* changes:
  Fixes for adding users with friendscontrol set to 'auto' (bug #861985)
  Fix acceptance of outdated friendship requests (bug #861985)
  Add integer typecast to userids array in get_users_data function
  Simplify query to get user data for find/my friends (bug #861888)

The flowplayer code was out of date for ie7 and ie8 causing the object
to not load. Additionally, the eolas_fix script was now causing a js
error and has been removed as it was no longer needed.

Change-Id: I67a23f223954276520b6c9da1ae1f7b291e84b47
Signed-off-by: Melissa Draper <melissa@catalyst.net.nz>

auth/saml: Fixed session store check inline with new
config structure that ssphp has.

Change-Id: I94dacd84fea8e5b30ae2cf0c99427b4a063a6e5d
Signed-off-by: Piers Harding <piers@catalyst.net.nz>

Adding users who automatically accept friends failed when the page
from which the form was submitted was out of date.  This change fixes
the case where a user adds a friend who has changed their friendscontrol
setting since the page was loaded.  If they have turned friendscontrol
back to 'auth', the submission will fail with an error; if they have in
the meantime added a friend request to the user who's submitting the
form, it will succeed, and if a user with an open friend request somehow
submits the 'addfriend' form, the friend request will be removed.

Change-Id: I3ab5c1cf4dd263126abb7d2a34490d18b69b4439
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

If you submit an accept friendship form from the my friends or find
friends page, but the request has disappeared in the time since you
loaded the page, the user receives no feedback.  This patch ensures
that the form is actually submitted and validated, and provides an
appropriate message if the request has been denied or accepted.

This patch also ensures that friend acceptance is saved when the
submitted form appears on the second (or later) page of results.

Change-Id: I0bdc8fb370670a8ddb1c41c7db2f3e37c9d70d11
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

This is just to make it easier for the reader to verify that the ids
are what they claim to be.

Also modifies the following query to use placeholders for the user
ids.

Change-Id: I3cca162f0c2cd0a8a26b81d6819c5049572a2b81
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

The query to get user data on the my friends and find friends pages
has an unnecessary union, with one select to get pending friends, and
another to get everyone else.

The result of this is that pending friends are sometimes not shown as
pending if their record was returned by both parts of the query, and
so the logged-in user sometimes can't accept requests on these pages.

Change-Id: I31347d680988f94d9329abb5c2338c0c8c285b00
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

There is currently only a site-wide setting for logged-in profile view
access.  This means that when two institutions share a site, and one
wants open profiles and another only wants institution-visible profiles,
new users in the open-profile institution must be asked to manually add
logged-in access on their profile.  Because we expect many more
open-profile institutions than closed-profile institutions on a site, it
makes more sense to put the onus on the closed-profile institutions to
ensure their members remove logged-in access manually.

This change ensures logged-in access is added to all new profiles, but
only locks that access when the loggedinprofileviewaccess setting is on.

Change-Id: I3375d7b2f8eb635a11879bf7758267f48f74c508
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

When you tag an artefact with 'profile', it appears in your profile
sideblock. The 'Artefacts:' heading above this list has an icon that
overlaps the text.

Change-Id: Ifb03a5e5e49f7c8bfa996dae619d5fd1699fd29d
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

New blocktype icons were introduced in commit e6fe5d86

, but
hardcoded width & height properties in the blocktypelist template
(used by the drag & drop javascript) were never updated to match the
new icons.

Change-Id: I8321945450a502dc91df05aa39f067713fd5e90d
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

to be consistent with "Recommendation". Left the "suggest
in for the notification being sent out because that sounded
better.

Change-Id: I53ba6c91aea6f52a7300ab02661af363b7de36ba
Signed-off-by: Kristina D.C. Hoeppner <kristina@catalyst.net.nz>

Some people already see the new Google documents interface.
The help file is updated to reflect the changes in selecting
the "Publish on the web" link. A few other small changes have
been made to update the workflow.

Change-Id: I167c71c54b1bfdf37a2e6f423408f0590445d499
Signed-off-by: Kristina D.C. Hoeppner <kristina@catalyst.net.nz>

* changes:
  Don't show roles dropdown when the user can't change it (bug #610690)
  Add js to disable suggestions for non-open/request groups (bug #845290)
  Don't allow friend suggestions for certain groups (bug #845290)
  Enable 'hidemembers' when 'hidemembersfrommembers' enabled (bug #504830)

Commit a8102e91

 tried to fetch all users' maildisabled preferences
in the activity_get_users function, but failed because it used the
wrong table alias, so maildisabled is not being respected by the
email_user function whenever email_user is called by an activity
notification (most of the time).

Change-Id: I2a9cf1afa3f8661ff8a52f1ce5aed5d15adaa9da
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

* changes:
  selenium: fix group creation / deletion
  selenium: fix institution user creation
  selenium: fix view creation

The grouptype (roles) drop-down is displayed even when the logged in
user can't create course groups.  It should be hidden in this case.

Change-Id: I91bd037c807ba88cd9a02f1c9852beb22b23ce94
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Adds some javascript to ensure that the suggestfriends option is
compatible with the open/request/controlled option.

Change-Id: I643cd1171382cb82ab07143eef0c773369be5644
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

When a group is not open and doesn't allow membership requests, there
is no point in allowing members to suggest the group to their friends,
because there's nothing those friends can do about the suggestion.

The 'suggest' button already appears only for open & request groups,
but this change adds an error on the edit group page when a user tries
to set suggestfriends on a non-open, non-request group.

Change-Id: Ie8f468b9f04ca7e70570b24e1b405634aa1f1fe6
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

On the edit group form, ensure that 'hidemembers' is checked when
'hidemembersfrommembers' is checked.  This doesn't affect the way the
settings are interpreted on the site, but may give the user a better
understanding about how the settings work.

Change-Id: I4741a80be342b693e1af515f74cdc30828927c5b
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Whenever a textbox block title was changed, the html artefact inside
it also had its title changed.  That was confusing, so instead we're
going to set the html artefact's title once, when the textbox is first
created (generating a title for it if the block has no title).  Once
the html artefact has been created, the title can no longer be modified
from the view editor again.  However, the ability to update the artefact
title from the notes area is added, so that the user can keep the title
in sync with the block titles if they want to.

Change-Id: I98e2529e7c81759c9b22130da355e227c8f3d577
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Change-Id: Ibf781aee5bb96909e8cc9d1cacecf84d6c194132
Signed-off-by: Kristina D.C. Hoeppner <kristina@catalyst.net.nz>

Bug #597479

Blocktype plugin that allows the user to select a tag, which then
displays: all blog posts, from all blogs, owned by this user, tagged
with the selected tag.
Update: moved from main blocktype area to artefact/blog/blocktype

Change-Id: I28ddeb7181188c1441c7a6fb55aa3200192fe112
Signed-off-by: Chris Wharton <chrisw@catalyst.net.nz>

Change-Id: I3cf628b84dec10d80ce3a859d342f0c37e6c5f58
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

When a user is added to an institution, an attempt is made to insert a
view_access record into the database without a value for the not null
ctime column.  This patch adds a ctime value for new access records
inserted in View::add_owner_institution_access().

The call to ensure_record_exists has been removed, because that function
is a bit too fragile for this case: it will fail if there is more than
one record which matches the $whereobject passed to it.

Change-Id: Ie6871d7137d78cd2d70ae4800b4c5613de47dfaf
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

When arriving at Mahara for the first time via SSO, the newly created user
is added to an institution.  During that process an attempt is made to add
institution access to the user's profile view before it gets created.  This
patch adds a check (and when the profile view eventually gets created,
institution access is added for all the owner's institutions).

Change-Id: I6a6d4fc3dcb324905e67f4d52aac4160cf9ce089
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

The group creation UI changed when the group type changes got
merged.

Change-Id: If32c8a8af3cd12dd4d5d083222b3917d23ce4263
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

This test was checking to make sure that the "change password on
next login" setting was broken.

Change-Id: I2feafe7c5b93d62c7dc92d94bb382580d0d3603d
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

This broke when we made "Edit Title and Description" the default
page in the view editor.

Change-Id: I24226f152a7bbf56bc8e2150e48100705acf8280
Signed-off-by: Francois Marier <francois@catalyst.net.nz>