--- loncom/homework/grades.pm 2003/06/18 17:28:35 1.98 +++ loncom/homework/grades.pm 2003/06/21 00:39:46 1.106 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # The LON-CAPA Grading handler # -# $Id: grades.pm,v 1.98 2003/06/18 17:28:35 albertel Exp $ +# $Id: grades.pm,v 1.106 2003/06/21 00:39:46 albertel Exp $ # # Copyright Michigan State University Board of Trustees # @@ -49,6 +49,7 @@ use Apache::Constants qw(:common); use String::Similarity; my %oldessays=(); +my %perm=(); # ----- These first few routines are general use routines.---- # @@ -135,53 +136,60 @@ sub getclasslist { } } $section = ($section ne '' ? $section : 'no'); - if ($getsec eq 'all' || $getsec eq $section) { - $sections{$section}++; - $fullnames{$_}=$fullname; - } else { - delete($classlist->{$_}); - } + if (&canview($section)) { + if ($getsec eq 'all' || $getsec eq $section) { + $sections{$section}++; + $fullnames{$_}=$fullname; + } else { + delete($classlist->{$_}); + } + } else { + delete($classlist->{$_}); + } } my %seen = (); my @sections = sort(keys(%sections)); return ($classlist,\@sections,\%fullnames); } -#find user domain -sub finduser { - my ($name) = @_; - my $domain = ''; - if ( $Apache::grades::viewgrades eq 'F' ) { - my %classlist=&Apache::lonnet::dump('classlist', - $ENV{'course.'.$ENV{'request.course.id'}.'.domain'}, - $ENV{'course.'.$ENV{'request.course.id'}.'.num'}); - my (@fields) = grep /^$name:/, keys %classlist; - ($name, $domain) = split(/:/,$fields[0]); - return ($name,$domain); - } else { - return ($ENV{'user.name'},$ENV{'user.domain'}); +sub canmodify { + my ($sec)=@_; + if ($perm{'mgr'}) { + if (!defined($perm{'mgr_section'})) { + # can modify whole class + return 1; + } else { + if ($sec eq $perm{'mgr_section'}) { + #can modify the requested section + return 1; + } else { + # can't modify the request section + return 0; + } + } } + #can't modify + return 0; } -#--- Prompts a user to enter a username. -sub moreinfo { - my ($request,$reason) = @_; - $request->print("Unable to process request: $reason"); - if ( $Apache::grades::viewgrades eq 'F' ) { - $request->print('
'."\n"); - if ($ENV{'form.url'}) { - $request->print(''."\n"); - } - if ($ENV{'form.symb'}) { - $request->print(''."\n"); - } - $request->print(''."\n"); - $request->print("Student:".''."
\n"); - $request->print("Domain:".''."
\n"); - $request->print(''."
\n"); - $request->print('
'); +sub canview { + my ($sec)=@_; + if ($perm{'vgr'}) { + if (!defined($perm{'vgr_section'})) { + # can modify whole class + return 1; + } else { + if ($sec eq $perm{'vgr_section'}) { + #can modify the requested section + return 1; + } else { + # can't modify the request section + return 0; + } + } } - return ''; + #can't modify + return 0; } #--- Retrieve the grade status of a student for all the parts @@ -446,7 +454,7 @@ LISTJAVASCRIPT next if ($statusflg eq '' && $submitonly eq 'yes'); $ctr++; - if ( $Apache::grades::viewgrades eq 'F' ) { + if ( $perm{'vgr'} eq 'F' ) { $gradeTable.=''. ''."\n". @@ -1050,11 +1058,18 @@ sub submission { (my $url=$ENV{'form.url'})=~s-^http://($ENV{'SERVER_NAME'}|$ENV{'HTTP_HOST'})--; my ($uname,$udom) = ($ENV{'form.student'},$ENV{'form.userdom'}); - ($uname,$udom) = &finduser($uname) if $udom eq ''; + my $usec = &Apache::lonnet::getsection($udom,$uname,$ENV{'request.course.id'}); $ENV{'form.fullname'} = &get_fullname ($uname,$udom) if $ENV{'form.fullname'} eq ''; my $symb=($ENV{'form.symb'} ne '' ? $ENV{'form.symb'} : (&Apache::lonnet::symbread($url))); if ($symb eq '') { $request->print("Unable to handle ambiguous references:$url:."); return ''; } + + if (!&canview($usec)) { + $request->print('Unable to view requested student.('.$uname.$udom.$usec.$ENV{'request.course.id'}.')'); + $request->print(&show_grading_menu_form($symb,$url)); + return; + } + my $last = ($ENV{'form.lastSub'} eq 'last' ? 'last' : ''); # header info @@ -1288,7 +1303,7 @@ KEYWORDS } # return if view submission with no grading option - if ($ENV{'form.showgrading'} eq '') { + if ($ENV{'form.showgrading'} eq '' || (!&canmodify($usec))) { $request->print(''."\n"); $request->print(&show_grading_menu_form($symb,$url)) if (($ENV{'form.command'} eq 'submission') || @@ -1432,6 +1447,11 @@ sub processHandGrade { $ctr++; next; } + if ($errorflag eq 'not_allowed') { + $request->print("Not allowed to modify grades for $uname:$udom"); + $ctr++; + next; + } my $includemsg = $ENV{'form.includemsg'.$ctr}; my ($subject,$message,$msgstatus) = ('','',''); if ($includemsg =~ /savemsg|newmsg\Q$ctr\E/) { @@ -1451,12 +1471,16 @@ sub processHandGrade { if ($ENV{'form.collaborator'.$ctr}) { my (@collaborators) = split(/:/,$ENV{'form.collaborator'.$ctr}); foreach (@collaborators) { - &saveHandGrade($request,$url,$symb,$_,$udom,$ctr, - $ENV{'form.unamedom'.$ctr}); - if ($message ne '') { - $msgstatus = &Apache::lonmsg::user_normal_msg ($_,$udom, - $ENV{'form.msgsub'}, - $message); + my ($errorflag,$pts,$wgt) = &saveHandGrade($request,$url,$symb,$_,$udom,$ctr,$ENV{'form.unamedom'.$ctr}); + if ($errorflag eq 'not_allowed') { + $request->print("Not allowed to modify grades for $_:$udom"); + next; + } else { + if ($message ne '') { + $msgstatus = &Apache::lonmsg::user_normal_msg ($_,$udom, + $ENV{'form.msgsub'}, + $message); + } } } } @@ -1589,6 +1613,9 @@ sub processHandGrade { #---- Save the score and award for each student, if changed sub saveHandGrade { my ($request,$url,$symb,$stuname,$domain,$newflg,$submitter) = @_; + my $usec = &Apache::lonnet::getsection($domain,$stuname, + $ENV{'request.course.id'}); + if (!&canmodify($usec)) { return('not_allowed'); } my %record = &Apache::lonnet::restore($symb,$ENV{'request.course.id'},$domain,$stuname); my %newrecord = (); my ($pts,$wgt) = ('',''); @@ -2053,10 +2080,15 @@ sub editgrades { my ($uname,$udom)=split(/_/,$user); my %newrecord; my $updateflag = 0; - $line .= ''.$uname.' '. $udom.' '. $$fullname{$usercolon}.' '; + my $usec=%$classlist->{"$uname:$udom"}[5]; + if (!&canmodify($usec)) { + my $numcols=scalar(@partid)*(scalar(@parts)-1)*2; + $noupdate.=$line."Not allowed to modify student"; + next; + } foreach (@partid) { my $old_aw = $ENV{'form.GD_'.$user.'_'.$_.'_awarded_s'}; my $old_part_pcr = $old_aw/($weight{$_} ne '0' ? $weight{$_}:1); @@ -2114,7 +2146,8 @@ sub editgrades { } } if ($noupdate) { - $result .= 'No Changes Occured For the Students Below'.$noupdate; + my $numcols=(scalar(@partid)*(scalar(@parts)-1)*2)+3; + $result .= 'No Changes Occured For the Students Below'.$noupdate; } $result .= ''."\n". &show_grading_menu_form ($symb,$url); @@ -2317,7 +2350,7 @@ CSVFORMJS $result.=''."\n"; my $upfile_select=&Apache::loncommon::upfile_select_html(); $result.=< +
@@ -2396,6 +2429,7 @@ sub csvuploadassign { $request->print('

Assigning Grades

'); my $courseid=$ENV{'request.course.id'}; my ($classlist) = &getclasslist('all',0); + my @notallowed; my @skipped; my $countdone=0; foreach my $grade (@gradedata) { @@ -2406,6 +2440,11 @@ sub csvuploadassign { push(@skipped,"$username:$domain"); next; } + my $usec=%$classlist->{"$username:$domain"}[5]; + if (!&canmodify($usec)) { + push(@notallowed,"$username:$domain"); + next; + } my %grades; foreach my $dest (keys(%fields)) { if ($dest eq 'username' || $dest eq 'domain') { next; } @@ -2424,9 +2463,14 @@ sub csvuploadassign { } $request->print("
Stored $countdone students\n"); if (@skipped) { - $request->print('
Skipped Students
'); - foreach my $student (@skipped) { $request->print("
$student"); } + $request->print('Skipped Students

'); + foreach my $student (@skipped) { $request->print("$student
\n"); } + } + if (@notallowed) { + $request->print('

Students Not Allowed to Modify

'); + foreach my $student (@notallowed) { $request->print("$student
\n"); } } + $request->print("
\n"); $request->print(&show_grading_menu_form($symb,$url)); return ''; } @@ -2523,6 +2567,7 @@ LISTJAVASCRIPT ' all details'."\n"; $result.=''."\n". + ''."\n". ''."\n". ''."\n". ''."\n". @@ -2597,10 +2642,9 @@ sub getSymbMap { my $countProblems = 0; $mapiterator->next(); # skip the first BEGIN_MAP my $mapcurRes = $mapiterator->next(); # for "current resource" - my $ctr=0; while ($mapdepth > 0) { if($mapcurRes == $mapiterator->BEGIN_MAP) { $mapdepth++; } - if($mapcurRes == $mapiterator->END_MAP) { $mapdepth++; } + if($mapcurRes == $mapiterator->END_MAP) { $mapdepth--; } if (ref($mapcurRes) && $mapcurRes->is_problem() && !$mapcurRes->randomout) { $countProblems++; @@ -2631,9 +2675,14 @@ sub displayPage { my $cnum = $ENV{"course.$ENV{'request.course.id'}.num"}; my $getsec = $ENV{'form.section'} eq '' ? 'all' : $ENV{'form.section'}; my $pageTitle = $ENV{'form.page'}; - my (undef,undef,$fullname) = &getclasslist($getsec,'1'); + my ($classlist,undef,$fullname) = &getclasslist($getsec,'1'); my ($uname,$udom) = split(/:/,$ENV{'form.student'}); - + my $usec=$classlist->{$ENV{'form.student'}}[5]; + if (!&canview($usec)) { + $request->print('Unable to view requested student.('.$ENV{'form.student'}.')'); + $request->print(&show_grading_menu_form($symb,$url)); + return; + } my $result='

 '.$ENV{'form.title'}.'

'; $result.='

 Student: '.$$fullname{$ENV{'form.student'}}. ' ('.$uname.($udom eq $cdom ? '':':'.$udom).')

'."\n"; @@ -2668,12 +2717,12 @@ sub displayPage { ' No '. ' '.($ENV{'form.vProb'} eq 'no' ? 'Title' : 'Problem View').'/Grade'; - my ($depth,$ctr,$question) = (1,0,1); + my ($depth,$question) = (1,1); $iterator->next(); # skip the first BEGIN_MAP my $curRes = $iterator->next(); # for "current resource" - while ($depth > 0 && $ctr < 100) { # ctr, just in case it never gets out of loop + while ($depth > 0) { if($curRes == $iterator->BEGIN_MAP) { $depth++; } - if($curRes == $iterator->END_MAP) { $depth++; } + if($curRes == $iterator->END_MAP) { $depth--; } if (ref($curRes) && $curRes->is_problem() && !$curRes->randomout) { my $parts = $curRes->parts(); @@ -2746,17 +2795,17 @@ sub displayPage { '','.submission'); } - - foreach my $partid (@{$parts}) { - $studentTable.=&gradeBox($request,$symbx,$uname,$udom,$question,$partid,\%record); - $studentTable.=''."\n"; - $question++; + if (&canmodify($usec)) { + foreach my $partid (@{$parts}) { + $studentTable.=&gradeBox($request,$symbx,$uname,$udom,$question,$partid,\%record); + $studentTable.=''."\n"; + $question++; + } } $studentTable.=''; - } + } $curRes = $iterator->next(); - $ctr++; } $navmap->untieHashes(); @@ -2778,9 +2827,14 @@ sub updateGradeByPage { my $cnum = $ENV{"course.$ENV{'request.course.id'}.num"}; my $getsec = $ENV{'form.section'} eq '' ? 'all' : $ENV{'form.section'}; my $pageTitle = $ENV{'form.page'}; - my (undef,undef,$fullname) = &getclasslist($getsec,'1'); + my ($classlist,undef,$fullname) = &getclasslist($getsec,'1'); my ($uname,$udom) = split(/:/,$ENV{'form.student'}); - + my $usec=$classlist->{$ENV{'form.student'}}[5]; + if (!&canmodify($usec)) { + $request->print('Unable to modify requested student.('.$ENV{'form.student'}.''); + $request->print(&show_grading_menu_form($ENV{'form.symb'},$ENV{'form.url'})); + return; + } my $result='

 '.$ENV{'form.title'}.'

'; $result.='

 Student: '.$$fullname{$ENV{'form.student'}}. ' ('.$uname.($udom eq $cdom ? '':':'.$udom).')

'."\n"; @@ -2804,10 +2858,10 @@ sub updateGradeByPage { $iterator->next(); # skip the first BEGIN_MAP my $curRes = $iterator->next(); # for "current resource" - my ($depth,$ctr,$question,$changeflag)= (1,0,1,0); - while ($depth > 0 && $ctr < 100) { # ctr, just in case it never gets out of loop + my ($depth,$question,$changeflag)= (1,1,0); + while ($depth > 0) { if($curRes == $iterator->BEGIN_MAP) { $depth++; } - if($curRes == $iterator->END_MAP) { $depth++; } + if($curRes == $iterator->END_MAP) { $depth--; } if (ref($curRes) && $curRes->is_problem() && !$curRes->randomout) { my $parts = $curRes->parts(); @@ -2867,7 +2921,6 @@ sub updateGradeByPage { } $curRes = $iterator->next(); - $ctr++; } $navmap->untieHashes(); @@ -3399,7 +3452,8 @@ GRADINGMENUJS sub handler { my $request=$_[0]; - + + undef(%perm); if ($ENV{'browser.mathml'}) { $request->content_type('text/xml'); } else { @@ -3428,15 +3482,14 @@ sub handler { if ($tsymb) { my ($map,$id,$url)=split(/\_\_\_/,$tsymb); if (&Apache::lonnet::allowed('mgr',$tcrsid)) { - $request->print( - &Apache::lonnet::ssi('/res/'.$url, - ('grade_username' => $tuname, - 'grade_domain' => $tudom, - 'grade_courseid' => $tcrsid, - 'grade_symb' => $tsymb))); + $request->print(&Apache::lonnet::ssi_body('/res/'.$url, + ('grade_username' => $tuname, + 'grade_domain' => $tudom, + 'grade_courseid' => $tcrsid, + 'grade_symb' => $tsymb))); } else { $request->print('

Not authorized: '.$token.'

'); - } + } } else { $request->print('

Not a valid DocID: '.$token.'

'); } @@ -3445,36 +3498,48 @@ sub handler { } } } else { - $Apache::grades::viewgrades=&Apache::lonnet::allowed('vgr',$ENV{'request.course.id'}); - if ($command eq 'submission') { + if (!($perm{'vgr'}=&Apache::lonnet::allowed('vgr',$ENV{'request.course.id'}))) { + if ($perm{'vgr'}=&Apache::lonnet::allowed('vgr',$ENV{'request.course.id'}.'/'.$ENV{'request.course.sec'})) { + $perm{'vgr_section'}=$ENV{'request.course.sec'}; + } else { + delete($perm{'vgr'}); + } + } + if (!($perm{'mgr'}=&Apache::lonnet::allowed('mgr',$ENV{'request.course.id'}))) { + if ($perm{'mgr'}=&Apache::lonnet::allowed('mgr',$ENV{'request.course.id'}.'/'.$ENV{'request.course.sec'})) { + $perm{'mgr_section'}=$ENV{'request.course.sec'}; + } else { + delete($perm{'mgr'}); + } + } + + if ($command eq 'submission' && $perm{'vgr'}) { ($ENV{'form.student'} eq '' ? &listStudents($request) : &submission($request,0,0)); - } elsif ($command eq 'pickStudentPage') { + } elsif ($command eq 'pickStudentPage' && $perm{'vgr'}) { &pickStudentPage($request); - } elsif ($command eq 'displayPage') { + } elsif ($command eq 'displayPage' && $perm{'vgr'}) { &displayPage($request); - } elsif ($command eq 'gradeByPage') { + } elsif ($command eq 'gradeByPage' && $perm{'mgr'}) { &updateGradeByPage($request); - } elsif ($command eq 'processGroup') { + } elsif ($command eq 'processGroup' && $perm{'vgr'}) { &processGroup($request); - } elsif ($command eq 'gradingmenu') { + } elsif ($command eq 'gradingmenu' && $perm{'vgr'}) { $request->print(&gradingmenu($request)); - } elsif ($command eq 'viewgrades') { + } elsif ($command eq 'viewgrades' && $perm{'vgr'}) { $request->print(&viewgrades($request)); - } elsif ($command eq 'handgrade') { + } elsif ($command eq 'handgrade' && $perm{'mgr'}) { $request->print(&processHandGrade($request)); - } elsif ($command eq 'editgrades') { + } elsif ($command eq 'editgrades' && $perm{'mgr'}) { $request->print(&editgrades($request)); - } elsif ($command eq 'verify') { + } elsif ($command eq 'verify' && $perm{'vgr'}) { $request->print(&verifyreceipt($request)); - } elsif ($command eq 'csvform') { + } elsif ($command eq 'csvform' && $perm{'mgr'}) { $request->print(&upcsvScores_form($request)); - } elsif ($command eq 'csvupload') { + } elsif ($command eq 'csvupload' && $perm{'mgr'}) { $request->print(&csvupload($request)); - } elsif ($command eq 'viewclasslist') { - $request->print(&viewclasslist($request)); - } elsif ($command eq 'csvuploadmap') { + } elsif ($command eq 'csvuploadmap' && $perm{'mgr'} ) { $request->print(&csvuploadmap($request)); - } elsif ($command eq 'csvuploadassign') { + } elsif ($command eq 'csvuploadassign' && $perm{'mgr'}) { if ($ENV{'form.associate'} ne 'Reverse Association') { $request->print(&csvuploadassign($request)); } else { @@ -3485,12 +3550,12 @@ sub handler { } $request->print(&csvuploadmap($request)); } - } elsif ($command eq 'scantron_selectphase') { + } elsif ($command eq 'scantron_selectphase' && $perm{'mgr'}) { $request->print(&scantron_selectphase($request)); - } elsif ($command eq 'scantron_process') { + } elsif ($command eq 'scantron_process' && $perm{'mgr'}) { $request->print(&scantron_process_students($request)); - } else { - $request->print("Unknown action: $command:"); + } elsif ($command) { + $request->print("Access Denied"); } } &send_footer($request);