--- loncom/auth/lonroles.pm 2021/11/16 05:20:02 1.355 +++ loncom/auth/lonroles.pm 2022/05/25 18:04:17 1.364 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # User Roles Screen # -# $Id: lonroles.pm,v 1.355 2021/11/16 05:20:02 raeburn Exp $ +# $Id: lonroles.pm,v 1.364 2022/05/25 18:04:17 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -181,7 +181,8 @@ ENDREDIR sub finish_loading_course { my ($r,$msg,$url) = @_; - my $link = ''; + my $link = ''; my $end_page = &Apache::loncommon::end_page(); my $js_url = &js_escape($url); $r->print(< $link $end_page @@ -277,7 +279,8 @@ sub handler { $update = $then; } - my $norolelist; + my ($norolelist,$blocked_by_ip,$blocked_type,$clientip); + $clientip = &Apache::lonnet::get_requestor_ip($r); if (($env{'request.course.id'}) && ($env{'request.deeplink.login'})) { my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; @@ -314,6 +317,89 @@ sub handler { } } + if ($env{'form.selectrole'}) { + my ($role,$cdom,$cnum,$rest); + if ($env{'form.switchrole'} =~ m{^(co|cc|in|ta|ep|ad|st|cr).*?\./($match_domain)/($match_courseid)(/(\w+)|$)}) { + ($role,$cdom,$cnum,$rest) = ($1,$2,$3,$4); + } elsif ($env{'form.newrole'} =~ m{^(co|cc|in|ta|ep|ad|st|cr).*?\./($match_domain)/($match_courseid)(/(\w+)|$)}) { + ($role,$cdom,$cnum,$rest) = ($1,$2,$3,$4); + } + if ($cdom ne '') { + my ($has_evb,$check_ipaccess,$showrole); + $showrole = 1; + my $checkrole = "cm./$cdom/$cnum"; + if ($rest ne '') { + $checkrole .= "/$rest"; + } + if ((&Apache::lonnet::allowed('evb',undef,undef,$checkrole)) && + ($role ne 'st')) { + $has_evb = 1; + } + unless ($has_evb) { + my @machinedoms = &Apache::lonnet::current_machine_domains(); + my $udom = $env{'user.domain'}; + if ($udom eq $cdom) { + $check_ipaccess = 1; + } elsif (($udom ne '') && (grep(/^\Q$udom\E$/,@machinedoms))) { + $check_ipaccess = 1; + } else { + my $lonhost = $Apache::lonnet::perlvar{'lonHostID'}; + my $internet_names = &Apache::lonnet::get_internet_names($lonhost); + my $cprim = &Apache::lonnet::domain($cdom,'primary'); + my $cintdom = &Apache::lonnet::internet_dom($cprim); + if (($cintdom ne '') && (ref($internet_names) eq 'ARRAY')) { + if (grep(/^\Q$cintdom\E$/,@{$internet_names})) { + $check_ipaccess = 1; + } + } + } + if ($check_ipaccess) { + my ($ipaccessref,$cached)=&Apache::lonnet::is_cached_new('ipaccess',$cdom); + unless (defined($cached)) { + my %domconfig = + &Apache::lonnet::get_dom('configuration',['ipaccess'],$cdom); + $ipaccessref = &Apache::lonnet::do_cache_new('ipaccess',$cdom,$domconfig{'ipaccess'},1800); + } + if (ref($ipaccessref) eq 'HASH') { + foreach my $id (keys(%{$ipaccessref})) { + if (ref($ipaccessref->{$id}) eq 'HASH') { + my $range = $ipaccessref->{$id}->{'ip'}; + if ($range) { + my $type = 'exclude'; + if (&Apache::lonnet::ip_match($clientip,$range)) { + $type = 'include'; + } + if (ref($ipaccessref->{$id}->{'courses'}) eq 'HASH') { + if ($ipaccessref->{$id}->{'courses'}{$cdom.'_'.$cnum}) { + if ($type eq 'include') { + $showrole = 1; + last; + } else { + $showrole = 0; + } + } else { + if ($type eq 'include') { + $showrole = 0; + } else { + $showrole = 1; + } + } + } + } + } + } + } + } + } + unless ($showrole) { + $blocked_by_ip = 1; + $blocked_type = &Apache::loncommon::course_type($cdom.'_'.$cnum); + delete($env{'form.selectrole'}); + delete($env{'form.newrole'}); + } + } + } + $registered_cleanup=0; @{$rosterupdates}=(); &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'}); @@ -696,7 +782,7 @@ ENDCLOSE $r->rflush(); my ($msg,$blockcrit,$critmsg_check); $critmsg_check = 1; - $blockcrit = &Apache::loncommon::blocking_status('alert',$cnum,$cdom,undef,1); + $blockcrit = &Apache::loncommon::blocking_status('alert',$clientip,$cnum,$cdom,undef,1); if ($blockcrit) { my $checkrole = "cm./$cdom/$cnum"; if ($csec ne '') { @@ -813,6 +899,9 @@ ENDCLOSE ($env{'request.lti.rosterid'} || $env{'request.lti.passbackid'})) { &process_lti($r,$cdom,$cnum); } + if ($env{'request.deeplink.login'}) { + &set_deeplink_target($cnum,$cdom); + } $msg = '

'.&mt('Entering [_1] ...', $env{'course.'.$cdom.'_'.$cnum.'.description'}). '

'; @@ -844,6 +933,9 @@ ENDCLOSE ($env{'request.lti.rosterid'} || $env{'request.lti.passbackid'})) { &process_lti($r,$cdom,$cnum); } + if ($env{'request.deeplink.login'}) { + &set_deeplink_target($cnum,$cdom); + } # Check to see if the user is a CC entering a course # for the first time if ((($role eq 'cc') || ($role eq 'co')) @@ -1108,7 +1200,7 @@ ENDCLOSE $start_page=&Apache::loncommon::start_page($pagetitle,undef, {bread_crumbs=>$brcrum,crstype=>'Placement'}); } else { - my $crumbsright); + my $crumbsright; unless (($norolelist) && ((split(/:/,$env{'user.error.msg'}))[2])) { $funcs = &get_roles_functions($showcount,$cattype); if ($env{'browser.mobile'}) { @@ -1260,6 +1352,16 @@ ENDHEADER $r->print(''); $r->print(''); $r->print(''); + if ($blocked_by_ip) { + my $blocked_role = 'student'; + if ($blocked_type eq 'Community') { + $blocked_role = 'member'; + } + $r->print('

'. + &mt('The [_1] you selected is not available for access with a [_2] role from your current IP address: [_3].', + lc($blocked_type),$blocked_role,$clientip). + '

'); + } } $r->rflush(); @@ -1897,7 +1999,7 @@ sub findcourse_advice { } else { $r->print('

'.&mt('If you were expecting to see an active role listed for a particular course, that course may not have been created yet.').'

'); if ($elapsed > 600) { - $r->print('

'.&mt('You may also have been assigned to a course in the time since you last logged-in, or checked for changes'). + $r->print('

'.&mt('You may also have been assigned to a course in the time since you last logged-in, or checked for changes.'). '
'. &mt('If that is the case you can use the "Check for changes" link in the gray Functions bar to update the list of your available course roles.').'

'); } @@ -3452,6 +3554,34 @@ sub ltienroll { } } +sub set_deeplink_target { + my ($cnum,$cdom) = @_; + if (($cnum ne '') && ($cdom ne '')) { + my $deeplink_symb = &Apache::loncommon::deeplink_login_symb($cnum,$cdom); + if ($deeplink_symb ne '') { + my $deeplink; + if ($deeplink_symb =~ /\.(page|sequence)$/) { + my $mapname = &Apache::lonnet::deversion((&Apache::lonnet::decode_symb($deeplink_symb))[2]); + my $navmap = Apache::lonnavmaps::navmap->new(); + if (ref($navmap)) { + $deeplink = $navmap->get_mapparam(undef,$mapname,'0.deeplink'); + } + } elsif ($deeplink_symb ne '') { + $deeplink = &Apache::lonnet::EXT('resource.0.deeplink',$deeplink_symb); + } + if ($deeplink ne '') { + my ($state,$others,$listed,$scope,$protect,$display,$target) = split(/,/,$deeplink); + if ($target ne '') { + &Apache::lonnet::appenv({'request.deeplink.target' => $target}); + } elsif (exists($env{'request.deeplink.target'})) { + &Apache::lonnet::delenv('request.deeplink.target'); + } + } + } + } + return; +} + 1; __END__