Server upgrades, feature additions and lots of improvements

This update (a8682bc) brings with it the following changes:

Terminology changes:

• What was earlier known as a PIN code is now called an access key.
• PIN code series are now known as access key collections.

New features:

• The access keys associated with a user is displayed on the user profile page.
  • Administrative buttons to remove access keys have been added in case confusing privileges have been assigned.
  • Access keys can now be invalidated, which is done when they are removed from a user on their profile page.
• Access given by access keys are now validated during login, which should ensure they are always current.
  • If a user logs in via e-Portal, but they have an expired access key that has not been invalidated, they will be given access via e-Portal, but immediately lose access because of the expired access key. By logging in again the privileges associated with the e-Portal login should be enabled, as the access key expiration will not be performed multiple times.
  • If a user loses access and is immediately given new access, their role in the institution and course will be reset to student. Because of this behavior, access keys with expiration dates should not be used to give supervisors access.
• Allow the recorder() template function to set soft and hard time limits. This can be used to specify the maximum length of a recording. Only the Flash-based recorder implements this feature.
• Voice comments can be directly recorded from the commenting user interface.
• A new template function called quiz_aggregate() has been made available, which is used to perform aggregate calculations on the quiz score of multiple objects for the current user. This should make it possible to create quiz summary documents more easily.
• It is now possible to parse CSV files directly in templates using the parse_csv() function. It returns an iterator object that can be used in different ways.
  • The CSV column separator should be specified in the object custom_init variable csv_sep_char. If it is not specified it defaults to a comma. You can only use a single character as the separator.
  • You can also specify a flag to indicate that the CSV file has a header in the first line. If csv_has_header=1 is specified in the object's custom_init, the first line will be used as the column names. This will also make the iterator return hashes instead of arrays.
• A new generic CSV request handler was implemented, with one action that sends email to a recipient specified in the CSV file using a custom email template. When using this feature the current user will always receive a copy of the email.
• A generic decode_json() template function that can be used to convert e.g. config variables in JSON format to a data structure usable by templates.
• A template function called inflate_users_by_config() has been added that allow users to be fetched that have a specific config variable set.

Performance improvements:

• Upgraded web server to Ubuntu 14.04 LTS.
• Upgraded database server to PostgreSQL 9.3.
• Upgraded Perl to 5.18.
• Improved object accessor method performance. This should give an all-round speed boost.
• Significantly improved the speed of the institution user overview report. Now it should be able to display a list of 7000 users in about 5-10 seconds.
• Only load JavaScript-based translations for the active language instead of all languages. Should increase page
rendering/parsing time.

Enhancements:

• The read_account (user profile) request handler has been rewritten. Some variables have been renamed: manage_account => can_manage, config => user_config_map.
• When activating an access key a user is automatically logged in again to ensure the access the key gives is activated.
• The recorder() template function now has a recipient parameter which allows sending the recording to a user.
• The config() template function can now fetch information about other users, but only if you're part of a group that has a particular permission. Not even global administrators have this permission by default. If you've got this permission you can only view information on users that are part of the same institution as the group that gave you the permission.

Security issues:

• Remove access to a user's password in the element_comments template.
• Ensure sensitive user details are not logged backend.

Bugfixes:

• Ensure login panel is always visible for anonymous users, regardless of browser session preference.
• Institution roles on user profile pages belonged to the logged-in user, not the user being viewed.
• Fix usability issue in comment editing user interface.
• Ensure two ping requests being sent at the same time do not generate database error but a normal error message instead.
• Avoid database error (race condition) when storing quiz score and scoring hand-in assignments.
• Fix margin issue on radio quiz types when used with right-to-left languages.
• Add a polyfill for missing Function.prototype.bind JavaScript feature in IE8.

Feature removals / deprecations:

• It is no longer possible to limit a user from login in using date ranges. This feature caused a lot of support issues and has been rewritten to only affect permissions and membership instead of the ability to login.
• The message_system() template function is now completely redundant, now that we have the new recorder. It is still functional and works as it did previously, but it is now using the new recorder instead of a popup window.
  • message_system() will also check if the current supervisor is actually set to something and give you an error if it isn't, to avoid some unexpected behavior if a user is not in a course or doesn't have a supervisor.