--- loncom/auth/lonroles.pm 2008/09/02 02:56:52 1.205 +++ loncom/auth/lonroles.pm 2008/12/04 08:53:04 1.211 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # User Roles Screen # -# $Id: lonroles.pm,v 1.205 2008/09/02 02:56:52 raeburn Exp $ +# $Id: lonroles.pm,v 1.211 2008/12/04 08:53:04 tempelho Exp $ # # Copyright Michigan State University Board of Trustees # @@ -27,6 +27,103 @@ # ### +=pod + +=head1 NAME + +Apache::lonroles - User Roles Screen + +=head1 SYNOPSIS + +Invoked by /etc/httpd/conf/srm.conf: + + + PerlAccessHandler Apache::lonacc + SetHandler perl-script + PerlHandler Apache::lonroles + ErrorDocument 403 /adm/login + ErrorDocument 500 /adm/errorhandler + + +=head1 OVERVIEW + +=head2 Choosing Roles + +C is a handler that allows a user to switch roles in +mid-session. LON-CAPA attempts to work with "No Role Specified", the +default role that a user has before selecting a role, as widely as +possible, but certain handlers for example need specification which +course they should act on, etc. Both in this scenario, and when the +handler determines via C's C<&allowed> function that a certain +action is not allowed, C is used as error handler. This +allows the user to select another role which may have permission to do +what they were trying to do. C can also be accessed via the +B button in the Remote Control. + +=begin latex + +\begin{figure} +\begin{center} +\includegraphics[width=0.45\paperwidth,keepaspectratio]{Sample_Roles_Screen} + \caption{\label{Sample_Roles_Screen}Sample Roles Screen} +\end{center} +\end{figure} + +=end latex + +=head2 Role Initialization + +The privileges for a user are established at login time and stored in the session environment. As a consequence, a new role does not become active till the next login. Handlers are able to query for privileges using C's C<&allowed> function. When a user first logs in, their role is the "common" role, which means that they have the sum of all of their privileges. During a session it might become necessary to choose a particular role, which as a consequence also limits the user to only the privileges in that particular role. + +=head1 INTRODUCTION + +This module enables a user to select what role he wishes to +operate under (instructor, student, teaching assistant, course +coordinator, etc). These roles are pre-established by the actions +of upper-level users. + +This is part of the LearningOnline Network with CAPA project +described at http://www.lon-capa.org. + +=head1 HANDLER SUBROUTINE + +This routine is called by Apache and mod_perl. + +=over 4 + +=item * + +Roles Initialization (yes/no) + +=item * + +Get Error Message from Environment + +=item * + +Who is this? + +=item * + +Generate Page Output + +=item * + +Choice or no choice + +=item * + +Table + +=item * + +Privileges + +=back + +=cut + + package Apache::lonroles; use strict; @@ -146,16 +243,36 @@ sub handler { # Is this an ad-hoc CA-role? if (my ($domain,$user) = ($envkey =~ m-^form\.ca\./($match_domain)/($match_username)$-)) { - # Check if author blocked ca-access - my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],$domain,$user); - if ($blocked{'domcoord.author'} eq 'blocked') { - my %roleshash = &Apache::lonnet::get_my_roles($user,$domain); - if (!defined($roleshash{$env{'user.name'}.':'.$env{'user.domain'}.':ca'})) { - delete($env{$envkey}); - $env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access'; + if (($domain eq $env{'user.domain'}) && ($user eq $env{'user.name'})) { + delete($env{$envkey}); + $env{'form.au./'.$domain.'/'} = 1; + my ($server_status,$home) = &check_author_homeserver($user,$domain); + if ($server_status eq 'switchserver') { + my $trolecode = 'au./'.$domain.'/'; + my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode; + $r->internal_redirect($switchserver); + } + last; + } + if (my ($castart,$caend) = ($env{'user.role.ca./'.$domain.'/'.$user} =~ /^(\d*)\.(\d*)$/)) { + if (((($castart) && ($castart < $now)) || !$castart) && + ((!$caend) || (($caend) && ($caend > $now)))) { + my ($server_status,$home) = &check_author_homeserver($user,$domain); + if ($server_status eq 'switchserver') { + my $trolecode = 'ca./'.$domain.'/'.$user; + my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode; + $r->internal_redirect($switchserver); + } last; } } + # Check if author blocked ca-access + my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],$domain,$user); + if ($blocked{'domcoord.author'} eq 'blocked') { + delete($env{$envkey}); + $env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access'; + last; + } if ($dcroles{$domain}) { my ($server_status,$home) = &check_author_homeserver($user,$domain); if (($server_status eq 'ok') || ($server_status eq 'switchserver')) { @@ -252,7 +369,7 @@ $swinfo
-$message
+$message
$end_page @@ -463,6 +580,8 @@ ENDHEADER my $advanced=$env{'user.adv'}; &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['tryagain']); my $tryagain=$env{'form.tryagain'}; + my $reinit=$env{'user.reinit'}; + delete $env{'user.reinit'}; # -------------------------------------------------------- Generate Page Output # --------------------------------------------------------------- Error Header? @@ -492,10 +611,16 @@ ENDHEADER &Apache::lonenc::check_encrypt($fn)); } else { if ($env{'user.error.msg'}) { - $r->print( + if ($reinit) { + $r->print( + '

'. + &mt('As your session file for the course has expired, you will need to re-select the course.').'

'); + } else { + $r->print( '

'. &mt('You need to choose another user role or enter a specific course for this function').'

'); - } + } + } } # -------------------------------------------------------- Choice or no choice? if ($nochoose) { @@ -634,9 +759,9 @@ ENDHEADER $twhere=$env{'course.'.$tcourseid.'.description'}; $sortkey=$role."\0".$tdom."\0".$twhere."\0".$envkey; unless ($twhere eq &mt('Currently not available')) { - $twhere.=' '. + $twhere.=' '. &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$trest,$tdom,$tfont). - ''; + ''; } } else { my %newhash=&Apache::lonnet::coursedescription($tcourseid); @@ -644,9 +769,9 @@ ENDHEADER $sortkey=$role."\0".$tdom."\0".$newhash{'description'}. "\0".$envkey; $twhere=$newhash{'description'}. - ' '. + ' '. &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$trest,$tdom,$tfont). - ''; + ''; $ttype = $newhash{'type'}; $trole = &Apache::lonnet::plaintext($role,$ttype); } else { @@ -669,7 +794,7 @@ ENDHEADER $twhere=&mt('system wide'); $sortkey=$role.$twhere; } - $roletext.=&build_roletext($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver); + $roletext.=&build_roletext($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver,$reinit); $roletext{$envkey}=$roletext; if (!$sortkey) {$sortkey=$twhere."\0".$envkey;} $sortrole{$sortkey}=$envkey; @@ -714,38 +839,15 @@ ENDHEADER } else { $r->print(''); } - $r->print(''.&mt('No role specified'). - ''.$tremark. + $r->print(''.&mt('No role specified'). + ''.$tremark. ' '."\n"); $r->print(''); } $r->print(&Apache::loncommon::end_page()); return OK; -# Is there only one choice? - } elsif ($countactive==1) { - my $needs_switchserver; - if ($env{'user.author'}) { - $needs_switchserver = &check_needs_switchserver($possiblerole); - } - if ((!$needs_switchserver) && ($env{'request.role'} eq 'cm')) { - $r->print('

'.&mt('Please stand by.').'

'. - ''. - ''); - $r->print("\n"); - $r->rflush(); - $r->print(''); - $r->print(&Apache::loncommon::end_page()); - return OK; - } - if ($needs_switchserver) { - $r->print("

".&mt('Server Switch Required')."

\n". - &mt('Construction Space access is only available from '. - 'the home server of the corresponding Author.').'
'. - &mt("Click the 'Switch Server' link to go there.").'
'); - } } -# More than one possible role # ----------------------------------------------------------------------- Table unless ((!&Apache::lonmenu::show_course()) || ($nochoose) || ($countactive==1)) { $r->print("

".&mt('Select a Course to Enter')."

\n"); @@ -769,8 +871,8 @@ ENDHEADER } } if ($output) { - $r->print("". - &mt('Recent Roles').""); + $r->print("". + &mt('Recent Roles').""); $r->print($output); $doheaders ++; } @@ -800,9 +902,9 @@ ENDHEADER $r->print(' '); } } - $r->print(''.&mt('No role specified'). - ''.$tremark. - ' '."\n"); + $r->print(''.&mt('No role specified'). + ''.$tremark. + ' '."\n"); } $r->print(''); unless ($nochoose) { @@ -880,8 +982,8 @@ sub print_rolerows { if ($output) { if ($doheaders > 0) { $r->print("". - "". - &mt($type).""); + "". + &mt($type).""); } $r->print($output); } @@ -991,7 +1093,7 @@ sub role_status { } sub build_roletext { - my ($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver) = @_; + my ($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver,$reinit) = @_; my $roletext=''; my $is_dc=($trolecode =~ m/^dc\./); my $rowspan=($is_dc) ? '' @@ -1021,22 +1123,30 @@ sub build_roletext { ''; + } elsif ($reinit) { + $roletext.= + ''; } else { - $roletext.=' '; + $roletext.= + ''; } } if ($trolecode !~ m/^(dc|ca|au|aa)\./) { $tremark.=&Apache::lonannounce::showday(time,1, &Apache::lonannounce::readcalendar($tdom.'_'.$trest)); } - $roletext.=''.$trole. - ''.$twhere. - ''.$tpstart. - ''.$tpend. - ''; + $roletext.=''.$trole. + ''.$twhere. + ''.$tpstart. + ''.$tpend. + ''; if (!$is_dc) { - $roletext.=''.$tremark. - ' '."\n"; + $roletext.=''.$tremark. + ' '."\n"; } return $roletext; } @@ -1139,7 +1249,15 @@ sub adhoc_course_role { return; } } - my (%userroles,%newrole,%newgroups); + my (%userroles,%newrole,%newgroups,%group_privs); + my %cgroups = + &Apache::lonnet::get_active_groups($env{'user.domain'}, + $env{'user.name'},$cdom,$cnum); + foreach my $group (keys(%cgroups)) { + $group_privs{$group} = + $env{'user.priv.cc./'.$cdom.'/'.$cnum.'./'.$cdom.'/'.$cnum.'/'.$group}; + } + $newgroups{'/'.$cdom.'/'.$cnum} = \%group_privs; my $area = '/'.$cdom.'/'.$cnum; my $spec = $role.'.'.$area; if ($usec ne '') { @@ -1147,7 +1265,7 @@ sub adhoc_course_role { $area .= '/'.$usec; } &Apache::lonnet::standard_roleprivs(\%newrole,$role,$cdom,$spec,$cnum,$area); - &Apache::lonnet::set_userprivs(\%userroles,\%newrole,%newgroups); + &Apache::lonnet::set_userprivs(\%userroles,\%newrole,\%newgroups); my $adhocstart = $then-1; $userroles{'user.role.'.$spec} = $adhocstart.'.'; &Apache::lonnet::appenv(\%userroles,[$role,'cm']); @@ -1250,9 +1368,9 @@ sub display_cc_role { my %newhash=&Apache::lonnet::coursedescription($tcourseid); if (%newhash) { $twhere=$newhash{'description'}. - ' '. + ' '. &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$2,$1,$tfont). - ''; + ''; $ttype = $newhash{'type'}; } else { $twhere=&mt('Currently not available');