 'extra' field to usr_registration containing
serialised data, so that more user settings can be added to the
approval form in future.

Change-Id: Ie381f1341e43109340479f06f448ece11ebb561d
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Builds the htmlpurifier safe iframe regexp from a list of sites stored
in the database, instead of a hardcoded array.

Each site in the safe iframe list is associated with a name.  This
will allow several regexp items to be grouped together under the same
name when they're matching urls from the same site.

Additionally, the domain part of each site is stored in a second list
along with the names, so that it will be easy to fetch the favicon for
display in places such as the external media block configuration form.

Change-Id: I7fd2bfefbff0881e70b94beb9e8d3efb43f0f9e7
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

The unread message counts are expensive to query in postgres when
notification_internal_activity gets big.  This results in very slow
logins (the first time the query is run).  This patch adds a new
column for each user to store the unread message count.

The counts are updated using a trigger on insert, update and delete
of the notification_internal_activity table.

Change-Id: Ifb24c6892567658584f45825437bb7a8f20cc310
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Bug #897631

This is a small modification to allow group_member table to have
a new field called method. Method can be used to indicate how
that user was added to the group.

It can be useful to implement syncro with other systems.

Change-Id: I92cd64e1fcf72927f16b496a5e17fa5da992a329
Signed-off-by: Juan Segarra Montesinos <juan.segarra@si.uji.es>

The get_user function only converts two of the timestamp db columns
into unix timestamps.  None of the additional fields are used yet, but
all should be converted the same way to avoid nasty surprises.

Change-Id: Ie40797136c68ea7501aace3b0fa41f75bbba64f7
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

The values of artefact,usr columns of the table are not necessarily
unique.  Perhaps a better option would be to create an id column.
This primary key was added in a3f6fbfe

.

Change-Id: Ib151a14f0943d799d45a7697abc00f117883cd95
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Bug #845948

Change-Id: I447f82e2296d20197e138f3f619798fdf16417da
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

To deter brute-forcing of passwords (and prevent ensuing DoS attacks),
this patch temporarily lock accounts after 5 tries, and every 5 minutes
counts above 0 get reset.

Change-Id: Iee9739a69b95b906b6f485f7d90041b50968dcc6
Signed-off-by: Melissa Draper <melissa@catalyst.net.nz>

When 'invitefriends' is enabled, all members of the group get a
button on the group homepage which allows them to send membership
invitations to anyone on their friends list.  The 'suggestfriends'
setting allows group members to spam their friends with suggestions
that they join the group.

Part of https://wiki.mahara.org/index.php/Developer_Area/Specifications_in_Development/Groups_revamp



Change-Id: Ifaf91ea59d569255de861efdcab97745f3feaa3a
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

This creates groups in which members can't search for each other.
Group admins can get to the member listing, but tutors cannot: the
stated use case is anonymous reviewer groups.

Change-Id: Id2550e574b55ceeb43958475340e967de16850f1
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Site & institutional admins & staff can check a 'hide membership'
checkbox on the edit group page.  Non-members cannot access the
membership lists of these groups, and when they view the group,
both the members block and members tab are hidden.  Site admins
and staff can still access the members page directly.

Also filters the my friends block by changing that block to use
group_get_user_groups rather than group_get_associated_groups.

See http://mahara.org/interaction/forum/topic.php?id=2229



Change-Id: Iaa907484c5d395cdf3869565fcf1c47c2faec733
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Adds a 'hidden' checkbox on the group edit form for site &
institutional admins & staff.  Hidden groups are filtered out of
searches on the find groups page, unless the logged-in user is
already a member.

Adds a new 'Visibility' section to the edit group page.

Change-Id: I25e32623f150cb393f126dccdad50d705684b59e
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Admins can set the 'locked' property on a group view, and this will
stop non-admin members from editing the view, regardless of the view
editing permissions given to roles within the group.

Change-Id: I56c113a9d4e8fcab5463fa1c54bf456f7fc2364b
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Passphrases are better than passwords. Make it possible to have a
passphrase longer than 40 characters. 255 varying characters ought
to be enough for anybody.

Change-Id: I9f9b78259abf029118ce804d95f04f42c3136a21
Signed-off-by: Melissa Draper <melissa@catalyst.net.nz>

The roles which have edit permissions on group views is set for each
grouptype.  This changes the setting to be per-group.

Partially addresses bug #547362, bug #631189

Change-Id: I3f51f0ed44b7f479a094a2c5b2e2ee4807722e34
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

View submission was previously enabled on all (and only) course
grouptype groups (those groups with tutors).  After this change
view submission can be turned on and off on any group, and if a
group has no tutors (standard grouptype), then only the group
admins will be allowed to assess submitted views.

Change-Id: I6df7f9dfc1b9fadbe39887ead4c1aa5c7a9eaed6
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

The four existing jointypes, 'open', 'controlled', 'request' and
'invite' are mutually exclusive, but they don't need to be so strict.
This patch introduces more flexibility in the way groups allow new
members to join.

* Group admins can always send membership invitations to a group, even
  if it's open or controlled
* Membership requests can be enabled for any group unless it has open
  membership.
* The grouptype now determines the set of roles available to a group,
  but no longer restricts the available join types.

The db upgrade will preserve existing behaviour apart from enabling
invitations on open, request, and controlled groups.

Change-Id: I8bb0940a37f3c0c36366c1d5b8d27e8b9914a7e3
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Part of bug #807278

Enable the ability for users to share their views/collections with
the institutions they are members of.

Change-Id: Id647672141610cced579dbf199690292a249e7b7
Signed-off-by: Eugene Venter <eugene@catalyst.net.nz>

Change-Id: I8cbb098a611c5c7d05530dfd773f2e9f67960008
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Bug #805780

If set, the value refers to an artefact id of an image owned by the
institution

Change-Id: I30ce39b400f12f77579c984090010b2ddd5d29d0
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Bug #805742

Also ensures the profileicon field is cleared when the artefact
it points to gets deleted.

Change-Id: Idfda6111b3d653e26225bff90500706ec5dd66a7
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

There is now a new option in the settings for an institution to
confirm registrations. When this is set, a new user admitting
themselves to an institution is required to complete an extra step
during registration, where they must provide a "reason" for their
registration.

After email verification the user must wait until an administrator
approves or denies their registration before they can properly
access the site. For the administrator, this is done via a new
admin page under Institutions, called "Pending Registrations".

Change-Id: I2bd68e39a9f4ef89f350ac573d8232f342de6fdc
Author: Stacey Walker <stacey@catalyst-eu.net>
Signed-off-by: Brett Wilkins <brett@catalyst.net.nz>
Signed-off-by: Darryl Hamilton <darrylh@catalyst.net.nz>

Adds a table to store user tags. These tags will be used
in the future for search queries, and the potential for
other uses

Bug #800926

Change-Id: Ia7b040790a9bf8e0b5833aaf7ca7e0f787f1289e
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

A favourites list is a list of users who you are likely to want to
share your views with.  Users can own multiple favorites lists, and
some of these lists may be maintained by an institution on the user's
behalf.

Change-Id: I1764d4639393a982371c33dc38d60fea659be1e5
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Bug #794385 - Implemented as a checkbox on the institution details
page. This checkbox is disabled if the site wide setting is not set.

Additional method on the User class that returns true if any of
the institutions that the user belongs to allows public views.

Change-Id: I0d58d1056efb0d84eb5ee092c4ee2db978853ce6
Signed-off-by: Darryl Hamilton <darrylh@catalyst.net.nz>

This will allow groups to be created and updated on behalf of an
institution via a web services api.  The shortname is a group
identifier created when a group is created by an external host,
which can be used to identify it in subsequent updates to the group
and its membership.

Change-Id: Ieb8990d6736aa071899df6a625ceda7d299fb8dc
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

bug#794368

Change-Id: I5d658b6da7591accb5680a812f8759a2384ae5ac
Signed-off-by: Stacey Walker <stacey@catalyst-eu.net>

Change-Id: I6d44a6ad4dade82037610a14ee6d7aa342bcb2bc
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

Change-Id: Id4880764ab395ea56395a57f52258968097bb02b
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>