stephen marquard <stephen.marquard@uct.ac.za> in Sakai.Git

Switch from Spring FileCopyUtils which returns an int to

commons-io IOUtils.copyLarge which returns long for file length,

to avoid getting an incorrect content length when uploading files

larger than 2G.

Add a tool configuration option that prevents a tool from being duplicated to a new site

When a site is duplicated, tools with this configuration:

<configuration name="allowToolDuplicate" value="false" />

will not be copied to the duplicated site.

DeliveryActionListener has a large try/catch block that catches RuntimeException

and then adds an error the error log.

If an exception is caught for an assessment preview, the real error is masked

because the T&Q event logging code attempts to get an assessmentGradingId

which is null (and really there's nothing meaningful to log here since it's a

preview and the event log doesn't log previews).

So we should check for that and throw the real exception earlier before

attempting to update the event log.

Introduces a pseudo permission and reference that can be allowed

in a SecurityAdvisor to enable code to perform CM updates, without

requiring the user session to be set to admin.

(cherry picked from commit d0e030b1733cbedf8dce07014b32b00c8cf88a56)

* SAK-41298 Document maxAuthenticationAge property for SAML auth

* Update xlogin-context.saml.adfs-prod.xml

SAK-41298 Update the ADFS max auth age to 86400 (1 day) as ADFS sets this to the time of first login

(cherry picked from commit 03a98d62729666bd46251eed5d693acc0f2cebe7)

Ignore these rather than throwing an exception, so we don't get a bug report.

The UI will never generate invalid params here, so this is to catch any

search engines or fuzzing scripts that request invalid URLs.

(cherry picked from commit 03a1f817691dfb2bcf6d58ffce426f9b8ca715b3)

To mitigate threads blocking on filesystem access; see JIRA issue for more detailed explanation.

* SAK-40571 Don't check basic auth if no Authorization header is present

Avoids an unnecessary stack trace being logged

* SAK-40571 Remove now-redundant null check for auth header

SAK-10868 and SAK-39642 added support for context-specific user aliases, that is a display name for a user that can be different in a specific site context.

This supports the "role play" or "user alias" use case, for example for simulation games (. There is a contrib implementation for this (https://confluence.sakaiproject.org/display/RPLAY/Home) in use by UCT and possibly others.

When implemented, it was sufficient to resolve the site context from the tool context, but as more tools have moved to using /direct/ or other REST endpoints for tool data, this no longer works as the tool placement is not available, specifically for chatData in the Chat Tool.

This task adds methods to the User API so that tool- and service endpoints can get a display name for a user for a specific site context explicitly.

This also allows us to remove explicit use of ContextualUserDisplayService in various tool code.

This PR adds the User API methods, updates implementations and mocks of User and adds support in the Chat tool code.

So we don't have to get all of them from the database every time we get a channel object

(cherry picked from commit 7768cd27c67ca2ef7f196762bfe4fcdb69dfddff)