--- loncom/auth/lonroles.pm 2008/10/02 14:34:03 1.207 +++ loncom/auth/lonroles.pm 2008/12/04 08:53:04 1.211 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # User Roles Screen # -# $Id: lonroles.pm,v 1.207 2008/10/02 14:34:03 www Exp $ +# $Id: lonroles.pm,v 1.211 2008/12/04 08:53:04 tempelho Exp $ # # Copyright Michigan State University Board of Trustees # @@ -27,6 +27,103 @@ # ### +=pod + +=head1 NAME + +Apache::lonroles - User Roles Screen + +=head1 SYNOPSIS + +Invoked by /etc/httpd/conf/srm.conf: + + + PerlAccessHandler Apache::lonacc + SetHandler perl-script + PerlHandler Apache::lonroles + ErrorDocument 403 /adm/login + ErrorDocument 500 /adm/errorhandler + + +=head1 OVERVIEW + +=head2 Choosing Roles + +C is a handler that allows a user to switch roles in +mid-session. LON-CAPA attempts to work with "No Role Specified", the +default role that a user has before selecting a role, as widely as +possible, but certain handlers for example need specification which +course they should act on, etc. Both in this scenario, and when the +handler determines via C's C<&allowed> function that a certain +action is not allowed, C is used as error handler. This +allows the user to select another role which may have permission to do +what they were trying to do. C can also be accessed via the +B button in the Remote Control. + +=begin latex + +\begin{figure} +\begin{center} +\includegraphics[width=0.45\paperwidth,keepaspectratio]{Sample_Roles_Screen} + \caption{\label{Sample_Roles_Screen}Sample Roles Screen} +\end{center} +\end{figure} + +=end latex + +=head2 Role Initialization + +The privileges for a user are established at login time and stored in the session environment. As a consequence, a new role does not become active till the next login. Handlers are able to query for privileges using C's C<&allowed> function. When a user first logs in, their role is the "common" role, which means that they have the sum of all of their privileges. During a session it might become necessary to choose a particular role, which as a consequence also limits the user to only the privileges in that particular role. + +=head1 INTRODUCTION + +This module enables a user to select what role he wishes to +operate under (instructor, student, teaching assistant, course +coordinator, etc). These roles are pre-established by the actions +of upper-level users. + +This is part of the LearningOnline Network with CAPA project +described at http://www.lon-capa.org. + +=head1 HANDLER SUBROUTINE + +This routine is called by Apache and mod_perl. + +=over 4 + +=item * + +Roles Initialization (yes/no) + +=item * + +Get Error Message from Environment + +=item * + +Who is this? + +=item * + +Generate Page Output + +=item * + +Choice or no choice + +=item * + +Table + +=item * + +Privileges + +=back + +=cut + + package Apache::lonroles; use strict; @@ -272,7 +369,7 @@ $swinfo
-$message
+$message
$end_page @@ -483,6 +580,8 @@ ENDHEADER my $advanced=$env{'user.adv'}; &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['tryagain']); my $tryagain=$env{'form.tryagain'}; + my $reinit=$env{'user.reinit'}; + delete $env{'user.reinit'}; # -------------------------------------------------------- Generate Page Output # --------------------------------------------------------------- Error Header? @@ -512,10 +611,16 @@ ENDHEADER &Apache::lonenc::check_encrypt($fn)); } else { if ($env{'user.error.msg'}) { - $r->print( + if ($reinit) { + $r->print( + '

'. + &mt('As your session file for the course has expired, you will need to re-select the course.').'

'); + } else { + $r->print( '

'. &mt('You need to choose another user role or enter a specific course for this function').'

'); - } + } + } } # -------------------------------------------------------- Choice or no choice? if ($nochoose) { @@ -654,9 +759,9 @@ ENDHEADER $twhere=$env{'course.'.$tcourseid.'.description'}; $sortkey=$role."\0".$tdom."\0".$twhere."\0".$envkey; unless ($twhere eq &mt('Currently not available')) { - $twhere.=' '. + $twhere.=' '. &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$trest,$tdom,$tfont). - ''; + ''; } } else { my %newhash=&Apache::lonnet::coursedescription($tcourseid); @@ -664,9 +769,9 @@ ENDHEADER $sortkey=$role."\0".$tdom."\0".$newhash{'description'}. "\0".$envkey; $twhere=$newhash{'description'}. - ' '. + ' '. &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$trest,$tdom,$tfont). - ''; + ''; $ttype = $newhash{'type'}; $trole = &Apache::lonnet::plaintext($role,$ttype); } else { @@ -689,7 +794,7 @@ ENDHEADER $twhere=&mt('system wide'); $sortkey=$role.$twhere; } - $roletext.=&build_roletext($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver); + $roletext.=&build_roletext($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver,$reinit); $roletext{$envkey}=$roletext; if (!$sortkey) {$sortkey=$twhere."\0".$envkey;} $sortrole{$sortkey}=$envkey; @@ -734,8 +839,8 @@ ENDHEADER } else { $r->print(''); } - $r->print(''.&mt('No role specified'). - ''.$tremark. + $r->print(''.&mt('No role specified'). + ''.$tremark. ' '."\n"); $r->print(''); @@ -766,8 +871,8 @@ ENDHEADER } } if ($output) { - $r->print("". - &mt('Recent Roles').""); + $r->print("". + &mt('Recent Roles').""); $r->print($output); $doheaders ++; } @@ -797,9 +902,9 @@ ENDHEADER $r->print(' '); } } - $r->print(''.&mt('No role specified'). - ''.$tremark. - ' '."\n"); + $r->print(''.&mt('No role specified'). + ''.$tremark. + ' '."\n"); } $r->print(''); unless ($nochoose) { @@ -877,8 +982,8 @@ sub print_rolerows { if ($output) { if ($doheaders > 0) { $r->print("". - "". - &mt($type).""); + "". + &mt($type).""); } $r->print($output); } @@ -988,7 +1093,7 @@ sub role_status { } sub build_roletext { - my ($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver) = @_; + my ($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver,$reinit) = @_; my $roletext=''; my $is_dc=($trolecode =~ m/^dc\./); my $rowspan=($is_dc) ? '' @@ -1018,22 +1123,30 @@ sub build_roletext { ''; + } elsif ($reinit) { + $roletext.= + ''; } else { - $roletext.=' '; + $roletext.= + ''; } } if ($trolecode !~ m/^(dc|ca|au|aa)\./) { $tremark.=&Apache::lonannounce::showday(time,1, &Apache::lonannounce::readcalendar($tdom.'_'.$trest)); } - $roletext.=''.$trole. - ''.$twhere. - ''.$tpstart. - ''.$tpend. - ''; + $roletext.=''.$trole. + ''.$twhere. + ''.$tpstart. + ''.$tpend. + ''; if (!$is_dc) { - $roletext.=''.$tremark. - ' '."\n"; + $roletext.=''.$tremark. + ' '."\n"; } return $roletext; } @@ -1136,7 +1249,15 @@ sub adhoc_course_role { return; } } - my (%userroles,%newrole,%newgroups); + my (%userroles,%newrole,%newgroups,%group_privs); + my %cgroups = + &Apache::lonnet::get_active_groups($env{'user.domain'}, + $env{'user.name'},$cdom,$cnum); + foreach my $group (keys(%cgroups)) { + $group_privs{$group} = + $env{'user.priv.cc./'.$cdom.'/'.$cnum.'./'.$cdom.'/'.$cnum.'/'.$group}; + } + $newgroups{'/'.$cdom.'/'.$cnum} = \%group_privs; my $area = '/'.$cdom.'/'.$cnum; my $spec = $role.'.'.$area; if ($usec ne '') { @@ -1144,7 +1265,7 @@ sub adhoc_course_role { $area .= '/'.$usec; } &Apache::lonnet::standard_roleprivs(\%newrole,$role,$cdom,$spec,$cnum,$area); - &Apache::lonnet::set_userprivs(\%userroles,\%newrole,%newgroups); + &Apache::lonnet::set_userprivs(\%userroles,\%newrole,\%newgroups); my $adhocstart = $then-1; $userroles{'user.role.'.$spec} = $adhocstart.'.'; &Apache::lonnet::appenv(\%userroles,[$role,'cm']); @@ -1247,9 +1368,9 @@ sub display_cc_role { my %newhash=&Apache::lonnet::coursedescription($tcourseid); if (%newhash) { $twhere=$newhash{'description'}. - ' '. + ' '. &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$2,$1,$tfont). - ''; + ''; $ttype = $newhash{'type'}; } else { $twhere=&mt('Currently not available');