--- loncom/interface/loncreateuser.pm 2002/09/03 20:46:04 1.39.4.2 +++ loncom/interface/loncreateuser.pm 2002/11/18 20:06:53 1.44 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Create a user # -# $Id: loncreateuser.pm,v 1.39.4.2 2002/09/03 20:46:04 albertel Exp $ +# $Id: loncreateuser.pm,v 1.44 2002/11/18 20:06:53 matthew Exp $ # # Copyright Michigan State University Board of Trustees # @@ -47,7 +47,7 @@ # 11/12,11/13,11/15 Scott Harrison # 02/11/02 Matthew Hall # -# $Id: loncreateuser.pm,v 1.39.4.2 2002/09/03 20:46:04 albertel Exp $ +# $Id: loncreateuser.pm,v 1.44 2002/11/18 20:06:53 matthew Exp $ ### package Apache::loncreateuser; @@ -80,6 +80,19 @@ BEGIN { $authformloc = &Apache::loncommon::authform_local(%param); } + + +# ==================================================== Figure out author access + +sub authorpriv { + my ($auname,$audom)=@_; + if (($auname ne $ENV{'user.name'}) || + (($audom ne $ENV{'user.domain'}) && + ($audom ne $ENV{'request.role.domain'}))) { return ''; } + unless (&Apache::lonnet::allowed('cca',$audom)) { return ''; } + return 1; +} + # =================================================================== Phase one sub print_username_entry_form { @@ -87,18 +100,22 @@ sub print_username_entry_form { my $defdom=$ENV{'request.role.domain'}; my @domains = &Apache::loncommon::get_domains(); my $domform = &Apache::loncommon::select_dom_form($defdom,'ccdomain'); + my $bodytag =&Apache::loncommon::bodytag( + 'Create Users, Change User Privileges'); $r->print(<<"ENDDOCUMENT"); The LearningOnline Network with CAPA - -

Create User, Change User Privileges

+$bodytag

-Username:
-Domain: $domform + + +
Username: +
+Domain:$domform

@@ -154,9 +171,9 @@ sub print_user_modification_page { - - ENDDOCHEAD + $r->print(&Apache::loncommon::bodytag( + 'Create Users, Change User Privileges')); my $forminfo =<<"ENDFORMINFO";
@@ -293,18 +310,12 @@ END } } } - # I have no idea what the hell the above code does - # So the following is a check: - if ($allowed) { - # If we are looking at a co-author role, make sure it is - # for the current users construction space before we let - # them revoke it. - if (($role_code eq 'ca') && - ($ENV{'request.role'} !~ /^dc/)) { - if ($area !~ - /^\/$ENV{'request.role.domain'}\/$ENV{'user.name'}/) { - $allowed = 0; - } + if ($role_code eq 'ca') { + $area=~/\/(\w+)\/(\w+)/; + if (&authorpriv($2,$1)) { + $allowed=1; + } else { + $allowed=0; } } my $row = ''; @@ -328,8 +339,8 @@ END $r->print(''); } # End of unless my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain); - if ($currentauth=~/^krb4:/) { - $currentauth=~/^krb4:(.*)/; + if ($currentauth=~/^krb(4|5):/) { + $currentauth=~/^krb(4|5):(.*)/; my $krbdefdom2=$1; my %param = ( formname => 'document.cu', kerb_def_dom => $krbdefdom @@ -337,7 +348,7 @@ END $loginscript = &Apache::loncommon::authform_header(%param); } # Check for a bad authentication type - unless ($currentauth=~/^krb4:/ or + unless ($currentauth=~/^krb(4|5):/ or $currentauth=~/^unix:/ or $currentauth=~/^internal:/ or $currentauth=~/^localauth:/ @@ -375,7 +386,7 @@ ENDBADAUTH } else { # Authentication type is valid my $authformcurrent=''; my $authform_other=''; - if ($currentauth=~/^krb4:/) { + if ($currentauth=~/^krb(4|5):/) { $authformcurrent=$authformkrb; $authform_other="

$authformint

\n". "

$authformfsys

$authformloc

"; @@ -426,7 +437,9 @@ ENDOTHERAUTHS # # Co-Author # - if (&Apache::lonnet::allowed('cca',$ENV{'request.role.domain'})) { + if (&authorpriv($ENV{'user.name'},$ENV{'request.role.domain'}) && + ($ENV{'user.name'} ne $ccuname || $ENV{'user.domain'} ne $ccdomain)) { + # No sense in assigning co-author role to yourself my $cuname=$ENV{'user.name'}; my $cudom=$ENV{'request.role.domain'}; $r->print(< The LearningOnline Network with CAPA - - ENDTHREEHEAD + my $title; + if (exists($ENV{'form.makeuser'})) { + $title='Set Privileges for New User'; + } else { + $title='Modify User Privileges'; + } + $r->print(&Apache::loncommon::bodytag($title)); # Check Inputs if (! $ENV{'form.ccuname'} ) { $r->print($error.'No login name specified.'.$end); @@ -534,7 +552,8 @@ ENDTHREEHEAD my $amode=''; my $genpwd=''; if ($ENV{'form.login'} eq 'krb') { - $amode='krb4'; + $amode='krb'; + $amode.=$ENV{'form.krbver'}; $genpwd=$ENV{'form.krbarg'}; } elsif ($ENV{'form.login'} eq 'int') { $amode='internal'; @@ -559,7 +578,6 @@ ENDTHREEHEAD if ($ENV{'form.makeuser'}) { # Create a new user $r->print(<Create User

Creating user "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"

ENDNEWUSERHEAD # Check for the authentication mode and password @@ -595,7 +613,6 @@ ENDNEWUSERHEAD ($ENV{'form.login'} ne '' )) { # Modify user privileges $r->print(<Change User Privileges

User "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"

ENDMODIFYUSERHEAD if (! $amode || ! $genpwd) {