--- loncom/auth/lonroles.pm 2008/09/02 02:56:52 1.205
+++ loncom/auth/lonroles.pm 2008/11/12 20:01:09 1.210
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# User Roles Screen
#
-# $Id: lonroles.pm,v 1.205 2008/09/02 02:56:52 raeburn Exp $
+# $Id: lonroles.pm,v 1.210 2008/11/12 20:01:09 jms Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -27,6 +27,103 @@
#
###
+=pod
+
+=head1 NAME
+
+Apache::lonroles - User Roles Screen
+
+=head1 SYNOPSIS
+
+Invoked by /etc/httpd/conf/srm.conf:
+
+
+ PerlAccessHandler Apache::lonacc
+ SetHandler perl-script
+ PerlHandler Apache::lonroles
+ ErrorDocument 403 /adm/login
+ ErrorDocument 500 /adm/errorhandler
+
+
+=head1 OVERVIEW
+
+=head2 Choosing Roles
+
+C is a handler that allows a user to switch roles in
+mid-session. LON-CAPA attempts to work with "No Role Specified", the
+default role that a user has before selecting a role, as widely as
+possible, but certain handlers for example need specification which
+course they should act on, etc. Both in this scenario, and when the
+handler determines via C's C<&allowed> function that a certain
+action is not allowed, C is used as error handler. This
+allows the user to select another role which may have permission to do
+what they were trying to do. C can also be accessed via the
+B button in the Remote Control.
+
+=begin latex
+
+\begin{figure}
+\begin{center}
+\includegraphics[width=0.45\paperwidth,keepaspectratio]{Sample_Roles_Screen}
+ \caption{\label{Sample_Roles_Screen}Sample Roles Screen}
+\end{center}
+\end{figure}
+
+=end latex
+
+=head2 Role Initialization
+
+The privileges for a user are established at login time and stored in the session environment. As a consequence, a new role does not become active till the next login. Handlers are able to query for privileges using C's C<&allowed> function. When a user first logs in, their role is the "common" role, which means that they have the sum of all of their privileges. During a session it might become necessary to choose a particular role, which as a consequence also limits the user to only the privileges in that particular role.
+
+=head1 INTRODUCTION
+
+This module enables a user to select what role he wishes to
+operate under (instructor, student, teaching assistant, course
+coordinator, etc). These roles are pre-established by the actions
+of upper-level users.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+
+=head1 HANDLER SUBROUTINE
+
+This routine is called by Apache and mod_perl.
+
+=over 4
+
+=item *
+
+Roles Initialization (yes/no)
+
+=item *
+
+Get Error Message from Environment
+
+=item *
+
+Who is this?
+
+=item *
+
+Generate Page Output
+
+=item *
+
+Choice or no choice
+
+=item *
+
+Table
+
+=item *
+
+Privileges
+
+=back
+
+=cut
+
+
package Apache::lonroles;
use strict;
@@ -146,16 +243,36 @@ sub handler {
# Is this an ad-hoc CA-role?
if (my ($domain,$user) =
($envkey =~ m-^form\.ca\./($match_domain)/($match_username)$-)) {
- # Check if author blocked ca-access
- my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],$domain,$user);
- if ($blocked{'domcoord.author'} eq 'blocked') {
- my %roleshash = &Apache::lonnet::get_my_roles($user,$domain);
- if (!defined($roleshash{$env{'user.name'}.':'.$env{'user.domain'}.':ca'})) {
- delete($env{$envkey});
- $env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access';
+ if (($domain eq $env{'user.domain'}) && ($user eq $env{'user.name'})) {
+ delete($env{$envkey});
+ $env{'form.au./'.$domain.'/'} = 1;
+ my ($server_status,$home) = &check_author_homeserver($user,$domain);
+ if ($server_status eq 'switchserver') {
+ my $trolecode = 'au./'.$domain.'/';
+ my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
+ $r->internal_redirect($switchserver);
+ }
+ last;
+ }
+ if (my ($castart,$caend) = ($env{'user.role.ca./'.$domain.'/'.$user} =~ /^(\d*)\.(\d*)$/)) {
+ if (((($castart) && ($castart < $now)) || !$castart) &&
+ ((!$caend) || (($caend) && ($caend > $now)))) {
+ my ($server_status,$home) = &check_author_homeserver($user,$domain);
+ if ($server_status eq 'switchserver') {
+ my $trolecode = 'ca./'.$domain.'/'.$user;
+ my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
+ $r->internal_redirect($switchserver);
+ }
last;
}
}
+ # Check if author blocked ca-access
+ my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],$domain,$user);
+ if ($blocked{'domcoord.author'} eq 'blocked') {
+ delete($env{$envkey});
+ $env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access';
+ last;
+ }
if ($dcroles{$domain}) {
my ($server_status,$home) = &check_author_homeserver($user,$domain);
if (($server_status eq 'ok') || ($server_status eq 'switchserver')) {
@@ -463,6 +580,8 @@ ENDHEADER
my $advanced=$env{'user.adv'};
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['tryagain']);
my $tryagain=$env{'form.tryagain'};
+ my $reinit=$env{'user.reinit'};
+ delete $env{'user.reinit'};
# -------------------------------------------------------- Generate Page Output
# --------------------------------------------------------------- Error Header?
@@ -492,10 +611,16 @@ ENDHEADER
&Apache::lonenc::check_encrypt($fn));
} else {
if ($env{'user.error.msg'}) {
- $r->print(
+ if ($reinit) {
+ $r->print(
+ '
'.
+ &mt('As your session file for the course has expired, you will need to re-select the course.').'
');
+ } else {
+ $r->print(
'
'.
&mt('You need to choose another user role or enter a specific course for this function').'
');
- }
+ }
+ }
}
# -------------------------------------------------------- Choice or no choice?
if ($nochoose) {
@@ -669,7 +794,7 @@ ENDHEADER
$twhere=&mt('system wide');
$sortkey=$role.$twhere;
}
- $roletext.=&build_roletext($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver);
+ $roletext.=&build_roletext($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver,$reinit);
$roletext{$envkey}=$roletext;
if (!$sortkey) {$sortkey=$twhere."\0".$envkey;}
$sortrole{$sortkey}=$envkey;
@@ -722,30 +847,7 @@ ENDHEADER
}
$r->print(&Apache::loncommon::end_page());
return OK;
-# Is there only one choice?
- } elsif ($countactive==1) {
- my $needs_switchserver;
- if ($env{'user.author'}) {
- $needs_switchserver = &check_needs_switchserver($possiblerole);
- }
- if ((!$needs_switchserver) && ($env{'request.role'} eq 'cm')) {
- $r->print('
\n".
- &mt('Construction Space access is only available from '.
- 'the home server of the corresponding Author.').' '.
- &mt("Click the 'Switch Server' link to go there.").' ');
- }
}
-# More than one possible role
# ----------------------------------------------------------------------- Table
unless ((!&Apache::lonmenu::show_course()) || ($nochoose) || ($countactive==1)) {
$r->print("
".&mt('Select a Course to Enter')."
\n");
@@ -991,7 +1093,7 @@ sub role_status {
}
sub build_roletext {
- my ($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver) = @_;
+ my ($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver,$reinit) = @_;
my $roletext='
';
my $is_dc=($trolecode =~ m/^dc\./);
my $rowspan=($is_dc) ? ''
@@ -1021,8 +1123,16 @@ sub build_roletext {
'
';
+ } elsif ($reinit) {
+ $roletext.=
+ '
';
} else {
- $roletext.='
';
+ $roletext.=
+ '
';
}
}
if ($trolecode !~ m/^(dc|ca|au|aa)\./) {
@@ -1139,7 +1249,15 @@ sub adhoc_course_role {
return;
}
}
- my (%userroles,%newrole,%newgroups);
+ my (%userroles,%newrole,%newgroups,%group_privs);
+ my %cgroups =
+ &Apache::lonnet::get_active_groups($env{'user.domain'},
+ $env{'user.name'},$cdom,$cnum);
+ foreach my $group (keys(%cgroups)) {
+ $group_privs{$group} =
+ $env{'user.priv.cc./'.$cdom.'/'.$cnum.'./'.$cdom.'/'.$cnum.'/'.$group};
+ }
+ $newgroups{'/'.$cdom.'/'.$cnum} = \%group_privs;
my $area = '/'.$cdom.'/'.$cnum;
my $spec = $role.'.'.$area;
if ($usec ne '') {
@@ -1147,7 +1265,7 @@ sub adhoc_course_role {
$area .= '/'.$usec;
}
&Apache::lonnet::standard_roleprivs(\%newrole,$role,$cdom,$spec,$cnum,$area);
- &Apache::lonnet::set_userprivs(\%userroles,\%newrole,%newgroups);
+ &Apache::lonnet::set_userprivs(\%userroles,\%newrole,\%newgroups);
my $adhocstart = $then-1;
$userroles{'user.role.'.$spec} = $adhocstart.'.';
&Apache::lonnet::appenv(\%userroles,[$role,'cm']);