--- loncom/auth/lonroles.pm 2000/02/22 21:36:44 1.1
+++ loncom/auth/lonroles.pm 2017/06/26 01:57:02 1.332
@@ -1,54 +1,3140 @@
# The LearningOnline Network with CAPA
# User Roles Screen
-# (Directory Indexer
-# (Login Screen
-# 5/21/99,5/22,5/25,5/26,5/31,6/2,6/10,7/12,7/14 Gerd Kortemeyer)
-# 11/23 Gerd Kortemeyer)
-# 1/14 Gerd Kortemeyer
+# $Id: lonroles.pm,v 1.332 2017/06/26 01:57:02 raeburn Exp $
+# Copyright Michigan State University Board of Trustees
+# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
+# LON-CAPA is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+# LON-CAPA is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License
+# along with LON-CAPA; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# /home/httpd/html/adm/gpl.txt
+# http://www.lon-capa.org/
+=head1 NAME
+Apache::lonroles - User Roles Screen
+=head1 SYNOPSIS
+Invoked by /etc/httpd/conf/srm.conf:
+ PerlAccessHandler Apache::lonacc
+ SetHandler perl-script
+ PerlHandler Apache::lonroles
+ ErrorDocument 403 /adm/login
+ ErrorDocument 500 /adm/errorhandler
+=head1 OVERVIEW
+=head2 Choosing Roles
+C is a handler that allows a user to switch roles in
+mid-session. LON-CAPA attempts to work with "No Role Specified", the
+default role that a user has before selecting a role, as widely as
+possible, but certain handlers for example need specification which
+course they should act on, etc. Both in this scenario, and when the
+handler determines via C's C<&allowed> function that a certain
+action is not allowed, C is used as error handler. This
+allows the user to select another role which may have permission to do
+what they were trying to do.
+=begin latex
+ \caption{\label{Sample_Roles_Screen}Sample Roles Screen}
+=end latex
+=head2 Role Initialization
+The privileges for a user are established at login time and stored in the session environment. As a consequence, a new role does not become active till the next login. Handlers are able to query for privileges using C's C<&allowed> function. When a user first logs in, their role is the "common" role, which means that they have the sum of all of their privileges. During a session it might become necessary to choose a particular role, which as a consequence also limits the user to only the privileges in that particular role.
+This module enables a user to select what role he wishes to
+operate under (instructor, student, teaching assistant, course
+coordinator, etc). These roles are pre-established by the actions
+of upper-level users.
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+This routine is called by Apache and mod_perl.
+=over 4
+=item *
+Roles Initialization (yes/no)
+=item *
+Get Error Message from Environment
+=item *
+Who is this?
+=item *
+Generate Page Output
+=item *
+Choice or no choice
+=item *
+=item *
package Apache::lonroles;
use strict;
-use Apache::lonnet();
-use Apache::Constants qw(:common);
-use CGI::Cookie();
+use Apache::lonnet;
+use Apache::lonuserstate();
+use Apache::Constants qw(:common REDIRECT);
+use Apache::File();
+use Apache::lonmenu;
+use Apache::loncommon;
+use Apache::lonhtmlcommon;
+use Apache::lonannounce;
+use Apache::lonlocal;
+use Apache::lonpageflip();
+use Apache::lonnavdisplay();
+use Apache::loncoursequeueadmin;
+use Apache::longroup;
+use Apache::lonrss;
+use Apache::lonplacementtest;
+use GDBM_File;
+use LONCAPA qw(:DEFAULT :match);
+use HTML::Entities;
+sub redirect_user {
+ my ($r,$title,$url,$msg) = @_;
+ $msg = $title if (! defined($msg));
+ &Apache::loncommon::content_type($r,'text/html');
+ &Apache::loncommon::no_cache($r);
+ $r->send_http_header;
+ # Breadcrumbs
+ my $brcrum = [{'href' => $url,
+ 'text' => 'Switching Role'},];
+ my $start_page = &Apache::loncommon::start_page('Switching Role',undef,
+ {'redirect' => [1,$url],
+ 'bread_crumbs' => $brcrum,});
+ my $end_page = &Apache::loncommon::end_page();
+# Note to style police:
+# This must only replace the spaces, nothing else, or it bombs elsewhere.
+ $url=~s/ /\%20/g;
+ $r->print(<$msg
+ return;
+sub error_page {
+ my ($r,$error,$dest)=@_;
+ &Apache::loncommon::content_type($r,'text/html');
+ &Apache::loncommon::no_cache($r);
+ $r->send_http_header;
+ return OK if $r->header_only;
+ # Breadcrumbs
+ my $brcrum = [{'href' => $dest,
+ 'text' => 'Problems during Course Initialization'},];
+ $r->print(&Apache::loncommon::start_page('Problems during Course Initialization',
+ undef,
+ {'bread_crumbs' => $brcrum,})
+ );
+ $r->print(
+ ''.
+ ''.&mt('The following problems occurred:').
+ ' '.
+ $error.
+ '
'.&mt('Continue').' '
+ );
+ $r->print(&Apache::loncommon::end_page());
sub handler {
my $r = shift;
- $r->content_type('text/html');
+ # Check for critical messages and redirect if present.
+ my ($redirect,$url) = &Apache::loncommon::critical_redirect(300,'roles');
+ if ($redirect) {
+ &Apache::loncommon::content_type($r,'text/html');
+ $r->header_out(Location => $url);
+ return REDIRECT;
+ }
+ my $now=time;
+ my $then=$env{'user.login.time'};
+ my $refresh=$env{'user.refresh.time'};
+ my $update=$env{'user.update.time'};
+ if (!$refresh) {
+ $refresh = $then;
+ }
+ if (!$update) {
+ $update = $then;
+ }
+ &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'});
+# -------------------------------------------------- Check if setting hot list
+ my $hotlist;
+ if ($env{'form.action'} eq 'verify_and_change_rolespref') {
+ $hotlist = &Apache::lonpreferences::verify_and_change_rolespref($r);
+ }
+# -------------------------------------------------------- Check for new roles
+ my $updateresult;
+ if ($env{'form.state'} eq 'doupdate') {
+ my $show_course=&Apache::loncommon::show_course();
+ my $checkingtxt;
+ if ($show_course) {
+ $checkingtxt = &mt('Checking for new courses ...');
+ } else {
+ $checkingtxt = &mt('Checking for new roles ...');
+ }
+ $updateresult = $checkingtxt;
+ $updateresult .= &update_session_roles();
+ &Apache::lonnet::appenv({'user.update.time' => $now});
+ $update = $now;
+ &Apache::loncoursequeueadmin::reqauthor_check();
+ }
+# -------------------------------------------------- Check for author requests
+ my $reqauthor;
+ if ($env{'form.state'} eq 'requestauthor') {
+ $reqauthor = &Apache::loncoursequeueadmin::process_reqauthor(\$update);
+ }
+ my $envkey;
+ my %dcroles = ();
+ my %helpdeskroles = ();
+ my ($numdc,$numhelpdesk,$numadhoc) =
+ &check_for_adhoc(\%dcroles,\%helpdeskroles,$update,$then);
+ my $loncaparev = $r->dir_config('lonVersion');
+# ================================================================== Roles Init
+ if ($env{'form.selectrole'}) {
+ my $locknum=&Apache::lonnet::get_locks();
+ if ($locknum) { return 409; }
+ my $custom_adhoc;
+ if ($env{'form.newrole'}) {
+ $env{'form.'.$env{'form.newrole'}}=1;
+# Check if this is a Domain Helpdesk or Domain Helpdesk Assistant role trying to enter a course
+ if ($env{'form.newrole'} =~ m{^cr/($match_domain)/\1\-domainconfig/\w+\./\1/$match_courseid$}) {
+ if ($helpdeskroles{$1}) {
+ $custom_adhoc = 1;
+ }
+ }
+ }
+ if ($env{'request.course.id'}) {
+ # Check if user is CC trying to select a course role
+ if ($env{'form.switchrole'}) {
+ my $switch_is_active;
+ if (defined($env{'user.role.'.$env{'form.switchrole'}})) {
+ my ($start,$end) = split(/\./,$env{'user.role.'.$env{'form.switchrole'}});
+ if (!$end || $end > $now) {
+ if (!$start || $start < $update) {
+ $switch_is_active = 1;
+ }
+ }
+ }
+ unless ($switch_is_active) {
+ &adhoc_course_role($refresh,$update,$then);
+ }
+ }
+ my %temp=('logout_'.$env{'request.course.id'} => time);
+ &Apache::lonnet::put('email_status',\%temp);
+ &Apache::lonnet::delenv('user.state.'.$env{'request.course.id'});
+ }
+ &Apache::lonnet::appenv({"request.course.id" => '',
+ "request.course.fn" => '',
+ "request.course.uri" => '',
+ "request.course.sec" => '',
+ "request.course.tied" => '',
+ "request.course.timechecked" => '',
+ "request.role" => 'cm',
+ "request.role.adv" => $env{'user.adv'},
+ "request.role.domain" => $env{'user.domain'}});
+# Check if Domain Helpdesk role trying to enter a course needs privs to be created
+ if ($env{'form.newrole'} =~ m{^cr/($match_domain)/\1\-domainconfig/(\w+)\./\1/($match_courseid)(?:/(\w+)|$)}) {
+ my $cdom = $1;
+ my $rolename = $2;
+ my $cnum = $3;
+ my $sec = $4;
+ if ($custom_adhoc) {
+ my ($possroles,$description) = &Apache::lonnet::get_my_adhocroles($cdom.'_'.$cnum,1);
+ if (ref($possroles) eq 'ARRAY') {
+ if (grep(/^\Q$rolename\E$/,@{$possroles})) {
+ if (&Apache::lonnet::check_adhoc_privs($cdom,$cnum,$update,$refresh,$now,
+ "cr/$cdom/$cdom".'-domainconfig/'.$rolename,undef,$sec)) {
+ &Apache::lonnet::appenv({"environment.internal.$cdom.$cnum.cr/$cdom/$cdom".'-domainconfig/'."$rolename.adhoc" => time});
+ }
+ }
+ }
+ }
+ } elsif (($numdc > 0) || ($numhelpdesk > 0)) {
+# Check if user is a DC trying to enter a course or author space and needs privs to be created
+# Check if user is a DH or DA trying to enter a course and needs privs to be created
+ foreach my $envkey (keys(%env)) {
+# Is this an ad-hoc Coordinator role?
+ if ($numdc) {
+ if (my ($ccrole,$domain,$coursenum) =
+ ($envkey =~ m-^form\.(cc|co)\./($match_domain)/($match_courseid)$-)) {
+ if ($dcroles{$domain}) {
+ if (&Apache::lonnet::check_adhoc_privs($domain,$coursenum,
+ $update,$refresh,$now,$ccrole)) {
+ &Apache::lonnet::appenv({"environment.internal.$domain.$coursenum.$ccrole.adhoc" => time});
+ }
+ }
+ last;
+ }
+# Is this an ad-hoc CA-role?
+ if (my ($domain,$user) =
+ ($envkey =~ m-^form\.ca\./($match_domain)/($match_username)$-)) {
+ if (($domain eq $env{'user.domain'}) && ($user eq $env{'user.name'})) {
+ delete($env{$envkey});
+ $env{'form.au./'.$domain.'/'} = 1;
+ my ($server_status,$home) = &check_author_homeserver($user,$domain);
+ if ($server_status eq 'switchserver') {
+ my $trolecode = 'au./'.$domain.'/';
+ my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
+ $r->internal_redirect($switchserver);
+ return OK;
+ }
+ last;
+ }
+ if (my ($castart,$caend) = ($env{'user.role.ca./'.$domain.'/'.$user} =~ /^(\d*)\.(\d*)$/)) {
+ if (((($castart) && ($castart < $now)) || !$castart) &&
+ ((!$caend) || (($caend) && ($caend > $now)))) {
+ my ($server_status,$home) = &check_author_homeserver($user,$domain);
+ if ($server_status eq 'switchserver') {
+ my $trolecode = 'ca./'.$domain.'/'.$user;
+ my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
+ $r->internal_redirect($switchserver);
+ return OK;
+ }
+ last;
+ }
+ }
+ # Check if author blocked ca-access
+ my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],$domain,$user);
+ if ($blocked{'domcoord.author'} eq 'blocked') {
+ delete($env{$envkey});
+ $env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access';
+ last;
+ }
+ if ($dcroles{$domain}) {
+ my ($server_status,$home) = &check_author_homeserver($user,$domain);
+ if (($server_status eq 'ok') || ($server_status eq 'switchserver')) {
+ &Apache::lonnet::check_adhoc_privs($domain,$user,$update,
+ $refresh,$now,'ca');
+ if ($server_status eq 'switchserver') {
+ my $trolecode = 'ca./'.$domain.'/'.$user;
+ my $switchserver = '/adm/switchserver?'
+ .'otherserver='.$home.'&role='.$trolecode;
+ $r->internal_redirect($switchserver);
+ return OK;
+ }
+ } else {
+ delete($env{$envkey});
+ }
+ } else {
+ delete($env{$envkey});
+ }
+ last;
+ }
+ }
+ if ($numhelpdesk) {
+# Is this an ad hoc custom role in a course/community?
+ if (my ($domain,$rolename,$coursenum,$sec) = ($envkey =~ m{^form\.cr/($match_domain)/\1\-domainconfig/(\w+)\./\1/($match_courseid)(?:/(\w+)|$)})) {
+ if ($helpdeskroles{$domain}) {
+ my ($possroles,$description) = &Apache::lonnet::get_my_adhocroles($domain.'_'.$coursenum,1);
+ if (ref($possroles) eq 'ARRAY') {
+ if (grep(/^\Q$rolename\E$/,@{$possroles})) {
+ if (&Apache::lonnet::check_adhoc_privs($domain,$coursenum,$update,$refresh,$now,
+ "cr/$domain/$domain".'-domainconfig/'.$rolename,
+ undef,$sec)) {
+ &Apache::lonnet::appenv({"environment.internal.$domain.$coursenum.cr/$domain/$domain".
+ '-domainconfig/'."$rolename.adhoc" => time});
+ }
+ } else {
+ delete($env{$envkey});
+ }
+ } else {
+ delete($env{$envkey});
+ }
+ } else {
+ delete($env{$envkey});
+ }
+ last;
+ }
+ }
+ }
+ }
+ foreach $envkey (keys(%env)) {
+ next if ($envkey!~/^user\.role\./);
+ my ($where,$trolecode,$role,$tstatus,$tend,$tstart);
+ &Apache::lonnet::role_status($envkey,$update,$refresh,$now,\$role,\$where,
+ \$trolecode,\$tstatus,\$tstart,\$tend);
+ if ($env{'form.'.$trolecode}) {
+ if ($tstatus eq 'is') {
+ $where=~s/^\///;
+ my ($cdom,$cnum,$csec)=split(/\//,$where);
+ if (($cnum) && ($role ne 'ca') && ($role ne 'aa')) {
+ my $home = $env{'course.'.$cdom.'_'.$cnum.'.home'};
+ my @ids = &Apache::lonnet::current_machine_ids();
+ unless ($loncaparev eq '' && $home && grep(/^\Q$home\E$/,@ids)) {
+ my %curr_reqd_hash = &Apache::lonnet::userenvironment($cdom,$cnum,'internal.releaserequired');
+ if ($curr_reqd_hash{'internal.releaserequired'} ne '') {
+ my ($switchserver,$switchwarning) =
+ &Apache::loncommon::check_release_required($loncaparev,$cdom.'_'.$cnum,$trolecode,
+ $curr_reqd_hash{'internal.releaserequired'});
+ if ($switchwarning ne '' || $switchserver ne '') {
+ &Apache::loncommon::content_type($r,'text/html');
+ &Apache::loncommon::no_cache($r);
+ $r->send_http_header;
+ $r->print(&Apache::loncommon::check_release_result($switchwarning,$switchserver));
+ return OK;
+ }
+ }
+ }
+ }
+# check for course groups
+ my %coursegroups = &Apache::lonnet::get_active_groups(
+ $env{'user.domain'},$env{'user.name'},$cdom, $cnum);
+ my $cgrps = join(':',keys(%coursegroups));
+# store role if recent_role list being kept
+ if ($env{'environment.recentroles'}) {
+ my %frozen_roles =
+ &Apache::lonhtmlcommon::get_recent_frozen('roles',$env{'environment.recentrolesn'});
+ &Apache::lonhtmlcommon::store_recent('roles',
+ $trolecode,' ',$frozen_roles{$trolecode});
+ }
+# check for keyed access
+ if (($role eq 'st') &&
+ ($env{'course.'.$cdom.'_'.$cnum.'.keyaccess'} eq 'yes')) {
+# who is key authority?
+ my $authdom=$cdom;
+ my $authnum=$cnum;
+ if ($env{'course.'.$cdom.'_'.$cnum.'.keyauth'}) {
+ ($authnum,$authdom)=
+ split(/:/,$env{'course.'.$cdom.'_'.$cnum.'.keyauth'});
+ }
+# check with key authority
+ unless (&Apache::lonnet::validate_access_key(
+ $env{'environment.key.'.$cdom.'_'.$cnum},
+ $authdom,$authnum)) {
+# there is no valid key
+ if ($env{'form.newkey'}) {
+# student attempts to register a new key
+ &Apache::loncommon::content_type($r,'text/html');
+ &Apache::loncommon::no_cache($r);
+ $r->send_http_header;
+ my $swinfo=&Apache::lonmenu::rawconfig();
+ my $start_page=&Apache::loncommon::start_page
+ ('Verifying Access Key to Unlock this Course');
+ my $end_page=&Apache::loncommon::end_page();
+ my $buttontext=&mt('Enter Course');
+ my $message=&mt('Successfully registered key');
+ my $assignresult=
+ &Apache::lonnet::assign_access_key(
+ $env{'form.newkey'},
+ $authdom,$authnum,
+ $cdom,$cnum,
+ $env{'user.domain'},
+ $env{'user.name'},
+ &mt('Assigned from [_1] at [_2] for [_3]'
+ ,&Apache::lonlocal::locallocaltime()
+ ,$trolecode)
+ );
+ unless ($assignresult eq 'ok') {
+ $assignresult=~s/^error\:\s*//;
+ $message=&mt($assignresult).
+ ''.
+ &mt('Logout').' ';
+ $buttontext=&mt('Re-Enter Key');
+ }
+ $r->print(<
+ return OK;
+ } else {
+# print form to enter a new key
+ &Apache::loncommon::content_type($r,'text/html');
+ &Apache::loncommon::no_cache($r);
+ $r->send_http_header;
+ my $swinfo=&Apache::lonmenu::rawconfig();
+ my $start_page=&Apache::loncommon::start_page
+ ('Enter Access Key to Unlock this Course');
+ my $end_page=&Apache::loncommon::end_page();
+ $r->print(<
+ return OK;
+ }
+ }
+ }
+ &Apache::lonnet::log($env{'user.domain'},
+ $env{'user.name'},
+ $env{'user.home'},
+ "Role ".$trolecode);
+ &Apache::lonnet::appenv(
+ {'request.role' => $trolecode,
+ 'request.role.domain' => $cdom,
+ 'request.course.sec' => $csec,
+ 'request.course.groups' => $cgrps});
+ my $tadv=0;
+ if (($cnum) && ($role ne 'ca') && ($role ne 'aa')) {
+ if ($role =~ m{^\Qcr/$cdom/$cdom\E\-domainconfig/(\w+)$}) {
+ my $rolename = $1;
+ my %domdef = &Apache::lonnet::get_domain_defaults($cdom);
+ if (ref($domdef{'adhocroles'}) eq 'HASH') {
+ if (ref($domdef{'adhocroles'}{$rolename}) eq 'HASH') {
+ &Apache::lonnet::appenv({'request.role.desc' => $domdef{'adhocroles'}{$rolename}{'desc'}});
+ }
+ }
+ }
+ my $msg;
+ my ($furl,$ferr)=
+ &Apache::lonuserstate::readmap($cdom.'/'.$cnum);
+ unless ($ferr) {
+ unless (($env{'form.switchrole'}) ||
+ ($env{"environment.internal.$cdom.$cnum.$role.adhoc"})) {
+ &Apache::lonnet::put('nohist_crslastlogin',
+ {$env{'user.name'}.':'.$env{'user.domain'}.
+ ':'.$csec.':'.$role => $now},$cdom,$cnum);
+ }
+ my ($feeds,$syllabus_time);
+ &Apache::lonrss::advertisefeeds($cnum,$cdom,undef,\$feeds);
+ &Apache::lonnet::appenv({'request.course.feeds' => $feeds});
+ &Apache::lonnet::get_numsuppfiles($cnum,$cdom,1);
+ unless ($env{'course.'.$cdom.'_'.$cnum.'.updatedsyllabus'}) {
+ unless (($env{'course.'.$cdom.'_'.$cnum.'.externalsyllabus'}) ||
+ ($env{'course.'.$cdom.'_'.$cnum.'.uploadedsyllabus'})) {
+ my %syllabus=&Apache::lonnet::dump('syllabus',$cdom,$cnum);
+ $syllabus_time = $syllabus{'uploaded.lastmodified'};
+ if ($syllabus_time) {
+ &Apache::lonnet::appenv({'request.course.syllabustime' => $syllabus_time});
+ }
+ }
+ }
+ }
+ if (($env{'form.orgurl'}) &&
+ ($env{'form.orgurl'}!~/^\/adm\/flip/) &&
+ ($env{'form.orgurl'} ne '/adm/roles')) {
+ my $dest=$env{'form.orgurl'};
+ if ($env{'form.symb'}) {
+ if ($dest =~ /\?/) {
+ $dest .= '&';
+ } else {
+ $dest .= '?';
+ }
+ $dest .= 'symb='.$env{'form.symb'};
+ }
+ if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; }
+ &Apache::lonnet::appenv({'request.role.adv'=>$tadv});
+ if (($ferr) && ($tadv)) {
+ &error_page($r,$ferr,$dest);
+ } else {
+ if ($dest =~ m{^/adm/coursedocs\?folderpath}) {
+ if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
+ my $chome = &Apache::lonnet::homeserver($cnum,$cdom);
+ &Apache::loncommon::update_content_constraints($cdom,$cnum,$chome,
+ $cdom.'_'.$cnum);
+ }
+ }
+ $r->internal_redirect($dest);
+ }
+ return OK;
+ } else {
+ if (!$env{'request.course.id'}) {
+ &Apache::lonnet::appenv(
+ {"request.course.id" => $cdom.'_'.$cnum});
+ $furl='/adm/roles?tryagain=1';
+ $msg=''
+ .&mt('Could not initialize [_1] at this time.',
+ $env{'course.'.$cdom.'_'.$cnum.'.description'})
+ .'
+ .''.&mt('Please try again.').'
+ .''.$ferr.'
+ }
+ if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; }
+ &Apache::lonnet::appenv({'request.role.adv'=>$tadv});
+ if (($ferr) && ($tadv)) {
+ &error_page($r,$ferr,$furl);
+ } else {
+ # Check to see if the user is a CC entering a course
+ # for the first time
+ if ((($role eq 'cc') || ($role eq 'co'))
+ && ($env{'course.'.$cdom.'_'.$cnum.'.course.helper.not.run'})) {
+ $furl = "/adm/helper/course.initialization.helper";
+ # Send the user to the course they selected
+ } elsif ($env{'request.course.id'}) {
+ if ((&Apache::loncommon::course_type() eq 'Placement') &&
+ (!$env{'request.role.adv'})) {
+ my ($score,$incomplete) =
+ &Apache::lonplacementtest::check_completion(undef,undef,1);
+ if (($incomplete) && ($incomplete < 100)) {
+ &redirect_user($r, &mt('Entering [_1]',
+ $env{'course.'.$cdom.'_'.$cnum.'.description'}),
+ '/adm/placement', $msg);
+ return OK;
+ }
+ }
+ my ($dest,$destsymb,$checkenc);
+ $dest = $env{'form.destinationurl'};
+ $destsymb = $env{'form.destsymb'};
+ if ($dest ne '') {
+ if ($env{'form.switchrole'}) {
+ if ($destsymb ne '') {
+ if ($destsymb !~ m{^/enc/}) {
+ unless ($env{'request.role.adv'}) {
+ $checkenc = 1;
+ }
+ }
+ }
+ if (($dest =~ m{^\Q/public/$cdom/$cnum/syllabus\E.*(\?|\&)usehttp=1}) ||
+ ($dest =~ m{^\Q/adm/wrapper/ext/\E(?!https:)})) {
+ if ($ENV{'SERVER_PORT'} == 443) {
+ my $hostname = $r->hostname();
+ if ($hostname ne '') {
+ $dest = 'http://'.$hostname.$dest;
+ }
+ }
+ }
+ if ($dest =~ m{^/enc/}) {
+ if ($env{'request.role.adv'}) {
+ $dest = &Apache::lonenc::unencrypted($dest);
+ if ($destsymb eq '') {
+ ($destsymb) = ($dest =~ /(?:\?|\&)symb=([^\&]*)/);
+ $destsymb = &unescape($destsymb);
+ }
+ }
+ } else {
+ if ($destsymb eq '') {
+ ($destsymb) = ($dest =~ /(?:\?|\&)symb=([^\&]+)/);
+ $destsymb = &unescape($destsymb);
+ }
+ unless ($env{'request.role.adv'}) {
+ $checkenc = 1;
+ }
+ }
+ if (($checkenc) && ($destsymb ne '')) {
+ my ($encstate,$unencsymb,$res);
+ $unencsymb = &Apache::lonnet::symbclean($destsymb);
+ (undef,undef,$res) = &Apache::lonnet::decode_symb($unencsymb);
+ &Apache::lonnet::symbverify($unencsymb,$res,\$encstate);
+ if ($encstate) {
+ if (($dest ne '') && ($dest !~ m{^/enc/})) {
+ $dest=&Apache::lonenc::encrypted($dest);
+ }
+ }
+ }
+ }
+ unless (($dest =~ m{^/enc/}) || ($dest =~ /(\?|\&)symb=.+___\d+___.+/)) {
+ if (($destsymb ne '') && ($destsymb !~ m{^/enc/})) {
+ my $esc_symb = &escape($destsymb);
+ $dest .= (($dest =~/\?/)? '&':'?').'symb='.$esc_symb;
+ }
+ }
+ &redirect_user($r, &mt('Entering [_1]',
+ $env{'course.'.$cdom.'_'.$cnum.'.description'}),
+ $dest, $msg);
+ return OK;
+ }
+ if (&Apache::lonnet::allowed('whn',
+ $env{'request.course.id'})
+ || &Apache::lonnet::allowed('whn',
+ $env{'request.course.id'}.'/'
+ .$env{'request.course.sec'})
+ ) {
+ my $startpage = &courseloadpage($env{'request.course.id'});
+ unless ($startpage eq 'firstres') {
+ $msg = &mt('Entering [_1] ...',
+ $env{'course.'.$env{'request.course.id'}.'.description'});
+ &redirect_user($r, &mt('New in course'),
+ '/adm/whatsnew?refpage=start', $msg);
+ return OK;
+ }
+ }
+ }
+ # Are we allowed to look at the first resource?
+ my $access;
+ if ($furl =~ m{^(/adm/wrapper|)/ext/}) {
+ # If it's an external resource,
+ # strip off the symb argument and possible query
+ my ($exturl,$symb) = ($furl =~ m{^(.+)(?:\?|\&)symb=(.+)$});
+ # Unencode $symb
+ $symb = &unescape($symb);
+ # Then check for permission
+ $access = &Apache::lonnet::allowed('bre',$exturl,$symb);
+ # For other resources just check for permission
+ } else {
+ $access = &Apache::lonnet::allowed('bre',$furl);
+ }
+ if (!$access) {
+ $furl = &Apache::lonpageflip::first_accessible_resource();
+ } elsif ($access eq 'B') {
+ $furl = '/adm/navmaps?showOnlyHomework=1';
+ }
+ $msg = &mt('Entering [_1] ...',
+ $env{'course.'.$cdom.'_'.$cnum.'.description'});
+ &redirect_user($r, &mt('Entering [_1]',
+ $env{'course.'.$cdom.'_'.$cnum.'.description'}),
+ $furl, $msg);
+ }
+ return OK;
+ }
+ }
+ #
+ # Send the user to the construction space they selected
+ if ($role =~ /^(au|ca|aa)$/) {
+ my $redirect_url = '/priv/';
+ if ($role eq 'au') {
+ $redirect_url.=$env{'user.domain'}.'/'.$env{'user.name'};
+ } else {
+ $redirect_url .= $where;
+ }
+ $redirect_url .= '/';
+ &redirect_user($r,&mt('Entering Authoring Space'),
+ $redirect_url);
+ return OK;
+ }
+ if ($role eq 'dc') {
+ my $redirect_url = '/adm/menu/';
+ &redirect_user($r,&mt('Loading Domain Coordinator Menu'),
+ $redirect_url);
+ return OK;
+ }
+ if ($role eq 'dh') {
+ my $redirect_url = '/adm/menu/';
+ &redirect_user($r,&mt('Loading Domain Helpdesk Menu'),
+ $redirect_url);
+ return OK;
+ }
+ if ($role eq 'da') {
+ my $redirect_url = '/adm/menu/';
+ &redirect_user($r,&mt('Loading Domain Helpdesk Assistant Menu'),
+ $redirect_url);
+ return OK;
+ }
+ if ($role eq 'sc') {
+ my $redirect_url = '/adm/grades?command=scantronupload';
+ &redirect_user($r,&mt('Loading Data Upload Page'),
+ $redirect_url);
+ return OK;
+ }
+ }
+ }
+ }
+ }
+# =============================================================== No Roles Init
+ &Apache::loncommon::content_type($r,'text/html');
+ &Apache::loncommon::no_cache($r);
return OK if $r->header_only;
- my $iconpath= $r->dir_config('lonIconsURL');
- my $domain = $r->dir_config('lonDefDomain');
- my $role = $r->dir_config('lonRole');
- my $loadlim = $r->dir_config('lonLoadLim');
- my $servadm = $r->dir_config('lonAdmEMail');
- my $sysadm = $r->dir_config('lonSysEMail');
- my $lonhost = $r->dir_config('lonHostID');
- my $tabdir = $r->dir_config('lonTabDir');
+ my $crumbtext = 'User Roles';
+ my $pagetitle = 'My Roles';
+ my $recent = &mt('Recent Roles');
+ my $standby = &mt('Role selected. Please stand by.');
+ my $show_course=&Apache::loncommon::show_course();
+ if ($show_course) {
+ $crumbtext = 'Courses';
+ $pagetitle = 'My Courses';
+ $recent = &mt('Recent Courses');
+ $standby = &mt('Course selected. Please stand by.');
+ }
+ my $brcrum =[{href=>"/adm/roles",text=>$crumbtext}];
+ my %roles_in_env;
+ my $showcount = &roles_from_env(\%roles_in_env,$update);
+ my $swinfo=&Apache::lonmenu::rawconfig();
+ my %domdefs=&Apache::lonnet::get_domain_defaults($env{'user.domain'});
+ my $cattype = 'std';
+ if ($domdefs{'catauth'}) {
+ $cattype = $domdefs{'catauth'};
+ }
+ my $placementonly;
+ if ($showcount == 1) {
+ if ($env{'request.course.id'}) {
+ if ($env{'course.'.$env{'request.course.id'}.'.type'} eq 'Placement') {
+ $placementonly = 1;
+ }
+ } else {
+ foreach my $rolecode (keys(%roles_in_env)) {
+ my ($cid) = ($rolecode =~ m{^\Quser.role.st./\E($match_domain/$match_courseid)(?:/|$)});
+ if ($cid) {
+ my %coursedescription =
+ &Apache::lonnet::coursedescription($cid,{'one_time' => '1'});
+ if ($coursedescription{'type'} eq 'Placement') {
+ $placementonly = 1;
+ }
+ last;
+ }
+ }
+ }
+ }
+ my ($start_page,$funcs);
+ if ($placementonly) {
+ $start_page=&Apache::loncommon::start_page($pagetitle,undef,
+ {bread_crumbs=>$brcrum,crstype=>'Placement'});
+ } else {
+ $funcs = &get_roles_functions($showcount,$cattype);
+ my $crumbsright;
+ if ($env{'browser.mobile'}) {
+ $crumbsright = $funcs;
+ undef($funcs);
+ }
+ $start_page=&Apache::loncommon::start_page($pagetitle,undef,{bread_crumbs=>$brcrum,
+ bread_crumbs_component=>$crumbsright});
+ }
+ &js_escape(\$standby);
+ my $noscript=''.&mt('Use of LON-CAPA requires Javascript to be enabled in your web browser.').' '.&mt('As this is not the case, most functionality in the system will be unavailable.').' ';
-# ---------------------------------------------------------------- Print Header
-LON-CAPA User Roles
- my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
- my $lonurl=$cookies{'lonURL'};
- my $lowerurl=$lonurl->value;
+# ------------------------------------------ Get Error Message from Environment
- my $envkey;
- foreach $envkey (sort keys %ENV) {
- $r->print("$envkey: $ENV{$envkey} \n");
+ my ($fn,$priv,$nochoose,$error,$msg)=split(/:/,$env{'user.error.msg'});
+ if ($env{'user.error.msg'}) {
+ $r->log_reason(
+ "$msg for $env{'user.name'} domain $env{'user.domain'} access $priv",$fn);
+ }
+# ------------------------------------------------- Can this user re-init, etc?
+ my $advanced=$env{'user.adv'};
+ &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['tryagain']);
+ my $tryagain=$env{'form.tryagain'};
+ my $reinit=$env{'user.reinit'};
+ delete $env{'user.reinit'};
+# -------------------------------------------------------- Generate Page Output
+# --------------------------------------------------------------- Error Header?
+ if ($error) {
+ $r->print("".&mt('LON-CAPA Access Control')." ");
+ $r->print("");
+ if ($priv ne '') {
+ $r->print(&mt('Access : ').&Apache::lonnet::plaintext($priv)."\n");
+ }
+ if ($fn ne '') {
+ $r->print(&mt('Resource: ').&Apache::lonenc::check_encrypt($fn)."\n");
+ }
+ if ($msg ne '') {
+ $r->print(&mt('Action : ').$msg."\n");
+ }
+ $r->print(" ");
+ my $url=$fn;
+ my $last;
+ if (tie(my %hash,'GDBM_File',$env{'request.course.fn'}.'_symb.db',
+ &GDBM_READER(),0640)) {
+ $last=$hash{'last_known'};
+ untie(%hash);
+ }
+ if ($last) { $fn.='?symb='.&escape($last); }
+ &Apache::londocs::changewarning($r,undef,'You have modified your course recently, [_1] may fix this access problem.',
+ &Apache::lonenc::check_encrypt($fn));
+ } else {
+ if ($env{'user.error.msg'}) {
+ if ($reinit) {
+ $r->print(
+ ''.
+ &mt('As your session file for the course or community has expired, you will need to re-select it.').' ');
+ } else {
+ $r->print(
+ ''.
+ &mt('You need to choose another user role or enter a specific course or community for this function.').
+ ' ');
+ }
+ }
+ }
+ if ($nochoose) {
+ $r->print("".&mt('Sorry ...')." \n".
+ &mt('This action is currently not authorized.').' '.
+ &Apache::loncommon::end_page());
+ return OK;
+ } else {
+ if ($updateresult || $reqauthor || $hotlist) {
+ my $showresult = '';
+ if ($updateresult) {
+ $showresult .= &Apache::lonhtmlcommon::confirm_success($updateresult);
+ }
+ if ($reqauthor) {
+ $showresult .= &Apache::lonhtmlcommon::confirm_success($reqauthor);
+ }
+ if ($hotlist) {
+ $showresult .= $hotlist;
+ }
+ $showresult .= '
+ $r->print($showresult);
+ } elsif ($env{'form.state'} eq 'queued') {
+ $r->print(&get_queued());
+ }
+ if (($ENV{'REDIRECT_QUERY_STRING'}) && ($fn)) {
+ }
+ my $display = ($env{'form.display'} =~ /^(showall)$/);
+ $r->print('');
+ if ($countfuture) {
+ $r->print(&mt('The following [quant,_1,role,roles] will become active in the future:',$countfuture));
+ my $doheaders = &roletable_headers($r,\%roleclass,\%sortrole,
+ $nochoose);
+ &print_rolerows($r,$doheaders,\%roleclass,\%sortrole,\%dcroles,
+ \%roletext,$update,$then);
+ my $tremark='';
+ my $tbg;
+ if ($env{'request.role'} eq 'cm') {
+ $tbg="LC_roles_selected";
+ $tremark=&mt('Currently selected.').' ';
+ } else {
+ $tbg="LC_roles_is";
+ }
+ $r->print(&Apache::loncommon::start_data_table_row()
+ .' '
+ .''
+ .&mt('No role specified')
+ .' '
+ .''.$tremark.' '
+ .&Apache::loncommon::end_data_table_row()
+ );
+ $r->print(&Apache::loncommon::end_data_table());
+ }
+ $r->print(&Apache::loncommon::end_page());
+ return OK;
+ } elsif (($placementonly) && ($env{'request.role'} eq 'cm')) {
+ $r->print(''.&mt('Please stand by.').'
+ ');
+ $r->rflush();
+ $r->print('');
+ $r->print(&Apache::loncommon::end_page());
+ return OK;
+ }
+# ----------------------------------------------------------------------- Table
+ if (($numdc > 0) || (($numhelpdesk > 0) && ($numadhoc > 0))) {
+ $r->print(&coursepick_jscript().
+ &Apache::loncommon::coursebrowser_javascript());
+ }
+ if ($numdc > 0) {
+ $r->print(&Apache::loncommon::authorbrowser_javascript());
- $r->print("URL: $lowerurl");
- $r->print("