--- loncom/interface/groupsort.pm	2009/03/13 11:45:27	1.64
+++ loncom/interface/groupsort.pm	2016/11/22 13:51:29	1.75
@@ -2,7 +2,7 @@
 # The LON-CAPA group sort handler
 # Allows for sorting prior to import into RAT.
 #
-# $Id: groupsort.pm,v 1.64 2009/03/13 11:45:27 bisitz Exp $
+# $Id: groupsort.pm,v 1.75 2016/11/22 13:51:29 raeburn Exp $
 # 
 # Copyright Michigan State University Board of Trustees
 #
@@ -32,12 +32,12 @@ package Apache::groupsort;
 
 use strict;
 
-use Apache::Constants qw(:common);
+use Apache::Constants qw(:common :http);
 use GDBM_File;
 use Apache::loncommon;
 use Apache::lonlocal;
 use Apache::lonnet;
-use LONCAPA;
+use LONCAPA qw(:DEFAULT :match);
 
 my $iconpath; # variable to be accessible to multiple subroutines
 my %hash; # variable to tie to user specific database
@@ -59,7 +59,7 @@ sub update_actions_hash {
 	$ac++;
     }
     # sorting through the actions and changing the global database hash
-    foreach my $key (sort {$achash{$a}<=>$achash{$b}} (keys %ahash)) {
+    foreach my $key (sort {$achash{$a}<=>$achash{$b}} (keys(%ahash))) {
 	if ($ahash{$key} eq '1') {
 	    $hash->{'store_'.$hash->{'pre_'.$key.'_link'}}=
 		$hash->{'pre_'.$key.'_title'};
@@ -86,8 +86,8 @@ sub update_actions_hash {
 sub readfromdb {
     my ($r,$resources)=@_;
 
-    my $diropendb = 
-       "/home/httpd/perl/tmp/$env{'user.domain'}_$env{'user.name'}_sel_res.db";
+    my $diropendb = LONCAPA::tempdir() .
+       "$env{'user.domain'}_$env{'user.name'}_sel_res.db";
 
 # ----------------------------- diropendb is now the filename of the db to open
     if (tie(%hash,'GDBM_File',$diropendb,&GDBM_WRCREAT(),0640)) {
@@ -152,12 +152,23 @@ sub readfromfile {
 		  &Apache::lonnet::filelocation('',$env{'form.readfile'}));
     } else {
         my $parser = HTML::TokeParser->new(\$cont);
-        my $token;
+        my ($token,$donechk,$allmaps);
+        $allmaps = {};
         while ($token = $parser->get_token) {
 	    if ($token->[0] eq 'S') {
                 if ($token->[1] eq 'resource') {
 		    if ($env{'form.recover'}) {
 			if ($token->[2]->{'type'} ne 'zombie') { next; }
+                        if ($token->[2]->{'src'} =~ /\.(page|sequence)$/) {
+                            if (($env{'request.course.id'}) &&
+                                ($env{'form.readfile'} =~ m{/default(|_\d+)\.(page|sequence)$})) {
+                                unless ($donechk) {
+                                    $allmaps = &Apache::loncommon::allmaps_incourse();
+                                    $donechk = 1;
+                                }
+                            }
+                            if ($allmaps->{$token->[2]->{'src'}}) { next; }
+                        }
 		    } else {
 			if ($token->[2]->{'type'} eq 'zombie') { next; }
 		    }
@@ -181,46 +192,90 @@ sub readfromfile {
     }
 }
 
-# --------------------------------------------------------- Read from bookmarks
-
-sub readfrombookmarks {
-    my ($r,$resources)=@_;
-    my %bookmarks=&Apache::lonnet::dump('bookmarks');
-# the bookmark "hash" is just one entry
-# it's a javascript program code with arguments like ('title','url');
-    my @bookmarks=($bookmarks{'bookmarks'}=~/\((?:\'([^\']+)\'\,\'([^\']+)\'|\"([^\"]+)\"\,\"([^\"]+)\")\)\;/g);
-    for (my $index=0;$index<($#bookmarks+1)/2;$index++) {
-        if ($bookmarks[$index*2+1]) {
-	    my $url  = $bookmarks[$index*2+1];
-	    my $name = $bookmarks[$index*2];
-	    $name =~ s/^LON\-CAPA\s+//;
-
-	    push(@{$resources},{'url' => $url, 'title' => $name});
-	}
-    }
-}
-
 # ---------------------------------------------------------------- Main Handler
 sub handler {
     my $r = shift;
  
    &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
-			     ['acts','mode','readfile','recover','bookmarks']);
+			     ['acts','mode','readfile','recover']);
 
     &Apache::loncommon::content_type($r,'text/html');
     $r->send_http_header;
     return OK if $r->header_only;
 
+# permissions checking
+    my ($allowed,$canedit,$context,$cid);
+    if ($env{'form.readfile'} =~ m{^/uploaded/($match_domain)/($match_courseid)/}) {
+        my ($cdom,$cnum) = ($1,$2);
+        $cid = $cdom.'_'.$cnum;
+        $context = 'course';
+        if ((&Apache::lonnet::allowed('mdc',$cid)) ||
+            (&Apache::lonnet::allowed('cev',$cid))) {
+            $allowed = 1;
+        }
+    } elsif ($env{'form.readfile'} =~ m{^/res/}) {
+        $context = 'res';
+        if ((&Apache::lonnet::allowed('bre',$env{'form.readfile'})) ||
+            (&Apache::lonnet::allowed('bro',$env{'form.readfile'}))) {
+            $allowed = 1;
+        }
+    } elsif (($env{'form.readfile'} eq '') && ($env{'form.acts'} ne '')) {
+        $allowed = 1;
+    }
+    if ($allowed) {
+        if ($env{'form.mode'} eq 'rat') {
+            if (&Apache::lonnet::allowed('are',$env{'request.role.domain'})) {
+                $canedit = 1;
+            }
+        } elsif (($env{'form.mode'} eq 'simple') || ($env{'form.mode'} eq '')) {
+            if ($context eq 'course') {
+                if (&Apache::lonnet::allowed('mdc',$cid)) {
+                    $canedit = 1;
+                }
+            } elsif (($env{'request.course.id'}) &&
+                     (&Apache::lonnet::allowed('mdc',$env{'request.course.id'}))) {
+                $canedit = 1;
+            } elsif (&Apache::lonnet::allowed('are',$env{'request.role.domain'})) {
+                $canedit = 1;
+            }
+        }
+    }
+
+    unless ($allowed) {
+        if ($context eq 'course') {
+            if ($env{'request.course.id'} eq $cid) { 
+                $env{'user.error.msg'}=
+                    "/adm/groupsort::0:1:Course environment gone, reinitialize the course";
+            } else {
+                $env{'user.error.msg'}=
+                    "/adm/groupsort:bre:0:0:Cannot view folder contents";
+            }
+        } else {
+            $env{'user.error.msg'}=
+                "/adm/groupsort:bre:0:0:Cannot view map contents";
+        }
+        return HTTP_NOT_ACCEPTABLE;
+    }
+
 # finish_import looks different for graphical or "simple" RAT
     my $finishimport='';
     my $begincondition='';
     my $endcondition='';
-    if (($env{'form.readfile'}) || ($env{'form.bookmarks'}))  {
+    my $noedit;
+    unless ($canedit) {
+        if ($context eq 'course') {
+            $noedit = &js_escape(&mt('You do not have rights to edit the course.'));
+        } else {
+            $noedit = &js_escape(&mt('You do not have rights to edit map contents.'));
+        }
+    } 
+    if (($env{'form.readfile'}))  {
         $begincondition='if (eval("document.forms.groupsort.include"+num+".checked")) {';
 	$endcondition='}';
     }
     if ($env{'form.mode'} eq 'simple' || $env{'form.mode'} eq '') {
-        $finishimport=(<<ENDSMP);
+        if ($canedit) {
+            $finishimport=(<<ENDSMP);
 function finish_import() {
     opener.document.forms.simpleedit.importdetail.value='';
     for (var num=0; num<document.forms.groupsort.fnum.value; num++) {
@@ -235,8 +290,16 @@ function finish_import() {
     self.close();
 }
 ENDSMP
+        } else {
+            $finishimport=(<<ENDNO);
+function finish_import() {
+    alert('$noedit');
+} 
+ENDNO
+        }
     } else {
-        $finishimport=(<<ENDADV);
+        if ($canedit) {
+            $finishimport=(<<ENDADV);
 function finish_import() {
     var linkflag=false;
     for (var num=0; num<document.forms.groupsort.fnum.value; num++) {
@@ -258,6 +321,13 @@ function finish_import() {
     self.close();
 }
 ENDADV
+        } else {
+            $finishimport=(<<ENDNONE);
+function finish_import() {
+    alert('$noedit');
+}
+ENDNONE
+        }
     }
 
 # output start of web page
@@ -299,15 +369,23 @@ END
 
     if ($env{'form.readfile'}) {
 	&readfromfile($r,\@resources);
-    } elsif ($env{'form.bookmarks'}) {
-	&readfrombookmarks($r,\@resources);
     } else {
 	&readfromdb($r,\@resources);
     }
 
     my $ctr = 0;
     my $clen = scalar(@resources);
-    if (($clen > 1) || ($env{'form.readfile'}) || ($env{'form.bookmarks'})) {
+    my $title = '';
+    if ($env{'form.recover'}) {
+        $title = 'Recover Removed Resources';
+    } else {
+        $title = 'Sort Imported Resources';
+    }
+    my $disabled;
+    unless ($canedit) {
+        $disabled = ' disabled="disabled"';
+    }
+    if (($clen > 1) || ($env{'form.readfile'})) {
 	my %lt=&Apache::lonlocal::texthash(
 		'fin'=> 'Finalize order of resources',
 		'ci' => 'Continue Import',
@@ -321,17 +399,9 @@ END
 		'pa' => 'Path',
                 'in' => 'Include'
 		);
-        my $title = '';
-        if ($env{'form.recover'}) {
-            $title = 'Recover Removed Resources';
-        } else {
-            $title = 'Sort Imported Resources';
-        }
-        if ($env{'form.bookmarks'}) {
-            $title = 'Import Resources from Bookmarks';
-        }
 
 	$r->print(&Apache::loncommon::start_page($title, $js));
+	$r->print('<h1>'.&mt($title).'</h1>');
 
 	$r->print(<<END);
 <form method='post' action='/adm/groupsort' name='groupsort'
@@ -341,18 +411,18 @@ END
 <input type="hidden" name="newval" value="" />
 <input type="hidden" name="mode" value="$env{'form.mode'}" />
 <input type="hidden" name="readfile" value="$env{'form.readfile'}" />
-<input type="hidden" name="bookmarks" value="$env{'form.bookmarks'}" />
 <input type="hidden" name="recover" value="$env{'form.recover'}" />
 END
 
         $r->print(&Apache::loncommon::inhibit_menu_check('input'));
         # ---
-    
+
+        my $buttontext = $lt{'re'};
         if ($env{'form.recover'}) {
 	    $r->print(<<END);
-<input type="button" name="alter" value="$lt{'re'}"
- onClick="finish_import()" />&nbsp;
-<input type="button" name="alter" value="$lt{'ca'}" onClick="self.close()" />
+<input type="button" name="alter" value="$buttontext"
+ onclick="finish_import()"$disabled />&nbsp;
+<input type="button" name="alter" value="$lt{'ca'}" onclick="self.close()" />
 END
 	} else {
         # --- Continue Buttons
@@ -362,30 +432,42 @@ END
 <h2>$lt{'fin'}</h2>
 <div>
 <input type="button" name="alter" value="$lt{'ci'}"
- onClick="window.location='$resurl?inhibitmenu=yes&amp;catalogmode=import'" />&nbsp;
+ onclick="window.location='$resurl?inhibitmenu=yes&amp;catalogmode=import'" />&nbsp;
 <input type="button" name="altersearch" value="$lt{'cs'}"
- onClick="window.location='/adm/searchcat?inhibitmenu=yes&amp;catalogmode=import'" />&nbsp;
+ onclick="window.location='/adm/searchcat?inhibitmenu=yes&amp;catalogmode=import'" />&nbsp;
 <input type="button" name="alter" value="$lt{'fi'}"
- onClick="finish_import()" />&nbsp;
-<input type="button" name="alter" value="$lt{'ca'}" onClick="self.close()" />
+ onclick="finish_import()"$disabled />&nbsp;
+<input type="button" name="alter" value="$lt{'ca'}" onclick="self.close()" />
 </div>
 <br />
 END
         }
-        $r->print(&Apache::loncommon::start_data_table()
-                 .&Apache::loncommon::start_data_table_header_row());
-	if (($env{'form.readfile'}) || ($env{'form.bookmarks'})) { 
-	    $r->print("<th>$lt{'in'}</th>\n");
-	} else { 
-	    $r->print('<th colspan="2">'.$lt{'co'}.'</th>'."\n"); 
-	}
-	$r->print('<th colspan="2">'.$lt{'ti'}.'</th>'."\n");
-	$r->print("<th>$lt{'pa'}</th>");
-        $r->print(&Apache::loncommon::end_data_table_header_row()
-                 ."\n");
+
+        # Only display header if content exists
+        if ($clen > 0) {
+            $r->print(&Apache::loncommon::start_data_table()
+                     .&Apache::loncommon::start_data_table_header_row());
+            if (($env{'form.readfile'})) { 
+                $r->print("<th>$lt{'in'}</th>\n");
+            } else { 
+                $r->print('<th colspan="2">'.$lt{'co'}.'</th>'."\n"); 
+            }
+            $r->print('<th colspan="2">'.$lt{'ti'}.'</th>'."\n");
+            $r->print("<th>$lt{'pa'}</th>");
+            $r->print(&Apache::loncommon::end_data_table_header_row()."\n");
+        } else {
+            my $errtxt = '';
+            if ($env{'form.recover'}) {
+                $errtxt = 'There are no resources to recover.';
+            } else {
+                $errtxt = 'There are no resources to import.';
+            }
+            $r->print('<p class="LC_info">'.&mt($errtxt).'</p>');
+        }
     } else {
 	$r->print(&Apache::loncommon::start_page(undef,$js,
 						 {'only_body' => 1}));
+#       $r->print('<h1>'.&mt($title).'</h1>');
 	$r->print(<<END);
 <form method='post' action='/adm/groupsort' name='groupsort'
       enctype='application/x-www-form-urlencoded'>
@@ -400,36 +482,45 @@ END
     foreach my $resource (@resources) {
 	$ctr++;
 	my $iconname=&Apache::loncommon::icon($resource->{'url'});
-	if (($clen > 1) || ($env{'form.readfile'}) || ($env{'form.bookmarks'})) {
+	if (($clen > 1) || ($env{'form.readfile'})) {
 	    $r->print(&Apache::loncommon::start_data_table_row()
                      ."<td>");
-            if (($env{'form.readfile'}) || ($env{'form.bookmarks'})) {
-		$r->print(&checkbox($ctr-1));
+            if (($env{'form.readfile'})) {
+		$r->print(&checkbox($ctr-1,$disabled));
 	    } else {
 		$r->print(&movers($clen,$ctr));
 	    }
 	}
 	$r->print(&hidden($ctr-1,$resource->{'title'},$resource->{'url'},
 			  $resource->{'id'}));
-	if (($clen > 1)  || ($env{'form.readfile'}) || ($env{'form.bookmarks'})) {
+	if (($clen > 1)  || ($env{'form.readfile'})) {
 	    $r->print("</td>");
-            unless (($env{'form.readfile'}) || ($env{'form.bookmarks'})) {
+            unless (($env{'form.readfile'})) {
 		$r->print("<td>".
-			  &select_box($clen,$ctr).
+			  &select_box($clen,$ctr,$disabled).
 			  "</td>");
 	    }
 	    $r->print("<td>");
 	    $r->print("<img src='$iconname' />");
 	    $r->print("</td><td>");
-	    $r->print($resource->{'title'}.$resource->{'notes'}."</td><td>\n");
+            if (($env{'form.recover'}) &&
+                ($resource->{'url'} =~ m{/uploaded/$match_domain/$match_courseid/supplemental/})) {
+                my $title = &Apache::loncommon::parse_supplemental_title($resource->{'title'});
+                $r->print($title);
+            } else {
+                $r->print($resource->{'title'});
+            }
+            $r->print($resource->{'notes'}."</td><td>\n");
 	    $r->print($resource->{'url'}."</td>"
                      .&Apache::loncommon::end_data_table_row()
                      ."\n");
 	} 
     }
-    if (($clen > 1) || ($env{'form.readfile'}) || ($env{'form.bookmarks'})) {
-        $r->print(&Apache::loncommon::end_data_table()
-                 ."</form>");
+    if (($clen > 1) || ($env{'form.readfile'})) {
+        if ($clen > 0) {
+            $r->print(&Apache::loncommon::end_data_table());
+        }
+        $r->print('</form>');
     } else {
 	$r->print(<<END);
 <script type="text/javascript">
@@ -476,10 +567,10 @@ END
 
 # ------------------------------------------ Select box (returns scalar string)
 sub select_box {
-    my ($total,$sel) = @_;
+    my ($total,$sel,$disabled) = @_;
     my $string;
     $string = '<select name="alt'.$sel.'"';
-    $string .= " onChange='selectchange($sel)'>";
+    $string .= " onchange='selectchange($sel)'.$disabled.'>";
     $string .= "<option name='o0' value='0'>".&mt('discard')."</option>";
     for my $cur (1..$total) {
 	$string .= "<option name='o$cur' value='$cur'";
@@ -495,10 +586,10 @@ sub select_box {
 # ------------------------------------------------------------------- Checkbox
 
 sub checkbox {
-    my $sel=shift;
+    my ($sel,$disabled) = @_;
     return "<label><input type='checkbox' name='include$sel'".
        ($env{"form.include$sel"}?' checked="checked"':'').
-       ' />'.&mt('Include').'</label>';
+       $disabled.' />'.&mt('Include').'</label>';
 }
 
 1;