loncom/auth/lonroles.pm - diff

Return to lonroles.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonroles.pm between versions 1.182 and 1.190

version 1.182, 2008/01/26 21:12:32	version 1.190, 2008/05/14 22:26:48
Line 106 sub handler {	Line 106 sub handler {

# ================================================================== Roles Init	# ================================================================== Roles Init
if ($env{'form.selectrole'}) {	if ($env{'form.selectrole'}) {

	my $locknum=&Apache::lonnet::get_locks();
	if ($locknum) { return 409; }

if ($env{'form.newrole'}) {	if ($env{'form.newrole'}) {
$env{'form.'.$env{'form.newrole'}}=1;	$env{'form.'.$env{'form.newrole'}}=1;
}	}
if ($env{'request.course.id'}) {	if ($env{'request.course.id'}) {
	# Check if user is CC trying to select a course role
	if ($env{'form.switchrole'}) {
	if (!defined($env{'user.role.'.$env{'form.switchrole'}})) {
	&adhoc_course_role($then);
	}
	}
my %temp=('logout_'.$env{'request.course.id'} => time);	my %temp=('logout_'.$env{'request.course.id'} => time);
&Apache::lonnet::put('email_status',\%temp);	&Apache::lonnet::put('email_status',\%temp);
&Apache::lonnet::delenv('user.state.'.$env{'request.course.id'});	&Apache::lonnet::delenv('user.state.'.$env{'request.course.id'});
}	}
&Apache::lonnet::appenv("request.course.id" => '',	&Apache::lonnet::appenv({"request.course.id" => '',
"request.course.fn" => '',	"request.course.fn" => '',
"request.course.uri" => '',	"request.course.uri" => '',
"request.course.sec" => '',	"request.course.sec" => '',
"request.role" => 'cm',	"request.role" => 'cm',
"request.role.adv" => $env{'user.adv'},	"request.role.adv" => $env{'user.adv'},
"request.role.domain" => $env{'user.domain'});	"request.role.domain" => $env{'user.domain'}});

# Check if user is a DC trying to enter a course or author space and needs privs to be created	# Check if user is a DC trying to enter a course or author space and needs privs to be created
if ($numdc > 0) {	if ($numdc > 0) {
foreach my $envkey (keys %env) {	foreach my $envkey (keys %env) {
# Is this an ad-hoc CC-role?	# Is this an ad-hoc CC-role?
if (my ($domain,$coursenum) =	if (my ($domain,$coursenum) =
($envkey =~ m-^form\.cc\./($match_domain)/($match_courseid)$-)) {	($envkey =~ m-^form\.cc\./($match_domain)/($match_courseid)$-)) {
	# See if that is even allowed
	my %crsenv=&Apache::lonnet::get('environment',['internal.courseowner'],$domain,$coursenum);
	# First find course owner
	my ($owneruser,$ownerdomain)=split(/\:/,$crsenv{'internal.courseowner'});
	# Check if course owner blocked cc-access
	if (($owneruser) && ($ownerdomain)) {
	my %blocked=&Apache::lonnet::get('environment',['domcoord.cc'],$ownerdomain,$owneruser);
	if ($blocked{'domcoord.cc'} eq 'blocked') {
	$env{'user.error.msg'}=':::1:Course owner '.$owneruser.' in domain '.$ownerdomain.' blocked domain coordinator access';
	last;
	}
	}
if ($dcroles{$domain}) {	if ($dcroles{$domain}) {
&check_privs($domain,$coursenum,$then,$now,'cc');	&check_privs($domain,$coursenum,$then,$now,'cc');
}	}
last;	last;
}	}
# Is this a recent ad-hoc CA-role?	# Is this a recent ad-hoc CA-role?
if (my ($domain,$coursenum) =	if (my ($domain,$user) =
($envkey =~ m-^form\.ca\./($match_domain)/($match_courseid)$-)) {	($envkey =~ m-^form\.ca\./($match_domain)/($match_username)$-)) {
if ($dcroles{$domain}) {	# See if still allowed
&check_privs($domain,$coursenum,$then,$now,'ca');	my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],$domain,$user);
	if ($blocked{'domcoord.author'} eq 'blocked') {
	delete($env{$envkey});
	$env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access';
	last;
	}
	if (($dcroles{$domain}) && (&is_author_homeserver($user,$domain))) {
	&check_privs($domain,$user,$then,$now,'ca');
	} else {
	delete($env{$envkey});
}	}
last;	last;
}	}
# Is this a new ad-hoc CA-role?	# Is this a new ad-hoc CA-role?
if (my ($domain) =	if (my ($domain) =
($envkey =~ m-^form\.adhocca\./($match_domain)$-)) {	($envkey =~ m-^form\.adhocca\./($match_domain)$-)) {
	my $user=$env{'form.adhoccauname.'.$domain};
	if (!$user) { $user=$env{'form.adhoccaunamerecent.'.$domain} };
	# See if that is even allowed
	my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],$domain,$user);
	if ($blocked{'domcoord.author'} eq 'blocked') {
	$env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access';
	last;
	}
if ($dcroles{$domain}) {	if ($dcroles{$domain}) {
my $user=$env{'form.adhoccauname.'.$domain};	if (($user) && ($user=~/$match_username/) && (&is_author_homeserver($user,$domain))) {
if (!$user) { $user=$env{'form.adhoccaunamerecent.'.$domain} };
if (($user) && ($user=~/$match_username/)) {
&check_privs($domain,$user,$then,$now,'ca');	&check_privs($domain,$user,$then,$now,'ca');
$env{'form.ca./'.$domain.'/'.$user}=1;	$env{'form.ca./'.$domain.'/'.$user}=1;
}	}
Line 267 ENDENTERKEY	Line 303 ENDENTERKEY
"Role ".$trolecode);	"Role ".$trolecode);

&Apache::lonnet::appenv(	&Apache::lonnet::appenv(
'request.role' => $trolecode,	{'request.role' => $trolecode,
'request.role.domain' => $cdom,	'request.role.domain' => $cdom,
'request.course.sec' => $csec,	'request.course.sec' => $csec,
'request.course.groups' => $cgrps);	'request.course.groups' => $cgrps});
my $tadv=0;	my $tadv=0;

if (($cnum) && ($role ne 'ca') && ($role ne 'aa')) {	if (($cnum) && ($role ne 'ca') && ($role ne 'aa')) {
Line 281 ENDENTERKEY	Line 317 ENDENTERKEY
($env{'form.orgurl'}!~/^\/adm\/flip/)) {	($env{'form.orgurl'}!~/^\/adm\/flip/)) {
my $dest=$env{'form.orgurl'};	my $dest=$env{'form.orgurl'};
if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; }	if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; }
&Apache::lonnet::appenv('request.role.adv'=>$tadv);	&Apache::lonnet::appenv({'request.role.adv'=>$tadv});
if (($ferr) && ($tadv)) {	if (($ferr) && ($tadv)) {
&error_page($r,$ferr,$dest);	&error_page($r,$ferr,$dest);
} else {	} else {
Line 291 ENDENTERKEY	Line 327 ENDENTERKEY
} else {	} else {
if (!$env{'request.course.id'}) {	if (!$env{'request.course.id'}) {
&Apache::lonnet::appenv(	&Apache::lonnet::appenv(
"request.course.id" => $cdom.'_'.$cnum);	{"request.course.id" => $cdom.'_'.$cnum});
$furl='/adm/roles?tryagain=1';	$furl='/adm/roles?tryagain=1';
$msg=	$msg=
'<h1><span class="LC_error">'.	'<h1><span class="LC_error">'.
Line 300 ENDENTERKEY	Line 336 ENDENTERKEY
'</span></h1><h3>'.&mt('Please try again.').'</h3>'.$ferr;	'</span></h1><h3>'.&mt('Please try again.').'</h3>'.$ferr;
}	}
if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; }	if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; }
&Apache::lonnet::appenv('request.role.adv'=>$tadv);	&Apache::lonnet::appenv({'request.role.adv'=>$tadv});

if (($ferr) && ($tadv)) {	if (($ferr) && ($tadv)) {
&error_page($r,$ferr,$furl);	&error_page($r,$ferr,$furl);
Line 317 ENDENTERKEY	Line 353 ENDENTERKEY
$furl = "/adm/helper/course.initialization.helper";	$furl = "/adm/helper/course.initialization.helper";
# Send the user to the course they selected	# Send the user to the course they selected
} elsif ($env{'request.course.id'}) {	} elsif ($env{'request.course.id'}) {
	if ($env{'form.destinationurl'}) {
	my $dest = $env{'form.destinationurl'};
	&redirect_user($r,&mt('Entering [_1]',
	$env{'course.'.$courseid.'.description'}),
	$dest,$msg,
	$env{'environment.remotenavmap'});
	return OK;
	}
if (&Apache::lonnet::allowed('whn',	if (&Apache::lonnet::allowed('whn',
$env{'request.course.id'})	$env{'request.course.id'})
\|\| &Apache::lonnet::allowed('whn',	\|\| &Apache::lonnet::allowed('whn',
Line 387 ENDENTERKEY	Line 431 ENDENTERKEY
my $start_page=&Apache::loncommon::start_page('User Roles');	my $start_page=&Apache::loncommon::start_page('User Roles');
my $standby=&mt('Role selected. Please stand by.');	my $standby=&mt('Role selected. Please stand by.');
$standby=~s/\n/\\n/g;	$standby=~s/\n/\\n/g;
my $noscript='<span class="LC_error">'.&mt('Use of LON-CAPA requires Javascript to be enabled in your web browser.').'<br />'.&mt('As this is not the case, most functionality in the system will ba unavailable.').'</span><br />';	my $noscript='<span class="LC_error">'.&mt('Use of LON-CAPA requires Javascript to be enabled in your web browser.').'<br />'.&mt('As this is not the case, most functionality in the system will be unavailable.').'</span><br />';

$r->print(<<ENDHEADER);	$r->print(<<ENDHEADER);
$start_page	$start_page
Line 432 ENDHEADER	Line 476 ENDHEADER
# -------------------------------------------------------- Generate Page Output	# -------------------------------------------------------- Generate Page Output
# --------------------------------------------------------------- Error Header?	# --------------------------------------------------------------- Error Header?
if ($error) {	if ($error) {
$r->print("<h1>LON-CAPA Access Control</h1>");	$r->print("<h1>".&mt('LON-CAPA Access Control')."</h1>");
$r->print("<!-- LONCAPAACCESSCONTROLERRORSCREEN --><hr /><pre>");	$r->print("<!-- LONCAPAACCESSCONTROLERRORSCREEN --><hr /><pre>");
if ($priv ne '') {	if ($priv ne '') {
$r->print("Access : ".&Apache::lonnet::plaintext($priv)."\n");	$r->print(&mt('Access : ').&Apache::lonnet::plaintext($priv)."\n");
}	}
if ($fn ne '') {	if ($fn ne '') {
$r->print("Resource: ".&Apache::lonenc::check_encrypt($fn)."\n");	$r->print(&mt('Resource: ').&Apache::lonenc::check_encrypt($fn)."\n");
}	}
if ($msg ne '') {	if ($msg ne '') {
$r->print("Action : $msg\n");	$r->print(&mt('Action : ').$msg."\n");
}	}
$r->print("</pre><hr />");	$r->print("</pre><hr />");
my $url=$fn;	my $url=$fn;
Line 905 sub build_roletext {	Line 949 sub build_roletext {
return $roletext;	return $roletext;
}	}

	sub is_author_homeserver {
	my ($uname,$udom)=@_;
	my $home = &Apache::lonnet::homeserver($uname,$udom);
	my @ids=&Apache::lonnet::current_machine_ids();
	foreach my $id (@ids) {
	if ($id eq $home) {
	if (-e "/home/".$uname."/public_html") {
	return 1;
	}
	}
	}
	return 0;
	}

sub check_privs {	sub check_privs {
my ($cdom,$cnum,$then,$now,$checkrole) = @_;	my ($cdom,$cnum,$then,$now,$checkrole) = @_;
my $cckey = 'user.role.'.$checkrole.'./'.$cdom.'/'.$cnum;	my $cckey = 'user.role.'.$checkrole.'./'.$cdom.'/'.$cnum;
Line 940 sub check_fordc {	Line 998 sub check_fordc {
return $numdc;	return $numdc;
}	}

	sub adhoc_course_role {
	my ($then) = @_;
	my ($cdom,$cnum);
	my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
	my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
	if (&check_forcc($cdom,$cnum,$then)) {
	my $setprivs;
	if (!defined($env{'user.role.'.$env{'form.selectrole'}})) {
	$setprivs = 1;
	} else {
	my ($start,$end) = split(/\./,$env{'user.role.'.$env{'form.selectrole'}});
	if (($start && ($start>$then \|\| $start == -1)) \|\|
	($end && $end<$then)) {
	$setprivs = 1;
	}
	}
	if ($setprivs) {
	if ($env{'form.switchrole'} =~ m-^(in\|ta\|ep\|ad\|st\|cr)([\w/])\./\Q$cdom\E/\Q$cnum\E(/?\w)$-) {
	my $role = $1;
	my $custom_role = $2;
	my $usec = $3;
	if ($role eq 'cr') {
	if ($custom_role =~ m-^$match_domain/$match_courseid/\w+$-) {
	$role .= $custom_role;
	} else {
	return;
	}
	}
	my (%userroles,%newrole,%newgroups);
	my $area = '/'.$cdom.'/'.$cnum;
	my $spec = $role.'.'.$area;
	if ($usec ne '') {
	$spec .= '/'.$usec;
	$area .= '/'.$usec;
	}
	&Apache::lonnet::standard_roleprivs(\%newrole,$role,$cdom,$spec,$cnum,$area);
	&Apache::lonnet::set_userprivs(\%userroles,\%newrole,%newgroups);
	my $adhocstart = $then-1;
	$userroles{'user.role.'.$spec} = $adhocstart.'.';
	&Apache::lonnet::appenv(\%userroles,[$role,'cm']);
	}
	}
	}
	return;
	}

	sub check_forcc {
	my ($cdom,$cnum,$then) = @_;
	my $is_cc;
	if ($cdom ne '' && $cnum ne '') {
	if (&Apache::lonnet::is_course($cdom,$cnum)) {
	my $envkey = 'user.role.cc./'.$cdom.'/'.$cnum;
	if (defined($env{$envkey})) {
	$is_cc = 1;
	my ($tstart,$tend)=split(/\./,$env{$envkey});
	if ($tstart && $tstart>$then) { $is_cc = 0; }
	if ($tend && $tend <$then) { $is_cc = 0; }
	}
	}
	}
	return $is_cc;
	}

sub courselink {	sub courselink {
my ($dcdom,$rowtype,$selecttype) = @_;	my ($dcdom,$rowtype,$selecttype) = @_;
my $courseform=&Apache::loncommon::selectcourse_link	my $courseform=&Apache::loncommon::selectcourse_link
Line 954 sub courselink {	Line 1075 sub courselink {
}	}

sub coursepick_jscript {	sub coursepick_jscript {
	my %lt = &Apache::lonlocal::texthash(
	plsu => "Please use the 'Select Course' link to open a separate pick course window where you may select the course you wish to enter.",
	youc => 'You can only use this screen to select courses in the current domain.',
	);
my $verify_script = <<"END";	my $verify_script = <<"END";
<script type="text/javascript">	<script type="text/javascript">
function verifyCoursePick(caller) {	function verifyCoursePick(caller) {
Line 969 function verifyCoursePick(caller) {	Line 1094 function verifyCoursePick(caller) {
}	}
}	}
else {	else {
alert("Please use the 'Select Course' link to open a separate pick course window where you may select the course you wish to enter.");	alert("$lt{'plsu'}");
}	}
}	}
else {	else {
alert("You can only use this screen to select courses in the current domain")	alert("$lt{'youc'}")
}	}
}	}
function getIndex(caller) {	function getIndex(caller) {
Line 1062 sub set_privileges {	Line 1187 sub set_privileges {
my %ccrole = ();	my %ccrole = ();
&Apache::lonnet::standard_roleprivs(\%ccrole,$role,$dcdom,$spec,$pickedcourse,$area);	&Apache::lonnet::standard_roleprivs(\%ccrole,$role,$dcdom,$spec,$pickedcourse,$area);
my ($author,$adv)= &Apache::lonnet::set_userprivs(\%userroles,\%ccrole);	my ($author,$adv)= &Apache::lonnet::set_userprivs(\%userroles,\%ccrole);
&Apache::lonnet::appenv(%userroles);	&Apache::lonnet::appenv(\%userroles,[$role,'cm']);

&Apache::lonnet::log($env{'user.domain'},	&Apache::lonnet::log($env{'user.domain'},
$env{'user.name'},	$env{'user.name'},
$env{'user.home'},	$env{'user.home'},
"Role ".$role);	"Role ".$role);
&Apache::lonnet::appenv(	&Apache::lonnet::appenv(
'request.role' => $spec,	{'request.role' => $spec,
'request.role.domain' => $dcdom,	'request.role.domain' => $dcdom,
'request.course.sec' => '');	'request.course.sec' => ''});
my $tadv=0;	my $tadv=0;
if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; }	if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; }
&Apache::lonnet::appenv('request.role.adv' => $tadv);	&Apache::lonnet::appenv({'request.role.adv' => $tadv});
}	}

sub courseloadpage {	sub courseloadpage {

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.182
changed lines
	Added in v.1.190