--- loncom/auth/lonroles.pm 2021/12/12 18:17:11 1.269.2.39
+++ loncom/auth/lonroles.pm 2022/02/24 13:09:39 1.361
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# User Roles Screen
#
-# $Id: lonroles.pm,v 1.269.2.39 2021/12/12 18:17:11 raeburn Exp $
+# $Id: lonroles.pm,v 1.361 2022/02/24 13:09:39 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -140,10 +140,14 @@ use Apache::lonnavdisplay();
use Apache::loncoursequeueadmin;
use Apache::longroup;
use Apache::lonrss;
+use Apache::lonplacementtest;
use GDBM_File;
use LONCAPA qw(:DEFAULT :match);
use HTML::Entities;
-
+
+my $registered_cleanup;
+my $rosterupdates;
+
sub start_loading_course {
my ($r,$title) = @_;
&Apache::loncommon::content_type($r,'text/html');
@@ -191,6 +195,7 @@ $msg
var url = "$js_url";
\$(location).attr('href',url);
});
+// ]]>
$link
$end_page
@@ -204,27 +209,27 @@ sub redirect_user {
&Apache::loncommon::content_type($r,'text/html');
&Apache::loncommon::no_cache($r);
$r->send_http_header;
- my $swinfo=&Apache::lonmenu::rawconfig();
- # Breadcrumbs
- my $brcrum = [{'href' => $url,
- 'text' => 'Switching Role'},];
- my $start_page = &Apache::loncommon::start_page('Switching Role',undef,
- {'redirect' => [1,$url],
- 'bread_crumbs' => $brcrum,});
- my $end_page = &Apache::loncommon::end_page();
+ my $start_page;
+ if ($env{'request.lti.login'}) {
+ $start_page = &Apache::loncommon::start_page(undef,undef,
+ {'redirect' => [0,$url],}).$msg;
+ } else {
+ # Breadcrumbs
+ my $brcrum = [{'href' => $url,
+ 'text' => 'Switching Role'},];
+ $start_page = &Apache::loncommon::start_page('Switching Role',undef,
+ {'redirect' => [1,$url],
+ 'bread_crumbs' => $brcrum,}).
+ "\n
$msg
";
+ }
+ my $end_page = &Apache::loncommon::end_page();
# Note to style police:
# This must only replace the spaces, nothing else, or it bombs elsewhere.
$url=~s/ /\%20/g;
$r->print(<
-//
-
-
$msg
$end_page
ENDREDIR
return;
@@ -255,7 +260,7 @@ sub handler {
my $r = shift;
# Check for critical messages and redirect if present.
- my ($redirect,$url) = &Apache::loncommon::critical_redirect(300);
+ my ($redirect,$url) = &Apache::loncommon::critical_redirect(300,'roles');
if ($redirect) {
&Apache::loncommon::content_type($r,'text/html');
$r->header_out(Location => $url);
@@ -273,8 +278,43 @@ sub handler {
$update = $then;
}
- my ($blocked_by_ip,$blocked_type,$clientip);
+ my ($norolelist,$blocked_by_ip,$blocked_type,$clientip);
$clientip = &Apache::lonnet::get_requestor_ip($r);
+ if (($env{'request.course.id'}) && ($env{'request.deeplink.login'})) {
+ my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+ my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ my $crstype = $env{'course.'.$env{'request.course.id'}.'.type'};
+ my $deeplink_symb = &Apache::loncommon::deeplink_login_symb($cnum,$cdom);
+ if ($deeplink_symb) {
+ my ($menucoll,$deeplinkmenu,$menuref) = &Apache::loncommon::menucoll_in_effect();
+ if (ref($menuref) eq 'HASH') {
+ unless (($menuref->{'role'}) || ($env{'request.role.adv'})) {
+ foreach my $envkey (keys(%env)) {
+ next unless ($envkey =~ /^form\./);
+ if ($envkey =~ m{\./($match_domain)/($match_courseid)(?:/(\w+)|$)}) {
+ unless (($1 eq $cdom) && ($2 eq $cnum)) {
+ delete($env{$envkey});
+ }
+ }
+ }
+ if ($env{'form.selectrole'}) {
+ if ($env{'form.switchrole'} =~ m{\./($match_domain)/($match_courseid)(?:/(\w+)|$)}) {
+ unless (($1 eq $cdom) && ($2 eq $cnum)) {
+ delete($env{'form.selectrole'});
+ delete($env{'form.switchrole'});
+ }
+ } elsif ($env{'form.newrole'} =~ m{\./($match_domain)/($match_courseid)(?:/(\w+)|$)}) {
+ unless (($1 eq $cdom) && ($2 eq $cnum)) {
+ delete($env{'form.selectrole'});
+ delete($env{'form.newrole'});
+ }
+ }
+ }
+ $norolelist = 1;
+ }
+ }
+ }
+ }
if ($env{'form.selectrole'}) {
my ($role,$cdom,$cnum,$rest);
@@ -359,6 +399,8 @@ sub handler {
}
}
+ $registered_cleanup=0;
+ @{$rosterupdates}=();
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'});
# -------------------------------------------------- Check if setting hot list
@@ -392,13 +434,19 @@ sub handler {
my $envkey;
my %dcroles = ();
- my %helpdeskroles = ();
- my ($numdc,$numhelpdesk,$numadhoc) =
+ my %helpdeskroles = ();
+ my ($numdc,$numhelpdesk,$numadhoc) =
&check_for_adhoc(\%dcroles,\%helpdeskroles,$update,$then);
my $loncaparev = $r->dir_config('lonVersion');
# ================================================================== Roles Init
if ($env{'form.selectrole'}) {
+ if (($env{'request.lti.login'}) && ($env{'request.lti.target'} eq '')) {
+ if ($env{'form.ltitarget'} eq 'iframe') {
+ &Apache::lonnet::appenv({'request.lti.target' => 'iframe'});
+ delete($env{'form.ltitarget'});
+ }
+ }
my $locknum=&Apache::lonnet::get_locks();
if ($locknum) { return 409; }
@@ -451,7 +499,7 @@ sub handler {
if ($custom_adhoc) {
my ($possroles,$description) = &Apache::lonnet::get_my_adhocroles($cdom.'_'.$cnum,1);
if (ref($possroles) eq 'ARRAY') {
- if (grep(/^\Q$rolename\E$/,@{$possroles})) {
+ if (grep(/^\Q$rolename\E$/,@{$possroles})) {
if (&Apache::lonnet::check_adhoc_privs($cdom,$cnum,$update,$refresh,$now,
"cr/$cdom/$cdom".'-domainconfig/'.$rolename,undef,$sec)) {
&Apache::lonnet::appenv({"environment.internal.$cdom.$cnum.cr/$cdom/$cdom".'-domainconfig/'."$rolename.adhoc" => time});
@@ -463,8 +511,8 @@ sub handler {
# Check if user is a DC trying to enter a course or author space and needs privs to be created
# Check if user is a DH or DA trying to enter a course and needs privs to be created
foreach my $envkey (keys(%env)) {
- if ($numdc) {
# Is this an ad-hoc Coordinator role?
+ if ($numdc) {
if (my ($ccrole,$domain,$coursenum) =
($envkey =~ m-^form\.(cc|co)\./($match_domain)/($match_courseid)$-)) {
if ($dcroles{$domain}) {
@@ -555,10 +603,9 @@ sub handler {
}
last;
}
- }
+ }
}
}
-
foreach $envkey (keys(%env)) {
next if ($envkey!~/^user\.role\./);
my ($where,$trolecode,$role,$tstatus,$tend,$tstart);
@@ -732,8 +779,19 @@ ENDCLOSE
my %prog_state = &Apache::lonhtmlcommon::Create_PrgWin($r,undef,$preamble);
&Apache::lonhtmlcommon::Update_PrgWin($r,\%prog_state,&mt('Loading ...'));
$r->rflush();
- my ($msg,$critmsg_check);
+ my ($msg,$blockcrit,$critmsg_check);
$critmsg_check = 1;
+ $blockcrit = &Apache::loncommon::blocking_status('alert',$clientip,$cnum,$cdom,undef,1);
+ if ($blockcrit) {
+ my $checkrole = "cm./$cdom/$cnum";
+ if ($csec ne '') {
+ $checkrole .= "/$csec";
+ }
+ unless ((&Apache::lonnet::allowed('evb',undef,undef,$checkrole)) &&
+ ($trolecode !~ m{^st\./$cdom/$cnum})) {
+ $critmsg_check = 0;
+ }
+ }
my ($furl,$ferr)=
&Apache::lonuserstate::readmap($cdom.'/'.$cnum,$critmsg_check);
&Apache::lonhtmlcommon::Update_PrgWin($r,\%prog_state,&mt('Finished!'));
@@ -744,7 +802,7 @@ ENDCLOSE
$furl = '/adm/roles?tryagain=1';
} else {
&Apache::lonnet::appenv({'request.course.timechecked'=>$now});
- unless (($env{'form.switchrole'}) ||
+ unless (($env{'form.switchrole'}) ||
($env{"environment.internal.$cdom.$cnum.$role.adhoc"})) {
&Apache::lonnet::put('nohist_crslastlogin',
{$env{'user.name'}.':'.$env{'user.domain'}.
@@ -786,7 +844,7 @@ ENDCLOSE
}
if (($env{'form.orgurl'}) &&
($env{'form.orgurl'}!~/^\/adm\/flip/) &&
- ($env{'form.orgurl'} ne '/adm/roles')) {
+ ($env{'form.orgurl'} ne '/adm/roles')) {
my $dest=$env{'form.orgurl'};
if ($env{'form.symb'}) {
if ($dest =~ /\?/) {
@@ -807,14 +865,14 @@ ENDCLOSE
}
}
if (($ferr) && ($tadv)) {
- &error_page($r,$ferr,$furl);
+ &error_page($r,$ferr,$furl);
} else {
if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
if (($env{'form.orgurl'} ne '') && ($env{'form.symb'} ne '')) {
unless (&Apache::lonnet::symbverify($env{'form.symb'},$env{'form.orgurl'})) {
$dest=$env{'form.orgurl'};
}
- }
+ }
}
if ($dest =~ m{^/adm/coursedocs\?folderpath}) {
if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
@@ -852,12 +910,12 @@ ENDCLOSE
if (!$env{'request.course.id'}) {
&Apache::lonnet::appenv(
{"request.course.id" => $cdom.'_'.$cnum});
- }
+ }
if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; }
&Apache::lonnet::appenv({'request.role.adv'=>$tadv});
- if ($ferr) {
+ if ($ferr) {
if ($tadv) {
- &error_page($r,$ferr,$furl);
+ &error_page($r,$ferr,$furl);
} else {
$r->print('
'.
&mt('Could not initialize [_1] at this time.',
@@ -867,6 +925,10 @@ ENDCLOSE
&Apache::loncommon::end_page());
}
} else {
+ if (($env{'request.lti.login'}) &&
+ ($env{'request.lti.rosterid'} || $env{'request.lti.passbackid'})) {
+ &process_lti($r,$cdom,$cnum);
+ }
# Check to see if the user is a CC entering a course
# for the first time
if ((($role eq 'cc') || ($role eq 'co'))
@@ -874,6 +936,19 @@ ENDCLOSE
$furl = "/adm/helper/course.initialization.helper";
# Send the user to the course they selected
} elsif ($env{'request.course.id'}) {
+ if ((&Apache::loncommon::course_type() eq 'Placement') &&
+ (!$env{'request.role.adv'})) {
+ my ($score,$incomplete) =
+ &Apache::lonplacementtest::check_completion(undef,undef,1);
+ if (($incomplete) && ($incomplete < 100)) {
+ $msg = '
';
+ }
&finish_loading_course($r,$msg,$dest);
$r->rflush();
return OK;
@@ -953,18 +1033,18 @@ ENDCLOSE
'';
&finish_loading_course($r,$msg,'/adm/whatsnew?refpage=start');
$r->rflush();
- return OK;
+ return OK;
}
}
}
# Are we allowed to look at the first resource?
#
# $furl returned by lonuserstate::readmap() has format:
- # $url?symb=escaped($symb). If the resource has the
+ # $url?symb=escaped($symb). If the resource has the
# encrypturl parameter in effect, the entire string
# $url?symb=escaped($symb) is encrypted as a string
# beginning /enc/.
- #
+ #
my ($access,$unencfurl,$unencsymb);
if ($furl =~ m{^(.+)(?:\?|\&)symb=([^&]+)(?:$|&)}) {
my ($poss_url,$poss_symb) = ($1,$2);
@@ -991,19 +1071,24 @@ ENDCLOSE
} else {
$access = &Apache::lonnet::allowed('bre',$unencfurl);
}
- if ((!$access) || ($access eq 'B')) {
+ if ((!$access) || ($access eq 'B') || ($access eq 'D')) {
$furl = &Apache::lonpageflip::first_accessible_resource();
if ($furl eq '') {
$furl = '/adm/navmaps?showOnlyHomework=1';
}
}
- $msg = '
';
+ &finish_loading_course($r,$msg,$furl);
+ }
}
$r->rflush();
- return OK;
+ return OK;
}
}
#
@@ -1068,6 +1153,10 @@ ENDCLOSE
$recent = &mt('Recent Courses');
$standby = &mt('Course selected. Please stand by.');
}
+ if (($norolelist) && ((split(/:/,$env{'user.error.msg'}))[2])) {
+ $crumbtext = 'Access Denied';
+ $pagetitle = 'Unauthorized';
+ }
my $brcrum =[{href=>"/adm/roles",text=>$crumbtext}];
my %roles_in_env;
@@ -1079,14 +1168,42 @@ ENDCLOSE
if ($domdefs{'catauth'}) {
$cattype = $domdefs{'catauth'};
}
- my ($funcs,$crumbsright);
- $funcs = &get_roles_functions($showcount,$cattype);
- if ($env{'browser.mobile'}) {
- $crumbsright = $funcs;
- undef($funcs);
+ my $placementonly;
+ if ($showcount == 1) {
+ if ($env{'request.course.id'}) {
+ if ($env{'course.'.$env{'request.course.id'}.'.type'} eq 'Placement') {
+ $placementonly = 1;
+ }
+ } else {
+ foreach my $rolecode (keys(%roles_in_env)) {
+ my ($cid) = ($rolecode =~ m{^\Quser.role.st./\E($match_domain/$match_courseid)(?:/|$)});
+ if ($cid) {
+ my %coursedescription =
+ &Apache::lonnet::coursedescription($cid,{'one_time' => '1'});
+ if ($coursedescription{'type'} eq 'Placement') {
+ $placementonly = 1;
+ }
+ last;
+ }
+ }
+ }
+ }
+ my ($start_page,$funcs);
+ if ($placementonly) {
+ $start_page=&Apache::loncommon::start_page($pagetitle,undef,
+ {bread_crumbs=>$brcrum,crstype=>'Placement'});
+ } else {
+ my $crumbsright;
+ unless (($norolelist) && ((split(/:/,$env{'user.error.msg'}))[2])) {
+ $funcs = &get_roles_functions($showcount,$cattype);
+ if ($env{'browser.mobile'}) {
+ $crumbsright = $funcs;
+ undef($funcs);
+ }
+ }
+ $start_page=&Apache::loncommon::start_page($pagetitle,undef,{bread_crumbs=>$brcrum,
+ bread_crumbs_component=>$crumbsright});
}
- my $start_page=&Apache::loncommon::start_page($pagetitle,undef,{bread_crumbs=>$brcrum,
- bread_crumbs_component=>$crumbsright});
&js_escape(\$standby);
my $noscript=' '.&mt('Use of LON-CAPA requires Javascript to be enabled in your web browser.').' '.&mt('As this is not the case, most functionality in the system will be unavailable.').' ';
@@ -1120,7 +1237,7 @@ function rolesView (caller) {
document.rolechoice.display.value = caller;
} else {
if ((caller == 'doupdate') || (caller == 'requestauthor') ||
- (caller == 'queued')) {
+ (caller == 'queued')) {
document.rolechoice.state.value = caller;
}
}
@@ -1190,8 +1307,16 @@ ENDHEADER
}
if ($nochoose) {
$r->print("
".&mt('Sorry ...')."
\n".
- &mt('This action is currently not authorized.').''.
- &Apache::loncommon::end_page());
+ &mt('This action is currently not authorized.').'');
+ if ($error && $norolelist) {
+ $r->print('
'.
+ &mt('As your session was launched from a web page external to LON-CAPA some course content may be unavailable, including the resource you were trying to access.').
+ '
'.
+ '
'.
+ &mt('You may need to login to LON-CAPA directly, or re-launch from a different external system.').
+ '
+
+ ');
+ $r->rflush();
+ $r->print('');
+ $r->print(&Apache::loncommon::end_page());
+ return OK;
}
# ----------------------------------------------------------------------- Table
@@ -1443,6 +1612,7 @@ sub gather_roles {
my $advanced = $env{'user.adv'};
my $tryagain = $env{'form.tryagain'};
my @ids = &Apache::lonnet::current_machine_ids();
+ my (%willtrust,%trustchecked);
if (ref($roles_in_env) eq 'HASH') {
my %adhocdesc;
foreach my $envkey (sort(keys(%{$roles_in_env}))) {
@@ -1511,10 +1681,23 @@ sub gather_roles {
if (($role eq 'ca') || ($role eq 'aa')) {
my $home = &Apache::lonnet::homeserver($trest,$tdom);
my $allowed=0;
+ my $prohibited;
foreach my $id (@ids) { if ($id eq $home) { $allowed=1; } }
if (!$allowed) {
$button=0;
- $switchserver='otherserver='.$home.'&role='.$trolecode;
+ unless ($trustchecked{$tdom}) {
+ if ((&Apache::lonnet::will_trust('othcoau',$env{'user.domain'},$tdom)) &&
+ (&Apache::lonnet::will_trust('coaurem',$tdom,$env{'user.domain'}))) {
+ $willtrust{$tdom} = 1;
+ $trustchecked{$tdom} = 1;
+ }
+ }
+ if ($willtrust{$tdom}) {
+ $switchserver='otherserver='.$home.'&role='.$trolecode;
+ } else {
+ $prohibited = 1;
+ $tremark .= &mt('Session switch required but prohibited.');
+ }
}
#next if ($home eq 'no_host');
$home = &Apache::lonnet::hostname($home);
@@ -1523,7 +1706,9 @@ sub gather_roles {
': '.$tdom.' '.
' '.&mt('Server').': '.$home;
$env{'course.'.$tdom.'_'.$trest.'.description'}='ca';
- $tremark.=&Apache::lonhtmlcommon::authorbombs('/res/'.$tdom.'/'.$trest.'/');
+ unless ($prohibited) {
+ $tremark.=&Apache::lonhtmlcommon::authorbombs('/res/'.$tdom.'/'.$trest.'/');
+ }
$sortkey=$role."$trest:$tdom";
} elsif ($role eq 'au') {
# Authors
@@ -1622,6 +1807,9 @@ sub gather_roles {
$skipcal = 1;
}
}
+ if ($ttype eq 'Placement') {
+ $ttype = 'Placement Test';
+ }
if ($tsection) {
$twhere.=' '.&mt('Section').': '.$tsection;
}
@@ -1737,7 +1925,7 @@ sub roletable_headers {
}
sub roletypes {
- my @types = ('Domain','Authoring Space','Course','Community','Unavailable','System');
+ my @types = ('Domain','Authoring Space','Course','Placement Test','Community','Unavailable','System');
return @types;
}
@@ -1799,7 +1987,7 @@ sub findcourse_advice {
'.&mt('You are in a section of course for which automatic enrollment in the corresponding LON-CAPA course is not active.').'
'.&mt('The start date for automated enrollment has yet to be reached.').'
'.&mt('You registered for the course recently and there is a time lag between the time you register, and the time this information becomes available for the update of LON-CAPA course rosters.').'
-
'.&mt('Automated enrollment added you to the course in the time since you last logged-in.').' '.&mt('If that is the case you can use the "Check for changes" link in the gray Functions bar to update the list of your available course roles.').'
+
'.&mt('Automated enrollment added you to the course in the time since you last logged-in.').' '.&mt('If that is the case you can use the "Check for changes" link in the gray Functions bar to update the list of your available course roles.').'
');
} else {
$r->print('
'.&mt('If you were expecting to see an active role listed for a particular course, that course may not have been created yet.').'
');
@@ -1807,7 +1995,7 @@ sub findcourse_advice {
$r->print('
'.&mt('You may also have been assigned to a course in the time since you last logged-in, or checked for changes.').
' '.
&mt('If that is the case you can use the "Check for changes" link in the gray Functions bar to update the list of your available course roles.').'