--- loncom/interface/domainprefs.pm 2021/01/01 14:45:38 1.375
+++ loncom/interface/domainprefs.pm 2021/11/22 23:40:59 1.391
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to set domain-wide configuration settings
#
-# $Id: domainprefs.pm,v 1.375 2021/01/01 14:45:38 raeburn Exp $
+# $Id: domainprefs.pm,v 1.391 2021/11/22 23:40:59 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -223,7 +223,7 @@ sub handler {
'ltitools','ssl','trust','lti','privacy','passwords',
'proctoring','wafproxy'],$dom);
my %encconfig =
- &Apache::lonnet::get_dom('encconfig',['ltitools','lti','proctoring'],$dom);
+ &Apache::lonnet::get_dom('encconfig',['ltitools','lti','proctoring'],$dom,undef,1);
if (ref($domconfig{'ltitools'}) eq 'HASH') {
if (ref($encconfig{'ltitools'}) eq 'HASH') {
foreach my $id (keys(%{$domconfig{'ltitools'}})) {
@@ -297,7 +297,10 @@ sub handler {
{col1 => 'Log-in Help',
col2 => 'Value'},
{col1 => 'Custom HTML in document head',
- col2 => 'Value'}],
+ col2 => 'Value'},
+ {col1 => 'SSO',
+ col2 => 'Dual login: SSO and non-SSO options'},
+ ],
print => \&print_login,
modify => \&modify_login,
},
@@ -311,16 +314,16 @@ sub handler {
print => \&print_defaults,
modify => \&modify_defaults,
},
- 'wafproxy' =>
- { text => 'Web Application Firewall/Reverse Proxy',
+ 'wafproxy' =>
+ { text => 'Web Application Firewall/Reverse Proxy',
help => 'Domain_Configuration_WAF_Proxy',
- header => [{col1 => 'Domain server',
- col2 => 'Alias for WAF/Reverse Proxy',
+ header => [{col1 => 'Domain(s)',
+ col2 => 'Servers and WAF/Reverse Proxy alias(es)',
},
- {col1 => 'Setting',
- col2 => 'Value',}],
+ {col1 => 'Domain(s)',
+ col2 => 'WAF Configuration',}],
print => \&print_wafproxy,
- modify => \&modify_wafproxy,
+ modify => \&modify_wafproxy,
},
'passwords' =>
{ text => 'Passwords (Internal authentication)',
@@ -632,7 +635,10 @@ sub handler {
{col1 => 'Log-in Help',
col2 => 'Value'},
{col1 => 'Custom HTML in document head',
- col2 => 'Value'}],
+ col2 => 'Value'},
+ {col1 => 'SSO',
+ col2 => 'Dual login: SSO and non-SSO options'},
+ ],
print => \&print_login,
modify => \&modify_login,
};
@@ -855,6 +861,12 @@ sub print_config_box {
$output .= <i_javascript($settings);
} elsif ($action eq 'proctoring') {
$output .= &proctoring_javascript($settings);
+ } elsif ($action eq 'wafproxy') {
+ $output .= &wafproxy_javascript($dom);
+ } elsif ($action eq 'autoupdate') {
+ $output .= &autoupdate_javascript();
+ } elsif ($action eq 'login') {
+ $output .= &saml_javascript();
}
$output .=
'
@@ -874,7 +886,7 @@ sub print_config_box {
my $leftnobr = '';
if (($action eq 'rolecolors') || ($action eq 'defaults') ||
($action eq 'directorysrch') ||
- (($action eq 'login') && ($numheaders < 4))) {
+ (($action eq 'login') && ($numheaders < 5))) {
$colspan = ' colspan="2"';
}
if ($action eq 'usersessions') {
@@ -905,7 +917,7 @@ sub print_config_box {
} elsif ($action eq 'scantron') {
$output .= $item->{'print'}->($r,'top',$dom,$confname,$settings,\$rowtotal);
} elsif ($action eq 'login') {
- if ($numheaders == 4) {
+ if ($numheaders == 5) {
$colspan = ' colspan="2"';
$output .= &print_login('service',$dom,$confname,$phase,$settings,\$rowtotal);
} else {
@@ -1046,7 +1058,7 @@ sub print_config_box {
'.&mt($item->{'header'}->[3]->{'col2'}).' '.
$item->{'print'}->('bottom',$dom,$settings,\$rowtotal);
} elsif ($action eq 'login') {
- if ($numheaders == 4) {
+ if ($numheaders == 5) {
$output .= &print_login('page',$dom,$confname,$phase,$settings,\$rowtotal).'
@@ -1070,7 +1082,7 @@ sub print_config_box {
';
- if ($numheaders == 4) {
+ if ($numheaders == 5) {
$output .= '
'.&mt($item->{'header'}->[3]->{'col1'}).'
'.&mt($item->{'header'}->[3]->{'col2'}).'
@@ -1082,7 +1094,27 @@ sub print_config_box {
';
}
$rowtotal ++;
- $output .= &print_login('headtag',$dom,$confname,$phase,$settings,\$rowtotal);
+ $output .= &print_login('headtag',$dom,$confname,$phase,$settings,\$rowtotal).'
+
+
+
+
+
+
+ ';
+ if ($numheaders == 5) {
+ $output .= '
+ '.&mt($item->{'header'}->[4]->{'col1'}).'
+ '.&mt($item->{'header'}->[4]->{'col2'}).'
+ ';
+ } else {
+ $output .= '
+ '.&mt($item->{'header'}->[3]->{'col1'}).'
+ '.&mt($item->{'header'}->[3]->{'col2'}).'
+ ';
+ }
+ $rowtotal ++;
+ $output .= &print_login('saml',$dom,$confname,$phase,$settings,\$rowtotal);
} elsif ($action eq 'requestcourses') {
$output .= &print_requestmail($dom,$action,$settings,\$rowtotal);
$rowtotal ++;
@@ -1217,9 +1249,12 @@ sub print_config_box {
sub print_login {
my ($caller,$dom,$confname,$phase,$settings,$rowtotal) = @_;
- my ($css_class,$datatable);
+ my ($css_class,$datatable,$switchserver,%lt);
my %choices = &login_choices();
-
+ if (($caller eq 'help') || ($caller eq 'headtag') || ($caller eq 'saml')) {
+ %lt = &login_file_options();
+ $switchserver = &check_switchserver($dom,$confname);
+ }
if ($caller eq 'service') {
my %servers = &Apache::lonnet::internet_dom_servers($dom);
my $choice = $choices{'disallowlogin'};
@@ -1413,18 +1448,10 @@ sub print_login {
$datatable .= &display_color_options($dom,$confname,$phase,'login',$itemcount,\%choices,\%is_custom,\%defaults,\%designs,\@images,\@bgs,\@links,\%alt_text,$rowtotal,\@logintext);
$datatable .= '
';
} elsif ($caller eq 'help') {
- my ($defaulturl,$defaulttype,%url,%type,%lt,%langchoices);
- my $switchserver = &check_switchserver($dom,$confname);
+ my ($defaulturl,$defaulttype,%url,%type,%langchoices);
my $itemcount = 1;
$defaulturl = '/adm/loginproblems.html';
$defaulttype = 'default';
- %lt = &Apache::lonlocal::texthash (
- del => 'Delete?',
- rep => 'Replace:',
- upl => 'Upload:',
- default => 'Default',
- custom => 'Custom',
- );
%langchoices = &Apache::lonlocal::texthash(&get_languages_hash());
my @currlangs;
if (ref($settings) eq 'HASH') {
@@ -1521,14 +1548,6 @@ sub print_login {
}
}
}
- my %lt = &Apache::lonlocal::texthash(
- del => 'Delete?',
- rep => 'Replace:',
- upl => 'Upload:',
- curr => 'View contents',
- none => 'None',
- );
- my $switchserver = &check_switchserver($dom,$confname);
foreach my $lonhost (sort(keys(%domservers))) {
my $exempt = &check_exempt_addresses($currexempt{$lonhost});
$datatable .= ''.$domservers{$lonhost}.' ';
@@ -1552,6 +1571,88 @@ sub print_login {
$datatable .= ' ';
}
$datatable .= '';
+ } elsif ($caller eq 'saml') {
+ my %domservers = &Apache::lonnet::get_servers($dom);
+ $datatable .= ''.
+ ' ';
}
return $datatable;
}
@@ -1588,10 +1689,24 @@ sub login_choices {
headtag => "Custom markup",
action => "Action",
current => "Current",
+ samllanding => "Dual login?",
+ samloptions => "Options",
);
return %choices;
}
+sub login_file_options {
+ return &Apache::lonlocal::texthash(
+ del => 'Delete?',
+ rep => 'Replace:',
+ upl => 'Upload:',
+ curr => 'View contents',
+ default => 'Default',
+ custom => 'Custom',
+ none => 'None',
+ );
+}
+
sub print_rolecolors {
my ($phase,$role,$dom,$confname,$settings,$rowtotal) = @_;
my %choices = &color_font_choices();
@@ -2844,6 +2959,121 @@ function toggleLTITools(form,setting,ite
ENDSCRIPT
}
+sub wafproxy_javascript {
+ my ($dom) = @_;
+ return <<"ENDSCRIPT";
+
+
+ENDSCRIPT
+}
+
sub proctoring_javascript {
my ($settings) = @_;
my (%ordered,$total,%jstext);
@@ -2947,14 +3177,16 @@ sub lti_javascript {
return $togglejs;
}
my (%ordered,$total,%jstext);
- $total = 0;
+ $total = scalar(keys(%{$settings}));
foreach my $item (keys(%{$settings})) {
if (ref($settings->{$item}) eq 'HASH') {
my $num = $settings->{$item}{'order'};
+ if ($num eq '') {
+ $num = $total - 1;
+ }
$ordered{$num} = $item;
}
}
- $total = scalar(keys(%{$settings}));
my @jsarray = ();
foreach my $item (sort {$a <=> $b } (keys(%ordered))) {
push(@jsarray,$ordered{$item});
@@ -3017,32 +3249,65 @@ sub lti_toggle_js {
localauth => 'Local auth argument',
krb => 'Kerberos domain',
);
+ my $crsincalert = &mt('"User\'s identity sent" needs to be set to "Yes" first,[_1] before setting "Course\'s identity sent" to "Yes"',"\n");
+ &js_escape(\$crsincalert);
return <<"ENDSCRIPT";
+
+ENDSCRIPT
+}
+
+sub saml_javascript {
+ return <<"ENDSCRIPT";
+
+
+ENDSCRIPT
+}
+
sub print_autoenroll {
my ($dom,$settings,$rowtotal) = @_;
my $autorun = &Apache::lonnet::auto_run(undef,$dom),
@@ -3280,42 +3622,69 @@ sub print_autoenroll {
sub print_autoupdate {
my ($position,$dom,$settings,$rowtotal) = @_;
- my $datatable;
+ my ($enable,$datatable);
if ($position eq 'top') {
+ my %choices = &Apache::lonlocal::texthash (
+ run => 'Auto-update active?',
+ classlists => 'Update information in classlists?',
+ unexpired => 'Skip updates for users without active or future roles?',
+ lastactive => 'Skip updates for inactive users?',
+ );
+ my $itemcount = 0;
my $updateon = ' ';
my $updateoff = ' checked="checked" ';
- my $classlistson = ' ';
- my $classlistsoff = ' checked="checked" ';
if (ref($settings) eq 'HASH') {
if ($settings->{'run'} eq '1') {
$updateon = $updateoff;
$updateoff = ' ';
}
- if ($settings->{'classlists'} eq '1') {
- $classlistson = $classlistsoff;
- $classlistsoff = ' ';
- }
}
- my %title = (
- run => 'Auto-update active?',
- classlists => 'Update information in classlists?',
- );
- $datatable = ''.
- ''.&mt($title{'run'}).' '.
- ''.
+ $enable = ''.
+ ''.$choices{'run'}.' '.
+ ''.
' '.&mt('Yes').' '.
+ $updateoff.' value="0" />'.&mt('No').' '.
' '.&mt('No').' '.
- ' '.
- ''.&mt($title{'classlists'}).' '.
- ''.
- ' '.&mt('Yes').' '.
- ' '.&mt('No').' '.
+ $updateon.'value="1" />'.&mt('Yes').''.
' ';
- $$rowtotal += 2;
+ my @toggles = ('classlists','unexpired');
+ my %defaultchecked = ('classlists' => 'off',
+ 'unexpired' => 'off'
+ );
+ $$rowtotal ++;
+ ($datatable,$itemcount) = &radiobutton_prefs($settings,\@toggles,\%defaultchecked,
+ \%choices,$itemcount,'','','left','no');
+ $datatable = $enable.$datatable;
+ $$rowtotal += $itemcount;
+ my $lastactiveon = ' ';
+ my $lastactiveoff = ' checked="checked" ';
+ my $lastactivestyle = 'none';
+ my $lastactivedays;
+ my $onclick = ' onclick="javascript:toggleLastActiveDays(this.form);"';
+ if (ref($settings) eq 'HASH') {
+ if ($settings->{'lastactive'} =~ /^\d+$/) {
+ $lastactiveon = $lastactiveoff;
+ $lastactiveoff = ' ';
+ $lastactivestyle = 'inline-block';
+ $lastactivedays = $settings->{'lastactive'};
+ }
+ }
+ my $css_class = $itemcount%2?' class="LC_odd_row"':'';
+ $datatable .= ''.
+ ''.$choices{'lastactive'}.' '.
+ ''.
+ ' '.&mt('No').' '.
+ ' '.
+ ' '.&mt('Yes').' '.
+ ''.
+ ': '.&mt('inactive = no activity in last [_1] days',
+ ' ').
+ '
'.
+ ' ';
+ $$rowtotal ++;
} elsif ($position eq 'middle') {
my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
my $numinrow = 3;
@@ -3781,18 +4150,17 @@ sub print_contacts {
\%choices,$rownum);
$datatable .= $reports;
} elsif ($position eq 'lower') {
- $css_class = $rownum%2?' class="LC_odd_row"':'';
- my ($threshold,$sysmail,%excluded,%weights);
+ my (%current,%excluded,%weights);
my ($defaults,$names) = &Apache::loncommon::lon_status_items();
if ($lonstatus{'threshold'} =~ /^\d+$/) {
- $threshold = $lonstatus{'threshold'};
+ $current{'errorthreshold'} = $lonstatus{'threshold'};
} else {
- $threshold = $defaults->{'threshold'};
+ $current{'errorthreshold'} = $defaults->{'threshold'};
}
if ($lonstatus{'sysmail'} =~ /^\d+$/) {
- $sysmail = $lonstatus{'sysmail'};
+ $current{'errorsysmail'} = $lonstatus{'sysmail'};
} else {
- $sysmail = $defaults->{'sysmail'};
+ $current{'errorsysmail'} = $defaults->{'sysmail'};
}
if (ref($lonstatus{'weights'}) eq 'HASH') {
foreach my $type ('E','W','N','U') {
@@ -3812,13 +4180,16 @@ sub print_contacts {
map {$excluded{$_} = 1; } @{$lonstatus{'excluded'}};
}
}
- $datatable .= ''.
- ''.
- $titles->{'errorthreshold'}.
- ' '.
- ' ';
- $rownum ++;
+ foreach my $item ('errorthreshold','errorsysmail') {
+ $css_class = $rownum%2?' class="LC_odd_row"':'';
+ $datatable .= ''.
+ ''.
+ $titles->{$item}.
+ ' '.
+ ' ';
+ $rownum ++;
+ }
$css_class = $rownum%2?' class="LC_odd_row"':'';
$datatable .= ''.
''.
@@ -3864,14 +4235,6 @@ sub print_contacts {
}
$datatable .= ' ';
$rownum ++;
- $css_class = $rownum%2?' class="LC_odd_row"':'';
- $datatable .= ''.
- ''.
- $titles->{'errorsysmail'}.
- ' '.
- ' ';
- $rownum ++;
} elsif ($position eq 'bottom') {
my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
my (@posstypes,%usertypeshash);
@@ -4450,7 +4813,7 @@ sub helpdeskroles_access {
sub radiobutton_prefs {
my ($settings,$toggles,$defaultchecked,$choices,$itemcount,$onclick,
- $additional,$align) = @_;
+ $additional,$align,$firstval) = @_;
return unless ((ref($toggles) eq 'ARRAY') && (ref($defaultchecked) eq 'HASH') &&
(ref($choices) eq 'HASH'));
@@ -4490,15 +4853,21 @@ sub radiobutton_prefs {
} else {
$datatable .= '';
}
- $datatable .=
- ''.
- ' '.&mt('Yes').
- ' '.&mt('No').' '.
- ' '.$additional.
- ' '.
- '';
+ $datatable .= '';
+ if ($firstval eq 'no') {
+ $datatable .=
+ ' '.&mt('No').
+ ' '.&mt('Yes').' ';
+ } else {
+ $datatable .=
+ ' '.&mt('Yes').
+ ' '.&mt('No').' ';
+ }
+ $datatable .= ' '.$additional.'';
$itemcount ++;
}
return ($datatable,$itemcount);
@@ -5603,6 +5972,9 @@ sub print_lti {
foreach my $item (keys(%{$settings})) {
if (ref($settings->{$item}) eq 'HASH') {
my $num = $settings->{$item}{'order'};
+ if ($num eq '') {
+ $num = scalar(keys(%{$settings}));
+ }
$ordered{$num} = $item;
}
}
@@ -5615,13 +5987,14 @@ sub print_lti {
for (my $i=0; $i<@items; $i++) {
$css_class = $itemcount%2?' class="LC_odd_row"':'';
my $item = $ordered{$items[$i]};
- my ($key,$secret,$lifetime,$consumer,$requser,$current);
+ my ($key,$secret,$lifetime,$consumer,$requser,$crsinc,$current);
if (ref($settings->{$item}) eq 'HASH') {
$key = $settings->{$item}->{'key'};
$secret = $settings->{$item}->{'secret'};
$lifetime = $settings->{$item}->{'lifetime'};
$consumer = $settings->{$item}->{'consumer'};
$requser = $settings->{$item}->{'requser'};
+ $crsinc = $settings->{$item}->{'crsinc'};
$current = $settings->{$item};
}
my $onclickrequser = ' onclick="toggleLTI(this.form,'."'requser','$i'".');"';
@@ -5633,6 +6006,15 @@ sub print_lti {
$checkedrequser{'no'} = $checkedrequser{'yes'};
$checkedrequser{'yes'} = '';
}
+ my $onclickcrsinc = ' onclick="toggleLTI(this.form,'."'crsinc','$i'".');"';
+ my %checkedcrsinc = (
+ yes => ' checked="checked"',
+ no => '',
+ );
+ if (!$crsinc) {
+ $checkedcrsinc{'no'} = $checkedcrsinc{'yes'};
+ $checkedcrsinc{'yes'} = '';
+ }
my $chgstr = ' onchange="javascript:reorderLTI(this.form,'."'lti_pos_".$item."'".');"';
$datatable .= ''
.'';
@@ -5662,6 +6044,10 @@ sub print_lti {
' '.&mt('Yes').' '."\n".
' '.&mt('No').' '."\n".
' '.
+ ''.$lt{'crsinc'}.':'.
+ ' '.&mt('Yes').' '."\n".
+ ' '.&mt('No').' '."\n".
+ (' 'x4).
''.$lt{'key'}.
': '.
(' 'x2).
@@ -5702,6 +6088,10 @@ sub print_lti {
' '.&mt('Yes').' '."\n".
' '.&mt('No').' '."\n".
' '.
+ ''.$lt{'crsinc'}.':'.
+ ' '.&mt('Yes').' '."\n".
+ ' '.&mt('No').' '."\n".
+ (' 'x4).
''.$lt{'key'}.': '."\n".
(' 'x2).
''.$lt{'secret'}.': '.
@@ -5722,6 +6112,7 @@ sub lti_names {
'consumer' => 'Consumer',
'secret' => 'Secret',
'requser' => "User's identity sent",
+ 'crsinc' => "Course's identity sent",
'email' => 'Email address',
'sourcedid' => 'User ID',
'other' => 'Other',
@@ -5756,6 +6147,7 @@ sub lti_options {
my $callbacksty = 'none';
my $passbacksty = 'none';
my $optionsty = 'block';
+ my $crssty = 'block';
my $lcauthparm;
my $lcauthparmstyle = 'display:none';
my $lcauthparmtext;
@@ -5766,6 +6158,9 @@ sub lti_options {
if (ref($current) eq 'HASH') {
if (!$current->{'requser'}) {
$optionsty = 'none';
+ $crssty = 'none';
+ } elsif (!$current->{'crsinc'}) {
+ $crssty = 'none';
}
if (($current->{'mapuser'} ne '') && ($current->{'mapuser'} ne 'lis_person_sourcedid')) {
$checked{'mapuser'}{'sourcedid'} = '';
@@ -5898,7 +6293,17 @@ sub lti_options {
my $onclicksecsrc = ' onclick="toggleLTI(this.form,'."'secsrc','$num'".')"';
my $onclicklcauth = ' onclick="toggleLTI(this.form,'."'lcauth','$num'".')"';
my $onclickmenu = ' onclick="toggleLTI(this.form,'."'lcmenu','$num'".');"';
- my $output = ''.&mt('Mapping users').' '.
+ my $output = ''.&mt('Logout options').' '.
+ ''.&mt('Callback on logout').': '.
+ ' '.&mt('No').' '.(' 'x2).
+ ' '.&mt('Yes').'
'.
+ ''.
+ ''.&mt('Parameter').': '.
+ ' '.
+ '
'.
+ ''.&mt('Mapping users').' '.
''.&mt('LON-CAPA username').': ';
foreach my $option ('sourcedid','email','other') {
$output .= ' '.
'
'.
- ''.&mt('Mapping course roles').' ';
- foreach my $ltirole (@lticourseroles) {
- my ($selected,$selectnone);
- if ($rolemaps{$ltirole} eq '') {
- $selectnone = ' selected="selected"';
- }
- $output .= ''.$ltirole.' '.
- ''.
- ''.&mt('Select').' ';
- foreach my $role (@courseroles) {
- unless ($selectnone) {
- if ($rolemaps{$ltirole} eq $role) {
- $selected = ' selected="selected"';
- } else {
- $selected = '';
- }
- }
- $output .= ''.
- &Apache::lonnet::plaintext($role,'Course').
- ' ';
- }
- $output .= ' ';
- }
- $output .= '
'.
- ''.&mt('Roles which may create user accounts').' ';
+ ''.&mt('Roles which may create user accounts').' ';
foreach my $ltirole (@ltiroles) {
$output .= ' '.$ltirole.' ';
}
$output .= ' '.
- ''.&mt('New user accounts created for LTI users').' '.
+ ''.&mt('New user accounts created for LTI users').' '.
''.
&modifiable_userdata_row('lti','instdata_'.$num,$current,$numinrow,$itemcount).
'
'.
@@ -5962,7 +6343,29 @@ sub lti_options {
''.$lcauthparmtext.' '.
' '.
''.
- ''.&mt('Mapping courses').' '.
+ ''.
+ &mt('LON-CAPA menu items (Course Coordinator can override)').' '.
+ ''.$lt{'topmenu'}.': '.
+ ' '.&mt('No').' '.(' 'x2).
+ ' '.&mt('Yes').'
'.
+ '
'.
+ ''.$lt{'inlinemenu'}.': '.
+ ' '.&mt('No').' '.(' 'x2).
+ ' '.&mt('Yes').'
';
+ $output .='
'.
+ ' '.
+ ''.&mt('Mapping courses').' '.
''.
&mt('Unique course identifier').': ';
foreach my $option ('course_offering_sourcedid','context_id','other') {
@@ -5980,20 +6383,44 @@ sub lti_options {
(' 'x2);
}
$output .= ' '.
- '
'.&mt('Creating courses').' '.
+ ''.&mt('Mapping course roles').' ';
+ foreach my $ltirole (@lticourseroles) {
+ my ($selected,$selectnone);
+ if ($rolemaps{$ltirole} eq '') {
+ $selectnone = ' selected="selected"';
+ }
+ $output .= ''.$ltirole.' '.
+ ''.
+ ''.&mt('Select').' ';
+ foreach my $role (@courseroles) {
+ unless ($selectnone) {
+ if ($rolemaps{$ltirole} eq $role) {
+ $selected = ' selected="selected"';
+ } else {
+ $selected = '';
+ }
+ }
+ $output .= ''.
+ &Apache::lonnet::plaintext($role,'Course').
+ ' ';
+ }
+ $output .= ' ';
+ }
+ $output .= '
'.
+ ''.&mt('Creating courses').' '.
''.&mt('Course created (if absent) on Instructor access').': '.
' '.&mt('No').' '.(' 'x2).
' '.&mt('Yes').' '.
' '.
- ''.&mt('Roles which may self-enroll').' ';
+ ''.&mt('Roles which may self-enroll').' ';
foreach my $lticrsrole (@lticourseroles) {
$output .= ' '.$lticrsrole.' ';
}
$output .= ' '.
- ''.&mt('Course options').' '.
+ ''.&mt('Course options').' '.
''.&mt('Assign users to sections').': '.
' '.&mt('No').' '.(' 'x2).
@@ -6045,36 +6472,7 @@ sub lti_options {
&mt('Outcomes Service (1.1)').''.(' 'x2).
' '.
&mt('Outcomes Extension (1.0)').'
'.
- '
'.
- ''.&mt('Callback on logout').': '.
- ' '.&mt('No').' '.(' 'x2).
- ' '.&mt('Yes').'
'.
- ''.
- ''.&mt('Parameter').': '.
- ' '.
- '
'.
- ''.&mt('Course defaults (Course Coordinator can override)').' '.
- ''.$lt{'topmenu'}.': '.
- ' '.&mt('No').' '.(' 'x2).
- ' '.&mt('Yes').'
'.
- '
'.
- ''.$lt{'inlinemenu'}.': '.
- ' '.&mt('No').' '.(' 'x2).
- ' '.&mt('Yes').'
';
- $output .='
'.
- ' ';
# ''.&mt('Assigning author roles').' ';
#
@@ -6161,7 +6559,7 @@ sub print_coursedefaults {
my $currcanclone = 'none';
my $onclick;
my @cloneoptions = ('none','domain');
- my %clonetitles = (
+ my %clonetitles = &Apache::lonlocal::texthash (
none => 'No additional course requesters',
domain => "Any course requester in course's domain",
instcode => 'Course requests for official courses ...',
@@ -7184,121 +7582,275 @@ sub print_wafproxy {
my $itemcount = 0;
my $datatable;
my %servers = &Apache::lonnet::internet_dom_servers($dom);
- my (%othercontrol,%otherdoms,%aliases,%values,$setdom);
+ my (%othercontrol,%otherdoms,%aliases,%saml,%values,$setdom,$showdom);
my %lt = &wafproxy_titles();
foreach my $server (sort(keys(%servers))) {
my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server});
+ next if ($serverhome eq '');
my $serverdom;
if ($serverhome ne $server) {
$serverdom = &Apache::lonnet::host_domain($serverhome);
- $othercontrol{$server} = $serverdom;
+ if (($serverdom ne '') && (&Apache::lonnet::domain($serverdom) ne '')) {
+ $othercontrol{$server} = $serverdom;
+ }
} else {
$serverdom = &Apache::lonnet::host_domain($server);
+ next if (($serverdom eq '') || (&Apache::lonnet::domain($serverdom) eq ''));
if ($serverdom ne $dom) {
$othercontrol{$server} = $serverdom;
} else {
$setdom = 1;
if (ref($settings) eq 'HASH') {
- %{$values{$dom}} = ();
if (ref($settings->{'alias'}) eq 'HASH') {
$aliases{$dom} = $settings->{'alias'};
+ if ($aliases{$dom} ne '') {
+ $showdom = 1;
+ }
}
- foreach my $item ('ipheader','trusted','exempt') {
- $values{$dom}{$item} = $settings->{$item};
+ if (ref($settings->{'saml'}) eq 'HASH') {
+ $saml{$dom} = $settings->{'saml'};
}
}
}
}
}
+ if ($setdom) {
+ %{$values{$dom}} = ();
+ if (ref($settings) eq 'HASH') {
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') {
+ $values{$dom}{$item} = $settings->{$item};
+ }
+ }
+ }
if (keys(%othercontrol)) {
%otherdoms = reverse(%othercontrol);
foreach my $domain (keys(%otherdoms)) {
%{$values{$domain}} = ();
my %config = &Apache::lonnet::get_dom('configuration',['wafproxy'],$domain);
- if (ref($config{$domain}) eq 'HASH') {
- if (ref($config{$domain}{'wafproxy'}) eq 'HASH') {
- $aliases{$domain} = $config{$domain}{'wafproxy'}{'alias'};
- foreach my $item ('ipheader','trusted','exempt') {
- $values{$domain}{$item} = $config{$domain}{'wafproxy'}{$item};
- }
+ if (ref($config{'wafproxy'}) eq 'HASH') {
+ $aliases{$domain} = $config{'wafproxy'}{'alias'};
+ if (exists($config{'wafproxy'}{'saml'})) {
+ $saml{$domain} = $config{'wafproxy'}{'saml'};
+ }
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') {
+ $values{$domain}{$item} = $config{'wafproxy'}{$item};
}
}
}
}
if ($position eq 'top') {
my %servers = &Apache::lonnet::internet_dom_servers($dom);
+ my %aliasinfo;
foreach my $server (sort(keys(%servers))) {
- $itemcount ++;
- $css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
- $datatable .= ''.
- ''.&mt('Hostname').': '.
- &Apache::lonnet::hostname($server).' '.
- '';
+ $itemcount ++;
+ my $dom_in_effect;
+ my $aliasrows = ' '.
+ ''.
+ &mt('Hostname').': '.
+ ''.&Apache::lonnet::hostname($server).' ';
if ($othercontrol{$server}) {
- my $current;
- if (ref($aliases{$othercontrol{$server}}) eq 'HASH') {
- $current = $aliases{$othercontrol{$server}{$server}};
+ $dom_in_effect = $othercontrol{$server};
+ my ($current,$forsaml);
+ if (ref($aliases{$dom_in_effect}) eq 'HASH') {
+ $current = $aliases{$dom_in_effect}{$server};
+ }
+ if (ref($saml{$dom_in_effect}) eq 'HASH') {
+ if ($saml{$dom_in_effect}{$server}) {
+ $forsaml = 1;
+ }
}
+ $aliasrows .= ''.
+ &mt('Alias').': ';
if ($current) {
- $datatable .= $current;
+ $aliasrows .= $current;
+ if ($forsaml) {
+ $aliasrows .= ' ('.&mt('also for Shibboleth').')';
+ }
} else {
- $datatable .= &mt('None in effect');
+ $aliasrows .= &mt('None');
}
- $datatable .= '('.
- &mt('WAF/Reverse Proxy controlled by domain: [_1]',
- ''.$othercontrol{$server}.' ').' ';
+ $aliasrows .= ' ('.
+ &mt('controlled by domain: [_1]',
+ ''.$dom_in_effect.' ').') ';
} else {
- my $current;
+ $dom_in_effect = $dom;
+ my ($current,$samlon,$samloff);
+ $samloff = ' checked="checked"';
if (ref($aliases{$dom}) eq 'HASH') {
if ($aliases{$dom}{$server}) {
$current = $aliases{$dom}{$server};
}
}
- $datatable .= ' ';
+ if (ref($saml{$dom}) eq 'HASH') {
+ if ($saml{$dom}{$server}) {
+ $samlon = $samloff;
+ undef($samloff);
+ }
+ }
+ $aliasrows .= ''.
+ &mt('Alias').': '.
+ ' '.
+ (' 'x2).''.
+ &mt('Alias used for Shibboleth').': '.
+ ' '.
+ &mt('No').' '.
+ ' '.
+ &mt('Yes').' '.
+ ' ';
+ }
+ $aliasrows .= ' ';
+ $aliasinfo{$dom_in_effect} .= $aliasrows;
+ }
+ if ($aliasinfo{$dom}) {
+ my ($onclick,$wafon,$wafoff,$showtable);
+ $onclick = ' onclick="javascript:toggleWAF();"';
+ $wafoff = ' checked="checked"';
+ $showtable = ' style="display:none";';
+ if ($showdom) {
+ $wafon = $wafoff;
+ $wafoff = '';
+ $showtable = ' style="display:inline;"';
+ }
+ $css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
+ $datatable = ''.
+ ''.&mt('Domain: [_1]',''.$dom.' ').' '.
+ ''.&mt('WAF in use?').' '.
+ ' '.
+ &mt('Yes').' '.(' 'x2).''.
+ ' '.
+ &mt('No').' '.
+ ''.
+ ' ';
+ $itemcount++;
+ }
+ if (keys(%otherdoms)) {
+ foreach my $key (sort(keys(%otherdoms))) {
+ $css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
+ $datatable .= ''.
+ ''.&mt('Domain: [_1]',''.$key.' ').' '.
+ ' ';
+ $itemcount++;
}
- $datatable .= '';
}
} else {
+ my %ip_methods = &remoteip_methods();
if ($setdom) {
$itemcount ++;
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
- $datatable .= ''.
+ my ($nowafstyle,$wafstyle,$curr_remotip,$currwafdisplay,$vpndircheck,$vpnaliascheck,
+ $currwafvpn,$wafrangestyle,$alltossl,$ssltossl);
+ $wafstyle = ' style="display:none;"';
+ $nowafstyle = ' style="display:table-row;"';
+ $currwafdisplay = ' style="display: none"';
+ $wafrangestyle = ' style="display: none"';
+ $curr_remotip = 'n';
+ $ssltossl = ' checked="checked"';
+ if ($showdom) {
+ $wafstyle = ' style="display:table-row;"';
+ $nowafstyle = ' style="display:none;"';
+ if (keys(%{$values{$dom}})) {
+ if ($values{$dom}{remoteip} =~ /^[nmh]$/) {
+ $curr_remotip = $values{$dom}{remoteip};
+ }
+ if ($curr_remotip eq 'h') {
+ $currwafdisplay = ' style="display:table-row"';
+ $wafrangestyle = ' style="display:inline-block;"';
+ }
+ if ($values{$dom}{'sslopt'}) {
+ $alltossl = ' checked="checked"';
+ $ssltossl = '';
+ }
+ }
+ if (($values{$dom}{'vpnint'} ne '') || ($values{$dom}{'vpnext'} ne '')) {
+ $vpndircheck = ' checked="checked"';
+ $currwafvpn = ' style="display:table-row;"';
+ $wafrangestyle = ' style="display:inline-block;"';
+ } else {
+ $vpnaliascheck = ' checked="checked"';
+ $currwafvpn = ' style="display:none;"';
+ }
+ }
+ $datatable .= ' '.
+ ''.&mt('Domain: [_1]',''.$dom.' ').' '.
+ ''.&mt('WAF not in use, nothing to set').' '.
+ ' '.
+ ''.
''.&mt('Domain: [_1]',''.$dom.' ').' '.
- &mt('Format for comma separated IP blocks').': '.
- &mt('A.B.C.D/N or A.B.C.D - E.F.G.H').' '.
- ' ';
+ ''.&mt('Format for comma separated IP ranges').': '.
+ &mt('A.B.C.D/N or A.B.C.D-E.F.G.H').'
'.
+ ' ';
}
if (keys(%otherdoms)) {
foreach my $domain (sort(keys(%otherdoms))) {
$itemcount ++;
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
$datatable .= ''.
- ''.&mt('Domain: [_1]',$domain).' '.
+ ''.&mt('Domain: [_1]',''.$domain.' ').' '.
'';
- foreach my $item ('ipheader','trusted','exempt') {
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
my $showval = &mt('None');
+ if ($item eq 'ssl') {
+ $showval = $lt{'ssltossl'};
+ }
if ($values{$domain}{$item}) {
- $showval = $values{$domain}{$item};
+ $showval = $values{$domain}{$item};
+ if ($item eq 'ssl') {
+ $showval = $lt{'alltossl'};
+ } elsif ($item eq 'remoteip') {
+ $showval = $ip_methods{$values{$domain}{$item}};
+ }
}
$datatable .= ''.
''.$lt{$item}.': '.$showval.' ';
}
- $datatable .= '
';
+ $datatable .= '';
}
}
}
@@ -7308,9 +7860,25 @@ sub print_wafproxy {
sub wafproxy_titles {
return &Apache::lonlocal::texthash(
- exempt => 'Exempt IP range(s)',
- trusted => 'Trusted IP range(s)',
- ipheader => 'Custom request header',
+ remoteip => "Method for determining user's IP",
+ ipheader => 'Request header containing remote IP',
+ trusted => 'Trusted IP range(s)',
+ vpnaccess => 'Access from institutional VPN',
+ vpndirect => 'via regular hostname (no WAF)',
+ vpnaliased => 'via aliased hostname (WAF)',
+ vpnint => 'Internal IP Range(s) for VPN sessions',
+ vpnext => 'IP Range(s) for backend WAF connections',
+ sslopt => 'Forwarding http/https',
+ alltossl => 'WAF forwards both http and https requests to https',
+ ssltossl => 'WAF forwards http requests to http and https to https',
+ );
+}
+
+sub remoteip_methods {
+ return &Apache::lonlocal::texthash(
+ m => 'Use Apache mod_remoteip',
+ h => 'Use headers parsed by LON-CAPA',
+ n => 'Not in use',
);
}
@@ -8349,8 +8917,8 @@ sub contact_titles {
'updatesmail' => 'E-mail from nightly check of LON-CAPA module integrity/updates',
'idconflictsmail' => 'E-mail from bi-nightly check for multiple users sharing same student/employee ID',
'hostipmail' => 'E-mail from nightly check of hostname/IP network changes',
- 'errorthreshold' => 'Error/warning threshold for status e-mail',
- 'errorsysmail' => 'Error threshold for e-mail to core group',
+ 'errorthreshold' => 'Error count threshold for status e-mail to admin(s)',
+ 'errorsysmail' => 'Error count threshold for e-mail to developer group',
'errorweights' => 'Weights used to compute error count',
'errorexcluded' => 'Servers with unsent updates excluded from count',
);
@@ -9400,7 +9968,7 @@ sub print_defaults {
$datatable .= ' '.&mt('Internal ID:').' '.$item.' '.
' '.
&mt('delete').''.
- ''.&mt('Name displayed:').
+ ' '.&mt('Name displayed').':'.
' '.
' ';
}
@@ -9420,7 +9988,7 @@ sub print_defaults {
' '.
' '.&mt('(new)').
''.
- &mt('Name displayed:').
+ &mt('Name displayed').':'.
' '.
''."\n";
$rownum ++;
@@ -10429,7 +10997,7 @@ ENDSCRIPT
sub initialize_categories {
my ($itemcount) = @_;
my ($datatable,$css_class,$chgstr);
- my %default_names = (
+ my %default_names = &Apache::lonlocal::texthash (
instcode => 'Official courses (with institutional codes)',
communities => 'Communities',
placement => 'Placement Tests',
@@ -10928,12 +11496,14 @@ sub usertype_update_row {
sub modify_login {
my ($r,$dom,$confname,$lastactref,%domconfig) = @_;
my ($resulttext,$errors,$colchgtext,%changes,%colchanges,%newfile,%newurl,
- %curr_loginvia,%loginhash,@currlangs,@newlangs,$addedfile,%title,@offon);
+ %curr_loginvia,%loginhash,@currlangs,@newlangs,$addedfile,%title,@offon,
+ %currsaml,%saml,%samltext,%samlimg,%samlalt,%samlurl,%samltitle,%samlnotsso);
%title = ( coursecatalog => 'Display course catalog',
adminmail => 'Display administrator E-mail address',
helpdesk => 'Display "Contact Helpdesk" link',
newuser => 'Link for visitors to create a user account',
- loginheader => 'Log-in box header');
+ loginheader => 'Log-in box header',
+ saml => 'Dual SSO and non-SSO login');
@offon = ('off','on');
if (ref($domconfig{login}) eq 'HASH') {
if (ref($domconfig{login}{loginvia}) eq 'HASH') {
@@ -10941,6 +11511,20 @@ sub modify_login {
$curr_loginvia{$lonhost} = $domconfig{login}{loginvia}{$lonhost};
}
}
+ if (ref($domconfig{login}{'saml'}) eq 'HASH') {
+ foreach my $lonhost (keys(%{$domconfig{login}{'saml'}})) {
+ if (ref($domconfig{login}{'saml'}{$lonhost}) eq 'HASH') {
+ $currsaml{$lonhost} = $domconfig{login}{'saml'}{$lonhost};
+ $saml{$lonhost} = 1;
+ $samltext{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'text'};
+ $samlurl{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'url'};
+ $samlalt{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'alt'};
+ $samlimg{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'img'};
+ $samltitle{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'title'};
+ $samlnotsso{$lonhost} = $domconfig{login}{'saml'}{$lonhost}{'notsso'};
+ }
+ }
+ }
}
($errors,%colchanges) = &modify_colors($r,$dom,$confname,['login'],
\%domconfig,\%loginhash);
@@ -11187,6 +11771,89 @@ sub modify_login {
$errors .= ''.$error.' ';
}
}
+ my @delsamlimg = &Apache::loncommon::get_env_multiple('form.saml_img_del');
+ my @newsamlimgs;
+ foreach my $lonhost (keys(%domservers)) {
+ if ($env{'form.saml_'.$lonhost}) {
+ if ($env{'form.saml_img_'.$lonhost.'.filename'}) {
+ push(@newsamlimgs,$lonhost);
+ }
+ foreach my $item ('text','alt','url','title','notsso') {
+ $env{'form.saml_'.$item.'_'.$lonhost} =~ s/^\s+|\s+$//g;
+ }
+ if ($saml{$lonhost}) {
+ if (grep(/^\Q$lonhost\E$/,@delsamlimg)) {
+#FIXME Need to obsolete published image
+ delete($currsaml{$lonhost}{'img'});
+ $changes{'saml'}{$lonhost} = 1;
+ }
+ if ($env{'form.saml_alt_'.$lonhost} ne $samlalt{$lonhost}) {
+ $changes{'saml'}{$lonhost} = 1;
+ }
+ if ($env{'form.saml_text_'.$lonhost} ne $samltext{$lonhost}) {
+ $changes{'saml'}{$lonhost} = 1;
+ }
+ if ($env{'form.saml_url_'.$lonhost} ne $samlurl{$lonhost}) {
+ $changes{'saml'}{$lonhost} = 1;
+ }
+ if ($env{'form.saml_title_'.$lonhost} ne $samltitle{$lonhost}) {
+ $changes{'saml'}{$lonhost} = 1;
+ }
+ if ($env{'form.saml_notsso_'.$lonhost} ne $samlnotsso{$lonhost}) {
+ $changes{'saml'}{$lonhost} = 1;
+ }
+ } else {
+ $changes{'saml'}{$lonhost} = 1;
+ }
+ foreach my $item ('text','alt','url','title','notsso') {
+ $currsaml{$lonhost}{$item} = $env{'form.saml_'.$item.'_'.$lonhost};
+ }
+ } else {
+ if ($saml{$lonhost}) {
+ $changes{'saml'}{$lonhost} = 1;
+ delete($currsaml{$lonhost});
+ }
+ }
+ }
+ foreach my $posshost (keys(%currsaml)) {
+ unless (exists($domservers{$posshost})) {
+ delete($currsaml{$posshost});
+ }
+ }
+ %{$loginhash{'login'}{'saml'}} = %currsaml;
+ if (@newsamlimgs) {
+ my $error;
+ my ($configuserok,$author_ok,$switchserver) = &config_check($dom,$confname,$servadm);
+ if ($configuserok eq 'ok') {
+ if ($switchserver) {
+ $error = &mt("Upload of SSO Button Image is not permitted to this server: [_1].",$switchserver);
+ } elsif ($author_ok eq 'ok') {
+ foreach my $lonhost (@newsamlimgs) {
+ my $formelem = 'saml_img_'.$lonhost;
+ my ($result,$imgurl) = &publishlogo($r,'upload',$formelem,$dom,$confname,
+ "login/saml/$lonhost",'','',
+ $env{'form.saml_img_'.$lonhost.'.filename'});
+ if ($result eq 'ok') {
+ $currsaml{$lonhost}{'img'} = $imgurl;
+ $loginhash{'login'}{'saml'}{$lonhost}{'img'} = $imgurl;
+ $changes{'saml'}{$lonhost} = 1;
+ } else {
+ my $puberror = &mt("Upload of SSO button image failed for [_1] because an error occurred publishing the file in RES space. Error was: [_2].",
+ $lonhost,$result);
+ $errors .= ''.$puberror.' ';
+ }
+ }
+ } else {
+ $error = &mt("Upload of SSO button image file(s) failed because an author role could not be assigned to a Domain Configuration user ([_1]) in domain: [_2]. Error was: [_3].",$confname,$dom,$author_ok);
+ }
+ } else {
+ $error = &mt("Upload of SSO button image file(s) failed because a Domain Configuration user ([_1]) could not be created in domain: [_2]. Error was: [_3].",$confname,$dom,$configuserok);
+ }
+ if ($error) {
+ &Apache::lonnet::logthis($error);
+ $errors .= ''.$error.' ';
+ }
+ }
&process_captcha('login',\%changes,$loginhash{'login'},$domconfig{'login'});
my $defaulthelpfile = '/adm/loginproblems.html';
@@ -11227,6 +11894,31 @@ sub modify_login {
}
if (keys(%changes) > 0 || $colchgtext) {
&Apache::loncommon::devalidate_domconfig_cache($dom);
+ if (exists($changes{'saml'})) {
+ my $hostid_in_use;
+ my @hosts = &Apache::lonnet::current_machine_ids();
+ if (@hosts > 1) {
+ foreach my $hostid (@hosts) {
+ if (&Apache::lonnet::host_domain($hostid) eq $dom) {
+ $hostid_in_use = $hostid;
+ last;
+ }
+ }
+ } else {
+ $hostid_in_use = $r->dir_config('lonHostID');
+ }
+ if (($hostid_in_use) &&
+ (&Apache::lonnet::host_domain($hostid_in_use) eq $dom)) {
+ &Apache::lonnet::devalidate_cache_new('samllanding',$hostid_in_use);
+ }
+ if (ref($lastactref) eq 'HASH') {
+ if (ref($changes{'saml'}) eq 'HASH') {
+ my %updates;
+ map { $updates{$_} = 1; } keys(%{$changes{'saml'}});
+ $lastactref->{'samllanding'} = \%updates;
+ }
+ }
+ }
if (ref($lastactref) eq 'HASH') {
$lastactref->{'domainconfig'} = 1;
}
@@ -11306,6 +11998,38 @@ sub modify_login {
}
}
}
+ } elsif ($item eq 'saml') {
+ if (ref($changes{$item}) eq 'HASH') {
+ my %notlt = (
+ text => 'Text for log-in by SSO',
+ img => 'SSO button image',
+ alt => 'Alt text for button image',
+ url => 'SSO URL',
+ title => 'Tooltip for SSO link',
+ notsso => 'Text for non-SSO log-in',
+ );
+ foreach my $lonhost (sort(keys(%{$changes{$item}}))) {
+ if (ref($currsaml{$lonhost}) eq 'HASH') {
+ $resulttext .= ''.&mt("$title{$item} in use for [_1]","$lonhost ").
+ '';
+ foreach my $key ('text','img','alt','url','title','notsso') {
+ if ($currsaml{$lonhost}{$key} eq '') {
+ $resulttext .= ''.&mt("$notlt{$key} not in use").' ';
+ } else {
+ my $value = "'$currsaml{$lonhost}{$key}'";
+ if ($key eq 'img') {
+ $value = ' ';
+ }
+ $resulttext .= ''.&mt("$notlt{$key} set to: [_1]",
+ $value).' ';
+ }
+ }
+ $resulttext .= ' ';
+ } else {
+ $resulttext .= ''.&mt("$title{$item} not in use for [_1]",$lonhost).' ';
+ }
+ }
+ }
} elsif ($item eq 'captcha') {
if (ref($loginhash{'login'}) eq 'HASH') {
my $chgtxt;
@@ -13274,7 +13998,7 @@ sub modify_ltitools {
my %ltienchash = (
$action => { %encconfig }
);
- &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom);
+ &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom,undef,1);
if (keys(%changes) > 0) {
my $cachetime = 24*60*60;
my %ltiall = %confhash;
@@ -13848,7 +14572,7 @@ sub modify_proctoring {
my %proc_enchash = (
$action => { %encconfhash }
);
- &Apache::lonnet::put_dom('encconfig',\%proc_enchash,$dom);
+ &Apache::lonnet::put_dom('encconfig',\%proc_enchash,$dom,undef,1);
if (keys(%changes) > 0) {
my $cachetime = 24*60*60;
my %procall = %confhash;
@@ -14087,15 +14811,15 @@ sub modify_lti {
map { $deletions{$_} = 1; } @todelete;
}
my $maxnum = $env{'form.lti_maxnum'};
- for (my $i=0; $i<=$maxnum; $i++) {
+ for (my $i=0; $i<$maxnum; $i++) {
my $itemid = $env{'form.lti_id_'.$i};
$itemid =~ s/\D+//g;
if (ref($domconfig{$action}{$itemid}) eq 'HASH') {
if ($deletions{$itemid}) {
$changes{$itemid} = $domconfig{$action}{$itemid}{'consumer'};
} else {
- push(@items,$i);
- $itemids{$i} = $itemid;
+ push(@items,$i);
+ $itemids{$i} = $itemid;
}
}
}
@@ -14103,12 +14827,12 @@ sub modify_lti {
foreach my $idx (@items) {
my $itemid = $itemids{$idx};
next unless ($itemid);
- my $position = $env{'form.lti_pos_'.$idx};
+ my $position = $env{'form.lti_pos_'.$itemid};
$position =~ s/\D+//g;
if ($position ne '') {
$allpos[$position] = $itemid;
}
- foreach my $item ('consumer','key','secret','lifetime','requser') {
+ foreach my $item ('consumer','key','secret','lifetime','requser','crsinc') {
my $formitem = 'form.lti_'.$item.'_'.$idx;
$env{$formitem} =~ s/(`)/'/g;
if ($item eq 'lifetime') {
@@ -14141,12 +14865,6 @@ sub modify_lti {
$mapuser =~ s/^\s+|\s+$//g;
$confhash{$itemid}{'mapuser'} = $mapuser;
}
- foreach my $ltirole (@lticourseroles) {
- my $possrole = $env{'form.lti_maprole_'.$ltirole.'_'.$idx};
- if (grep(/^\Q$possrole\E$/,@courseroles)) {
- $confhash{$itemid}{'maproles'}{$ltirole} = $possrole;
- }
- }
my @possmakeuser = &Apache::loncommon::get_env_multiple('form.lti_makeuser_'.$idx);
my @makeuser;
foreach my $ltirole (sort(@possmakeuser)) {
@@ -14179,46 +14897,6 @@ sub modify_lti {
}
}
}
- if (($env{'form.lti_mapcrs_'.$idx} eq 'course_offering_sourcedid') ||
- ($env{'form.lti_mapcrs_'.$idx} eq 'context_id')) {
- $confhash{$itemid}{'mapcrs'} = $env{'form.lti_mapcrs_'.$idx};
- } elsif ($env{'form.lti_mapcrs_'.$idx} eq 'other') {
- my $mapcrs = $env{'form.lti_mapcrsfield_'.$idx};
- $mapcrs =~ s/(`)/'/g;
- $mapcrs =~ s/^\s+|\s+$//g;
- $confhash{$itemid}{'mapcrs'} = $mapcrs;
- }
- my @posstypes = &Apache::loncommon::get_env_multiple('form.lti_mapcrstype_'.$idx);
- my @crstypes;
- foreach my $type (sort(@posstypes)) {
- if ($posscrstype{$type}) {
- push(@crstypes,$type);
- }
- }
- $confhash{$itemid}{'mapcrstype'} = \@crstypes;
- if ($env{'form.lti_makecrs_'.$idx}) {
- $confhash{$itemid}{'makecrs'} = 1;
- }
- my @possenroll = &Apache::loncommon::get_env_multiple('form.lti_selfenroll_'.$idx);
- my @selfenroll;
- foreach my $type (sort(@possenroll)) {
- if ($posslticrs{$type}) {
- push(@selfenroll,$type);
- }
- }
- $confhash{$itemid}{'selfenroll'} = \@selfenroll;
- if ($env{'form.lti_crssec_'.$idx}) {
- if ($env{'form.lti_crssecsrc_'.$idx} eq 'course_section_sourcedid') {
- $confhash{$itemid}{'section'} = $env{'form.lti_crssecsrc_'.$idx};
- } elsif ($env{'form.lti_crssecsrc_'.$idx} eq 'other') {
- my $section = $env{'form.lti_customsection_'.$idx};
- $section =~ s/(`)/'/g;
- $section =~ s/^\s+|\s+$//g;
- if ($section ne '') {
- $confhash{$itemid}{'section'} = $section;
- }
- }
- }
if ($env{'form.lti_callback_'.$idx}) {
if ($env{'form.lti_callbackparam_'.$idx}) {
my $callback = $env{'form.lti_callbackparam_'.$idx};
@@ -14226,18 +14904,11 @@ sub modify_lti {
$confhash{$itemid}{'callback'} = $callback;
}
}
- foreach my $field ('passback','roster','topmenu','inlinemenu') {
+ foreach my $field ('topmenu','inlinemenu') {
if ($env{'form.lti_'.$field.'_'.$idx}) {
$confhash{$itemid}{$field} = 1;
}
}
- if ($env{'form.lti_passback_'.$idx}) {
- if ($env{'form.lti_passbackformat_'.$idx} eq '1.0') {
- $confhash{$itemid}{'passbackformat'} = '1.0';
- } else {
- $confhash{$itemid}{'passbackformat'} = '1.1';
- }
- }
if ($env{'form.lti_topmenu_'.$idx} || $env{'form.lti_inlinemenu_'.$idx}) {
$confhash{$itemid}{lcmenu} = [];
my @possmenu = &Apache::loncommon::get_env_multiple('form.lti_menuitem_'.$idx);
@@ -14250,64 +14921,152 @@ sub modify_lti {
}
}
}
- unless (($idx eq 'add') || ($changes{$itemid})) {
- foreach my $field ('mapuser','mapcrs','makecrs','section','passback','roster','lcauth','lcauthparm','topmenu','inlinemenu','callback') {
- if ($domconfig{$action}{$itemid}{$field} ne $confhash{$itemid}{$field}) {
- $changes{$itemid} = 1;
+ if ($confhash{$itemid}{'crsinc'}) {
+ if (($env{'form.lti_mapcrs_'.$idx} eq 'course_offering_sourcedid') ||
+ ($env{'form.lti_mapcrs_'.$idx} eq 'context_id')) {
+ $confhash{$itemid}{'mapcrs'} = $env{'form.lti_mapcrs_'.$idx};
+ } elsif ($env{'form.lti_mapcrs_'.$idx} eq 'other') {
+ my $mapcrs = $env{'form.lti_mapcrsfield_'.$idx};
+ $mapcrs =~ s/(`)/'/g;
+ $mapcrs =~ s/^\s+|\s+$//g;
+ $confhash{$itemid}{'mapcrs'} = $mapcrs;
+ }
+ my @posstypes = &Apache::loncommon::get_env_multiple('form.lti_mapcrstype_'.$idx);
+ my @crstypes;
+ foreach my $type (sort(@posstypes)) {
+ if ($posscrstype{$type}) {
+ push(@crstypes,$type);
+ }
+ }
+ $confhash{$itemid}{'mapcrstype'} = \@crstypes;
+ if ($env{'form.lti_makecrs_'.$idx}) {
+ $confhash{$itemid}{'makecrs'} = 1;
+ }
+ foreach my $ltirole (@lticourseroles) {
+ my $possrole = $env{'form.lti_maprole_'.$ltirole.'_'.$idx};
+ if (grep(/^\Q$possrole\E$/,@courseroles)) {
+ $confhash{$itemid}{'maproles'}{$ltirole} = $possrole;
+ }
+ }
+ my @possenroll = &Apache::loncommon::get_env_multiple('form.lti_selfenroll_'.$idx);
+ my @selfenroll;
+ foreach my $type (sort(@possenroll)) {
+ if ($posslticrs{$type}) {
+ push(@selfenroll,$type);
+ }
+ }
+ $confhash{$itemid}{'selfenroll'} = \@selfenroll;
+ if ($env{'form.lti_crssec_'.$idx}) {
+ if ($env{'form.lti_crssecsrc_'.$idx} eq 'course_section_sourcedid') {
+ $confhash{$itemid}{'section'} = $env{'form.lti_crssecsrc_'.$idx};
+ } elsif ($env{'form.lti_crssecsrc_'.$idx} eq 'other') {
+ my $section = $env{'form.lti_customsection_'.$idx};
+ $section =~ s/(`)/'/g;
+ $section =~ s/^\s+|\s+$//g;
+ if ($section ne '') {
+ $confhash{$itemid}{'section'} = $section;
+ }
}
}
- unless ($changes{$itemid}) {
- if ($domconfig{$action}{$itemid}{'passback'} eq $confhash{$itemid}{'passback'}) {
- if ($domconfig{$action}{$itemid}{'passbackformat'} ne $confhash{$itemid}{'passbackformat'}) {
+ foreach my $field ('passback','roster') {
+ if ($env{'form.lti_'.$field.'_'.$idx}) {
+ $confhash{$itemid}{$field} = 1;
+ }
+ }
+ if ($env{'form.lti_passback_'.$idx}) {
+ if ($env{'form.lti_passbackformat_'.$idx} eq '1.0') {
+ $confhash{$itemid}{'passbackformat'} = '1.0';
+ } else {
+ $confhash{$itemid}{'passbackformat'} = '1.1';
+ }
+ }
+ }
+ unless (($idx eq 'add') || ($changes{$itemid})) {
+ if ($confhash{$itemid}{'crsinc'}) {
+ foreach my $field ('mapcrs','makecrs','section','passback','roster') {
+ if ($domconfig{$action}{$itemid}{$field} ne $confhash{$itemid}{$field}) {
$changes{$itemid} = 1;
}
}
- }
- foreach my $field ('makeuser','mapcrstype','selfenroll','instdata','lcmenu') {
unless ($changes{$itemid}) {
- if (ref($domconfig{$action}{$itemid}{$field}) eq 'ARRAY') {
- if (ref($confhash{$itemid}{$field}) eq 'ARRAY') {
- my @diffs = &Apache::loncommon::compare_arrays($domconfig{$action}{$itemid}{$field},
- $confhash{$itemid}{$field});
- if (@diffs) {
- $changes{$itemid} = 1;
- }
- } elsif (@{$domconfig{$action}{$itemid}{$field}} > 0) {
- $changes{$itemid} = 1;
- }
- } elsif (ref($confhash{$itemid}{$field}) eq 'ARRAY') {
- if (@{$confhash{$itemid}{$field}} > 0) {
+ if ($domconfig{$action}{$itemid}{'passback'} eq $confhash{$itemid}{'passback'}) {
+ if ($domconfig{$action}{$itemid}{'passbackformat'} ne $confhash{$itemid}{'passbackformat'}) {
$changes{$itemid} = 1;
}
}
}
- }
- unless ($changes{$itemid}) {
- if (ref($domconfig{$action}{$itemid}{'maproles'}) eq 'HASH') {
- if (ref($confhash{$itemid}{'maproles'}) eq 'HASH') {
- foreach my $ltirole (keys(%{$domconfig{$action}{$itemid}{'maproles'}})) {
- if ($domconfig{$action}{$itemid}{'maproles'}{$ltirole} ne
- $confhash{$itemid}{'maproles'}{$ltirole}) {
+ foreach my $field ('mapcrstype','selfenroll') {
+ unless ($changes{$itemid}) {
+ if (ref($domconfig{$action}{$itemid}{$field}) eq 'ARRAY') {
+ if (ref($confhash{$itemid}{$field}) eq 'ARRAY') {
+ my @diffs = &Apache::loncommon::compare_arrays($domconfig{$action}{$itemid}{$field},
+ $confhash{$itemid}{$field});
+ if (@diffs) {
+ $changes{$itemid} = 1;
+ }
+ } elsif (@{$domconfig{$action}{$itemid}{$field}} > 0) {
+ $changes{$itemid} = 1;
+ }
+ } elsif (ref($confhash{$itemid}{$field}) eq 'ARRAY') {
+ if (@{$confhash{$itemid}{$field}} > 0) {
$changes{$itemid} = 1;
- last;
}
}
- unless ($changes{$itemid}) {
- foreach my $ltirole (keys(%{$confhash{$itemid}{'maproles'}})) {
- if ($confhash{$itemid}{'maproles'}{$ltirole} ne
- $domconfig{$action}{$itemid}{'maproles'}{$ltirole}) {
+ }
+ }
+ unless ($changes{$itemid}) {
+ if (ref($domconfig{$action}{$itemid}{'maproles'}) eq 'HASH') {
+ if (ref($confhash{$itemid}{'maproles'}) eq 'HASH') {
+ foreach my $ltirole (keys(%{$domconfig{$action}{$itemid}{'maproles'}})) {
+ if ($domconfig{$action}{$itemid}{'maproles'}{$ltirole} ne
+ $confhash{$itemid}{'maproles'}{$ltirole}) {
$changes{$itemid} = 1;
last;
}
}
+ unless ($changes{$itemid}) {
+ foreach my $ltirole (keys(%{$confhash{$itemid}{'maproles'}})) {
+ if ($confhash{$itemid}{'maproles'}{$ltirole} ne
+ $domconfig{$action}{$itemid}{'maproles'}{$ltirole}) {
+ $changes{$itemid} = 1;
+ last;
+ }
+ }
+ }
+ } elsif (keys(%{$domconfig{$action}{$itemid}{'maproles'}}) > 0) {
+ $changes{$itemid} = 1;
+ }
+ } elsif (ref($confhash{$itemid}{'maproles'}) eq 'HASH') {
+ unless ($changes{$itemid}) {
+ if (keys(%{$confhash{$itemid}{'maproles'}}) > 0) {
+ $changes{$itemid} = 1;
+ }
}
- } elsif (keys(%{$domconfig{$action}{$itemid}{'maproles'}}) > 0) {
+ }
+ }
+ }
+ unless ($changes{$itemid}) {
+ foreach my $field ('mapuser','lcauth','lcauthparm','topmenu','inlinemenu','callback') {
+ if ($domconfig{$action}{$itemid}{$field} ne $confhash{$itemid}{$field}) {
$changes{$itemid} = 1;
}
- } elsif (ref($confhash{$itemid}{'maproles'}) eq 'HASH') {
- unless ($changes{$itemid}) {
- if (keys(%{$confhash{$itemid}{'maproles'}}) > 0) {
- $changes{$itemid} = 1;
+ }
+ unless ($changes{$itemid}) {
+ foreach my $field ('makeuser','lcmenu') {
+ if (ref($domconfig{$action}{$itemid}{$field}) eq 'ARRAY') {
+ if (ref($confhash{$itemid}{$field}) eq 'ARRAY') {
+ my @diffs = &Apache::loncommon::compare_arrays($domconfig{$action}{$itemid}{$field},
+ $confhash{$itemid}{$field});
+ if (@diffs) {
+ $changes{$itemid} = 1;
+ }
+ } elsif (@{$domconfig{$action}{$itemid}{$field}} > 0) {
+ $changes{$itemid} = 1;
+ }
+ } elsif (ref($confhash{$itemid}{$field}) eq 'ARRAY') {
+ if (@{$confhash{$itemid}{$field}} > 0) {
+ $changes{$itemid} = 1;
+ }
}
}
}
@@ -14340,7 +15099,7 @@ sub modify_lti {
my %ltienchash = (
$action => { %encconfig }
);
- &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom);
+ &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom,undef,1);
if (keys(%changes) > 0) {
my $cachetime = 24*60*60;
my %ltiall = %confhash;
@@ -14366,7 +15125,7 @@ sub modify_lti {
if (ref($confhash{$itemid}) ne 'HASH') {
$resulttext .= ''.&mt('Deleted: [_1]',$changes{$itemid}).' ';
} else {
- $resulttext .= ''.$confhash{$itemid}{'consumer'}.' ';
+ $resulttext .= ''.$confhash{$itemid}{'consumer'}.' ';
my $position = $pos + 1;
$resulttext .= ''.&mt('Order: [_1]',$position).' ';
foreach my $item ('version','lifetime') {
@@ -14383,6 +15142,11 @@ sub modify_lti {
$resulttext .= ('*'x$num).' ';
}
if ($confhash{$itemid}{'requser'}) {
+ if ($confhash{$itemid}{'callback'}) {
+ $resulttext .= ''.&mt('Callback setting').': '.$confhash{$itemid}{'callback'}.' ';
+ } else {
+ $resulttext .= ''.&mt('No callback to logout LON-CAPA session when user logs out of Comsumer').' ';
+ }
if ($confhash{$itemid}{'mapuser'}) {
my $shownmapuser;
if ($confhash{$itemid}{'mapuser'} eq 'lis_person_sourcedid') {
@@ -14394,20 +15158,6 @@ sub modify_lti {
}
$resulttext .= ''.&mt('LON-CAPA username').': '.$shownmapuser.' ';
}
- if (ref($confhash{$itemid}{'maproles'}) eq 'HASH') {
- my $rolemaps;
- foreach my $role (@ltiroles) {
- if ($confhash{$itemid}{'maproles'}{$role}) {
- $rolemaps .= (' 'x2).$role.'='.
- &Apache::lonnet::plaintext($confhash{$itemid}{'maproles'}{$role},
- 'Course').',';
- }
- }
- if ($rolemaps) {
- $rolemaps =~ s/,$//;
- $resulttext .= ''.&mt('Role mapping:').$rolemaps.' ';
- }
- }
if (ref($confhash{$itemid}{'makeuser'}) eq 'ARRAY') {
if (@{$confhash{$itemid}{'makeuser'}} > 0) {
$resulttext .= ''.&mt('Following roles may create user accounts: [_1]',
@@ -14440,59 +15190,10 @@ sub modify_lti {
$resulttext .= ' '.&mt('No institutional data used when creating a new user.').' ';
}
}
- if ($confhash{$itemid}{'mapcrs'}) {
- $resulttext .= ''.&mt('Unique course identifier').': '.$confhash{$itemid}{'mapcrs'}.' ';
- }
- if (ref($confhash{$itemid}{'mapcrstype'}) eq 'ARRAY') {
- if (@{$confhash{$itemid}{'mapcrstype'}} > 0) {
- $resulttext .= ''.&mt('Mapping for the following LON-CAPA course types: [_1]',
- join(', ',map { $coursetypetitles{$_}; } @coursetypes)).
- ' ';
- } else {
- $resulttext .= ''.&mt('No mapping to LON-CAPA courses').' ';
- }
- }
- if ($confhash{$itemid}{'makecrs'}) {
- $resulttext .= ''.&mt('Instructor may create course (if absent).').' ';
- } else {
- $resulttext .= ''.&mt('Instructor may not create course (if absent).').' ';
- }
- if (ref($confhash{$itemid}{'selfenroll'}) eq 'ARRAY') {
- if (@{$confhash{$itemid}{'selfenroll'}} > 0) {
- $resulttext .= ''.&mt('Self-enrollment for following roles: [_1]',
- join(', ',@{$confhash{$itemid}{'selfenroll'}})).
- ' ';
- } else {
- $resulttext .= ''.&mt('Self-enrollment not permitted').' ';
- }
- }
- if ($confhash{$itemid}{'section'}) {
- if ($confhash{$itemid}{'section'} eq 'course_section_sourcedid') {
- $resulttext .= ''.&mt('User section from standard field:').
- ' (course_section_sourcedid)'.' ';
- } else {
- $resulttext .= ''.&mt('User section from:').' '.
- $confhash{$itemid}{'section'}.' ';
- }
- } else {
- $resulttext .= ''.&mt('No section assignment').' ';
- }
- if ($confhash{$itemid}{'callback'}) {
- $resulttext .= ''.&mt('Callback setting').': '.$confhash{$itemid}{'callback'}.' ';
- } else {
- $resulttext .= ''.&mt('No callback to logout LON-CAPA session when user logs out of Comsumer');
- }
- foreach my $item ('passback','roster','topmenu','inlinemenu') {
+ foreach my $item ('topmenu','inlinemenu') {
$resulttext .= ' '.$lt{$item}.': ';
if ($confhash{$itemid}{$item}) {
$resulttext .= &mt('Yes');
- if ($item eq 'passback') {
- if ($confhash{$itemid}{'passbackformat'} eq '1.0') {
- $resulttext .= ' ('.&mt('Outcomes Extension (1.0)').')';
- } elsif ($confhash{$itemid}{'passbackformat'} eq '1.1') {
- $resulttext .= ' ('.&mt('Outcomes Service (1.1)').')';
- }
- }
} else {
$resulttext .= &mt('No');
}
@@ -14501,9 +15202,86 @@ sub modify_lti {
if (ref($confhash{$itemid}{'lcmenu'}) eq 'ARRAY') {
if (@{$confhash{$itemid}{'lcmenu'}} > 0) {
$resulttext .= ' '.&mt('Menu items:').' '.
- join(', ', map { $menutitles{$_}; } (@{$confhash{$itemid}{'lcmenu'}})).' ';
+ join(', ', map { $menutitles{$_}; } (@{$confhash{$itemid}{'lcmenu'}})).'';
+ } else {
+ $resulttext .= ''.&mt('No menu items displayed in header or online menu').' ';
+ }
+ }
+ if ($confhash{$itemid}{'crsinc'}) {
+ if (ref($confhash{$itemid}{'maproles'}) eq 'HASH') {
+ my $rolemaps;
+ foreach my $role (@ltiroles) {
+ if ($confhash{$itemid}{'maproles'}{$role}) {
+ $rolemaps .= (' 'x2).$role.'='.
+ &Apache::lonnet::plaintext($confhash{$itemid}{'maproles'}{$role},
+ 'Course').',';
+ }
+ }
+ if ($rolemaps) {
+ $rolemaps =~ s/,$//;
+ $resulttext .= ''.&mt('Role mapping:').$rolemaps.' ';
+ }
+ }
+ if ($confhash{$itemid}{'mapcrs'}) {
+ $resulttext .= ''.&mt('Unique course identifier').': '.$confhash{$itemid}{'mapcrs'}.' ';
+ }
+ if (ref($confhash{$itemid}{'mapcrstype'}) eq 'ARRAY') {
+ if (@{$confhash{$itemid}{'mapcrstype'}} > 0) {
+ $resulttext .= ''.&mt('Mapping for the following LON-CAPA course types: [_1]',
+ join(', ',map { $coursetypetitles{$_}; } @coursetypes)).
+ ' ';
+ } else {
+ $resulttext .= ''.&mt('No mapping to LON-CAPA courses').' ';
+ }
+ }
+ if ($confhash{$itemid}{'makecrs'}) {
+ $resulttext .= ''.&mt('Instructor may create course (if absent).').' ';
+ } else {
+ $resulttext .= ''.&mt('Instructor may not create course (if absent).').' ';
+ }
+ if (ref($confhash{$itemid}{'selfenroll'}) eq 'ARRAY') {
+ if (@{$confhash{$itemid}{'selfenroll'}} > 0) {
+ $resulttext .= ''.&mt('Self-enrollment for following roles: [_1]',
+ join(', ',@{$confhash{$itemid}{'selfenroll'}})).
+ ' ';
+ } else {
+ $resulttext .= ''.&mt('Self-enrollment not permitted').' ';
+ }
+ }
+ if ($confhash{$itemid}{'section'}) {
+ if ($confhash{$itemid}{'section'} eq 'course_section_sourcedid') {
+ $resulttext .= ''.&mt('User section from standard field:').
+ ' (course_section_sourcedid)'.' ';
+ } else {
+ $resulttext .= ''.&mt('User section from:').' '.
+ $confhash{$itemid}{'section'}.' ';
+ }
} else {
- $resulttext .= ''.&mt('No menu items displayed in header or online menu').' ';
+ $resulttext .= ''.&mt('No section assignment').' ';
+ }
+ foreach my $item ('passback','roster','topmenu','inlinemenu') {
+ $resulttext .= ''.$lt{$item}.': ';
+ if ($confhash{$itemid}{$item}) {
+ $resulttext .= &mt('Yes');
+ if ($item eq 'passback') {
+ if ($confhash{$itemid}{'passbackformat'} eq '1.0') {
+ $resulttext .= ' ('.&mt('Outcomes Extension (1.0)').')';
+ } elsif ($confhash{$itemid}{'passbackformat'} eq '1.1') {
+ $resulttext .= ' ('.&mt('Outcomes Service (1.1)').')';
+ }
+ }
+ } else {
+ $resulttext .= &mt('No');
+ }
+ $resulttext .= ' ';
+ }
+ if (ref($confhash{$itemid}{'lcmenu'}) eq 'ARRAY') {
+ if (@{$confhash{$itemid}{'lcmenu'}} > 0) {
+ $resulttext .= ''.&mt('Menu items:').' '.
+ join(', ', map { $menutitles{$_}; } (@{$confhash{$itemid}{'lcmenu'}})).' ';
+ } else {
+ $resulttext .= ''.&mt('No menu items displayed in header or online menu').' ';
+ }
}
}
}
@@ -14682,8 +15460,10 @@ sub modify_autoupdate {
}
my @offon = ('off','on');
my %title = &Apache::lonlocal::texthash (
- run => 'Auto-update:',
- classlists => 'Updates to user information in classlists?'
+ run => 'Auto-update:',
+ classlists => 'Updates to user information in classlists?',
+ unexpired => 'Skip updates for users without active or future roles?',
+ lastactive => 'Skip updates for inactive users?',
);
my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
my %fieldtitles = &Apache::lonlocal::texthash (
@@ -14727,12 +15507,23 @@ sub modify_autoupdate {
my %updatehash = (
autoupdate => { run => $env{'form.autoupdate_run'},
classlists => $env{'form.classlists'},
+ unexpired => $env{'form.unexpired'},
fields => {%fields},
lockablenames => \@lockablenames,
}
);
+ my $lastactivedays;
+ if ($env{'form.lastactive'}) {
+ $lastactivedays = $env{'form.lastactivedays'};
+ $lastactivedays =~ s/^\s+|\s+$//g;
+ unless ($lastactivedays =~ /^\d+$/) {
+ undef($lastactivedays);
+ $env{'form.lastactive'} = 0;
+ }
+ }
+ $updatehash{'autoupdate'}{'lastactive'} = $lastactivedays;
foreach my $key (keys(%currautoupdate)) {
- if (($key eq 'run') || ($key eq 'classlists')) {
+ if (($key eq 'run') || ($key eq 'classlists') || ($key eq 'unexpired') || ($key eq 'lastactive')) {
if (exists($updatehash{autoupdate}{$key})) {
if ($currautoupdate{$key} ne $updatehash{autoupdate}{$key}) {
$changes{$key} = 1;
@@ -14778,6 +15569,16 @@ sub modify_autoupdate {
$changes{'lockablenames'} = 1;
}
}
+ unless (grep(/^unexpired$/,keys(%currautoupdate))) {
+ if ($updatehash{'autoupdate'}{'unexpired'}) {
+ $changes{'unexpired'} = 1;
+ }
+ }
+ unless (grep(/^lastactive$/,keys(%currautoupdate))) {
+ if ($updatehash{'autoupdate'}{'lastactive'} ne '') {
+ $changes{'lastactive'} = 1;
+ }
+ }
foreach my $item (@{$types},'default') {
if (defined($fields{$item})) {
if (ref($currautoupdate{'fields'}) eq 'HASH') {
@@ -14840,6 +15641,11 @@ sub modify_autoupdate {
my $newvalue;
if ($key eq 'run') {
$newvalue = $offon[$env{'form.autoupdate_run'}];
+ } elsif ($key eq 'lastactive') {
+ $newvalue = $offon[$env{'form.lastactive'}];
+ unless ($lastactivedays eq '') {
+ $newvalue .= '; '.&mt('inactive = no activity in last [quant,_1,day]',$lastactivedays);
+ }
} else {
$newvalue = $offon[$env{'form.'.$key}];
}
@@ -15204,7 +16010,7 @@ sub modify_contacts {
$contacts_hash{'contacts'}{'lonstatus'}{$item} = \@excluded;
}
} elsif ($item eq 'weights') {
- foreach my $type ('E','W','N') {
+ foreach my $type ('E','W','N','U') {
$env{'form.error'.$item.'_'.$type} =~ s/^\s+|\s+$//g;
if ($env{'form.error'.$item.'_'.$type} =~ /^\d+$/) {
unless ($env{'form.error'.$item.'_'.$type} == $lonstatus_defs->{$type}) {
@@ -16371,7 +17177,7 @@ sub modify_passwords {
$resulttext .= ''.&mt('E-mail address(es) in LON-CAPA used for verification will include: [_1]',join(', ',map { $titles{$_}; } @{$staticdefaults{'resetemail'}})).' ';
}
} else {
- $resulttext .= ''.&mt('E-mail address(es) in LON-CAPA usedfor verification will include: [_1]',join(', ',map { $titles{$_}; } @{$staticdefaults{'resetemail'}})).' ';
+ $resulttext .= ''.&mt('E-mail address(es) in LON-CAPA used for verification will include: [_1]',join(', ',map { $titles{$_}; } @{$staticdefaults{'resetemail'}})).' ';
}
if ($confighash{'passwords'}{'resetremove'}) {
$resulttext .= ''.&mt('Preamble to "Forgot Password" web form not shown').' ';
@@ -19579,34 +20385,55 @@ sub modify_selfenrollment {
sub modify_wafproxy {
my ($dom,$action,$lastactref,%domconfig) = @_;
my %servers = &Apache::lonnet::internet_dom_servers($dom);
- my (%othercontrol,%canset,%values,%curralias,%currvalue,@warnings,%wafproxy,
- %changes,%expirecache);
+ my (%othercontrol,%canset,%values,%curralias,%currsaml,%currvalue,@warnings,
+ %wafproxy,%changes,%expirecache,%expiresaml);
foreach my $server (sort(keys(%servers))) {
my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server});
if ($serverhome eq $server) {
my $serverdom = &Apache::lonnet::host_domain($server);
if ($serverdom eq $dom) {
$canset{$server} = 1;
- if (ref($domconfig{'wafproxy'}) eq 'HASH') {
- %{$values{$dom}} = ();
- if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') {
- %curralias = %{$domconfig{'wafproxy'}{'alias'}};
- }
- foreach my $item ('ipheader','trusted','exempt') {
- $currvalue{$item} = $domconfig{'wafproxy'}{$item};
- }
- }
}
}
}
+ if (ref($domconfig{'wafproxy'}) eq 'HASH') {
+ %{$values{$dom}} = ();
+ if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') {
+ %curralias = %{$domconfig{'wafproxy'}{'alias'}};
+ }
+ if (ref($domconfig{'wafproxy'}{'saml'}) eq 'HASH') {
+ %currsaml = %{$domconfig{'wafproxy'}{'saml'}};
+ }
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
+ $currvalue{$item} = $domconfig{'wafproxy'}{$item};
+ }
+ }
my $output;
if (keys(%canset)) {
%{$wafproxy{'alias'}} = ();
+ %{$wafproxy{'saml'}} = ();
foreach my $key (sort(keys(%canset))) {
- $wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key};
- $wafproxy{'alias'}{$key} =~ s/^\s+|\s+$//g;
- if ($wafproxy{'alias'}{$key} ne $curralias{$key}) {
- $changes{'alias'} = 1;
+ if ($env{'form.wafproxy_'.$dom}) {
+ $wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key};
+ $wafproxy{'alias'}{$key} =~ s/^\s+|\s+$//g;
+ if ($wafproxy{'alias'}{$key} ne $curralias{$key}) {
+ $changes{'alias'} = 1;
+ }
+ if ($env{'form.wafproxy_alias_saml_'.$key}) {
+ $wafproxy{'saml'}{$key} = 1;
+ }
+ if ($wafproxy{'saml'}{$key} ne $currsaml{$key}) {
+ $changes{'saml'} = 1;
+ }
+ } else {
+ $wafproxy{'alias'}{$key} = '';
+ $wafproxy{'saml'}{$key} = '';
+ if ($curralias{$key}) {
+ $changes{'alias'} = 1;
+ }
+ if ($currsaml{$key}) {
+ $changes{'saml'} = 1;
+ }
}
if ($wafproxy{'alias'}{$key} eq '') {
if ($curralias{$key}) {
@@ -19614,28 +20441,59 @@ sub modify_wafproxy {
}
delete($wafproxy{'alias'}{$key});
}
+ if ($wafproxy{'saml'}{$key} eq '') {
+ if ($currsaml{$key}) {
+ $expiresaml{$key} = 1;
+ }
+ delete($wafproxy{'saml'}{$key});
+ }
}
unless (keys(%{$wafproxy{'alias'}})) {
delete($wafproxy{'alias'});
}
- # Localization for values in %warn occus in &mt() calls separately.
+ unless (keys(%{$wafproxy{'saml'}})) {
+ delete($wafproxy{'saml'});
+ }
+ # Localization for values in %warn occurs in &mt() calls separately.
my %warn = (
trusted => 'trusted IP range(s)',
- exempt => 'exempt IP range(s)',
+ vpnint => 'internal IP range(s) for VPN sessions(s)',
+ vpnext => 'IP range(s) for backend WAF connections',
);
- foreach my $item ('ipheader','trusted','exempt') {
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
my $possible = $env{'form.wafproxy_'.$item};
$possible =~ s/^\s+|\s+$//g;
if ($possible ne '') {
- if ($item eq 'ipheader') {
- $wafproxy{$item} = $possible;
+ if ($item eq 'remoteip') {
+ if ($possible =~ /^[mhn]$/) {
+ $wafproxy{$item} = $possible;
+ }
+ } elsif ($item eq 'ipheader') {
+ if ($wafproxy{'remoteip'} eq 'h') {
+ $wafproxy{$item} = $possible;
+ }
+ } elsif ($item eq 'sslopt') {
+ if ($possible =~ /^0|1$/) {
+ $wafproxy{$item} = $possible;
+ }
} else {
my (@ok,$count);
- $possible =~ s/[\r\n]+/\s/g;
- $possible =~ s/\s*-\s*/-/g;
- $possible =~ s/\s+/,/g;
+ if (($item eq 'vpnint') || ($item eq 'vpnext')) {
+ unless ($env{'form.wafproxy_vpnaccess'}) {
+ $possible = '';
+ }
+ } elsif ($item eq 'trusted') {
+ unless ($wafproxy{'remoteip'} eq 'h') {
+ $possible = '';
+ }
+ }
+ unless ($possible eq '') {
+ $possible =~ s/[\r\n]+/\s/g;
+ $possible =~ s/\s*-\s*/-/g;
+ $possible =~ s/\s+/,/g;
+ }
$count = 0;
- if ($possible) {
+ if ($possible ne '') {
foreach my $poss (split(/\,/,$possible)) {
$count ++;
if (&validate_ip_pattern($poss)) {
@@ -19652,15 +20510,25 @@ sub modify_wafproxy {
$diff,$warn{$item}).
'');
}
- if ($wafproxy{$item} ne $currvalue{$item}) {
- $changes{$item} = 1;
- }
}
}
- } else {
- if ($currvalue{$item}) {
+ if ($wafproxy{$item} ne $currvalue{$item}) {
$changes{$item} = 1;
}
+ } elsif ($currvalue{$item}) {
+ $changes{$item} = 1;
+ }
+ }
+ } else {
+ if (keys(%curralias)) {
+ $changes{'alias'} = 1;
+ }
+ if (keys(%currsaml)) {
+ $changes{'saml'} = 1;
+ }
+ if (keys(%currvalue)) {
+ foreach my $key (keys(%currvalue)) {
+ $changes{$key} = 1;
}
}
}
@@ -19673,7 +20541,7 @@ sub modify_wafproxy {
if ($putresult eq 'ok') {
my $cachetime = 24*60*60;
my (%domdefaults,$updatedomdefs);
- foreach my $item ('ipheader','trusted','exempt') {
+ foreach my $item ('ipheader','trusted','vpnint','vpnext','sslopt') {
if ($changes{$item}) {
unless ($updatedomdefs) {
%domdefaults = &Apache::lonnet::get_domain_defaults($dom);
@@ -19709,8 +20577,25 @@ sub modify_wafproxy {
$lastactref->{'proxyalias'} = \%updates;
}
}
+ if ((exists($wafproxy{'saml'})) || (keys(%expiresaml))) {
+ my %samlupdates = %expiresaml;
+ foreach my $key (keys(%expiresaml)) {
+ &Apache::lonnet::devalidate_cache_new('proxysaml',$key);
+ }
+ if (ref($wafproxy{'saml'}) eq 'HASH') {
+ my $cachetime = 24*60*60;
+ foreach my $key (keys(%{$wafproxy{'saml'}})) {
+ $samlupdates{$key} = 1;
+ &Apache::lonnet::do_cache_new('proxysaml',$key,$wafproxy{'saml'}{$key},
+ $cachetime);
+ }
+ }
+ if (ref($lastactref) eq 'HASH') {
+ $lastactref->{'proxysaml'} = \%samlupdates;
+ }
+ }
$output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'';
- foreach my $item ('alias','ipheader','trusted','exempt') {
+ foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
if ($changes{$item}) {
if ($item eq 'alias') {
my $numaliased = 0;
@@ -19732,27 +20617,66 @@ sub modify_wafproxy {
unless ($numaliased) {
$output .= ''.&mt('Aliases deleted for hostnames').' ';
}
+ } elsif ($item eq 'saml') {
+ my $shown;
+ if (ref($wafproxy{'saml'}) eq 'HASH') {
+ if (keys(%{$wafproxy{'saml'}})) {
+ $shown = join(', ',sort(keys(%{$wafproxy{'saml'}})));
+ }
+ }
+ if ($shown) {
+ $output .= ''.&mt('Alias used by Shibboleth for: [_1]',
+ $shown).' ';
+ } else {
+ $output .= ''.&mt('No alias used for Shibboleth').' ';
+ }
} else {
- if ($item eq 'ipheader') {
+ if ($item eq 'remoteip') {
+ my %ip_methods = &remoteip_methods();
+ if ($wafproxy{$item} =~ /^[mh]$/) {
+ $output .= ''.&mt("Method for determining user's IP set to: [_1]",
+ $ip_methods{$wafproxy{$item}}).' ';
+ } else {
+ if (($env{'form.wafproxy_'.$dom}) && (ref($wafproxy{'alias'}) eq 'HASH')) {
+ $output .= ''.&mt("No method in use to get user's real IP (will report IP used by WAF).").
+ ' ';
+ } else {
+ $output .= ''.&mt('WAF/Reverse Proxy not in use').' ';
+ }
+ }
+ } elsif ($item eq 'ipheader') {
if ($wafproxy{$item}) {
- $output .= ''.&mt('Custom request header set to [_1]',
+ $output .= ' '.&mt('Request header with remote IP set to: [_1]',
$wafproxy{$item}).' ';
} else {
- $output .= ''.&mt('Custom request header deleted').' ';
+ $output .= ''.&mt('Request header with remote IP deleted').' ';
}
} elsif ($item eq 'trusted') {
if ($wafproxy{$item}) {
- $output .= ''.&mt('Trusted IP range(s) set to [_1]',
+ $output .= ' '.&mt('Trusted IP range(s) set to: [_1]',
$wafproxy{$item}).' ';
} else {
$output .= ''.&mt('Trusted IP range(s) deleted').' ';
}
- } elsif ($item eq 'exempt') {
+ } elsif ($item eq 'vpnint') {
+ if ($wafproxy{$item}) {
+ $output .= ''.&mt('Internal IP Range(s) for VPN sessions set to: [_1]',
+ $wafproxy{$item}).' ';
+ } else {
+ $output .= ''.&mt('Internal IP Range(s) for VPN sessions deleted').' ';
+ }
+ } elsif ($item eq 'vpnext') {
if ($wafproxy{$item}) {
- $output .= ''.&mt('Exempt IP range(s) set to [_1]',
+ $output .= ' '.&mt('IP Range(s) for backend WAF connections set to: [_1]',
$wafproxy{$item}).' ';
} else {
- $output .= ''.&mt('Exempt IP range(s) deleted').' ';
+ $output .= ''.&mt('IP Range(s) for backend WAF connections deleted').' ';
+ }
+ } elsif ($item eq 'sslopt') {
+ if ($wafproxy{$item}) {
+ $output .= ''.&mt('WAF/Reverse Proxy expected to forward requests to https on LON-CAPA node, regardless of original protocol in web browser (http or https).').' ';
+ } else {
+ $output .= ''.&mt('WAF/Reverse Proxy expected to preserve original protocol in web browser (either http or https) when forwarding to LON-CAPA node.').' ';
}
}
}
@@ -20718,8 +21642,13 @@ sub modify_loadbalancing {
}
}
if ($changes{'curr'}{$balancer}{'cookie'}) {
- $resulttext .= ''.&mt('Load Balancer: [_1] -- cookie use enabled',
- $balancer).' ';
+ if ($currcookies{$balancer}) {
+ $resulttext .= ''.&mt('Load Balancer: [_1] -- cookie use disabled',
+ $balancer).' ';
+ } else {
+ $resulttext .= ''.&mt('Load Balancer: [_1] -- cookie use enabled',
+ $balancer).' ';
+ }
}
}
}
@@ -21499,15 +22428,34 @@ sub devalidate_remote_domconfs {
my %thismachine;
map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids();
my @posscached = ('domainconfig','domdefaults','ltitools','usersessions',
- 'directorysrch','passwdconf','cats','proxyalias');
+ 'directorysrch','passwdconf','cats','proxyalias','proxysaml');
+ my %cache_by_lonhost;
+ if (exists($cachekeys->{'samllanding'})) {
+ if (ref($cachekeys->{'samllanding'}) eq 'HASH') {
+ my %landing = %{$cachekeys->{'samllanding'}};
+ my %domservers = &Apache::lonnet::get_servers($dom);
+ if (keys(%domservers)) {
+ foreach my $server (keys(%domservers)) {
+ my @cached;
+ next if ($thismachine{$server});
+ if ($landing{$server}) {
+ push(@cached,&escape('samllanding').':'.&escape($server));
+ }
+ if (@cached) {
+ $cache_by_lonhost{$server} = \@cached;
+ }
+ }
+ }
+ }
+ }
if (keys(%servers)) {
foreach my $server (keys(%servers)) {
next if ($thismachine{$server});
my @cached;
foreach my $name (@posscached) {
if ($cachekeys->{$name}) {
- if ($name eq 'proxyalias') {
- if (ref($cachekeys->{$name}) eq 'HASH') {
+ if (($name eq 'proxyalias') || ($name eq 'proxysaml')) {
+ if (ref($cachekeys->{$name}) eq 'HASH') {
foreach my $key (keys(%{$cachekeys->{$name}})) {
push(@cached,&escape($name).':'.&escape($key));
}
@@ -21517,6 +22465,10 @@ sub devalidate_remote_domconfs {
}
}
}
+ if ((exists($cache_by_lonhost{$server})) &&
+ (ref($cache_by_lonhost{$server}) eq 'ARRAY')) {
+ push(@cached,@{$cache_by_lonhost{$server}});
+ }
if (@cached) {
&Apache::lonnet::remote_devalidate_cache($server,\@cached);
}