loncom/interface/loncreateuser.pm - diff

Return to loncreateuser.pm CVS log

Up to [LON-CAPA] / loncom / interface

Diff for /loncom/interface/loncreateuser.pm between versions 1.10 and 1.70.2.1

-version 1.10, 2001/03/24 17:05:26
+version 1.70.2.1, 2004/01/19 23:09:07
  Line 1
- # The LearningOnline Network
+ # The LearningOnline Network with CAPA
  # Create a user
  #
- # (Create a course
+ # $Id$
- # (My Desk
  #
- # (Internal Server Error Handler
+ # Copyright Michigan State University Board of Trustees
  #
- # (Login Screen
+ # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
- # 5/21/99,5/22,5/25,5/26,5/31,6/2,6/10,7/12,7/14,
- # 1/14/00,5/29,5/30,6/1,6/29,7/1,11/9 Gerd Kortemeyer)
  #
- # 3/1/1 Gerd Kortemeyer)
+ # LON-CAPA is free software; you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+ # the Free Software Foundation; either version 2 of the License, or
+ # (at your option) any later version.
  #
- # 3/1 Gerd Kortemeyer)
+ # LON-CAPA is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ # GNU General Public License for more details.
  #
- # 2/14 Gerd Kortemeyer)
+ # You should have received a copy of the GNU General Public License
+ # along with LON-CAPA; if not, write to the Free Software
+ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  #
- # 2/14,2/17,2/19,2/20,2/21,2/22,2/23,3/2,3/17,3/24 Gerd Kortemeyer
+ # /home/httpd/html/adm/gpl.txt
  #
+ # http://www.lon-capa.org/
+ #
+ ###
  package Apache::loncreateuser;
+ =pod
+ =head1 NAME
+ Apache::loncreateuser - handler to create users and custom roles
+ =head1 SYNOPSIS
+ Apache::loncreateuser provides an Apache handler for creating users,
+     editing their login parameters, roles, and removing roles, and
+     also creating and assigning custom roles.
+ =head1 OVERVIEW
+ =head2 Custom Roles
+ In LON-CAPA, roles are actually collections of privileges. "Teaching
+ Assistant", "Course Coordinator", and other such roles are really just
+ collection of privileges that are useful in many circumstances.
+ Creating custom roles can be done by the Domain Coordinator through
+ the Create User functionality. That screen will show all privileges
+ that can be assigned to users. For a complete list of privileges,
+ please see C</home/httpd/lonTabs/rolesplain.tab>.
+ Custom role definitions are stored in the C<roles.db> file of the role
+ author.
+ =cut
  use strict;
  use Apache::Constants qw(:common :http);
  use Apache::lonnet;
+ use Apache::loncommon;
+ use Apache::lonlocal;
+ my $loginscript; # piece of javascript used in two separate instances
+ my $generalrule;
+ my $authformnop;
+ my $authformkrb;
+ my $authformint;
+ my $authformfsys;
+ my $authformloc;
+ BEGIN {
+     $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/;
+     my $krbdefdom=$1;
+     $krbdefdom=~tr/a-z/A-Z/;
+     my %param = ( formname => 'document.cu',
+                   kerb_def_dom => $krbdefdom
+                   );
+ # no longer static due to configurable kerberos defaults
+ #    $loginscript  = &Apache::loncommon::authform_header(%param);
+     $generalrule  = &Apache::loncommon::authform_authorwarning(%param);
+     $authformnop  = &Apache::loncommon::authform_nochange(%param);
+ # no longer static due to configurable kerberos defaults
+ #    $authformkrb  = &Apache::loncommon::authform_kerberos(%param);
+     $authformint  = &Apache::loncommon::authform_internal(%param);
+     $authformfsys = &Apache::loncommon::authform_filesystem(%param);
+     $authformloc  = &Apache::loncommon::authform_local(%param);
+ }
+ # ======================================================= Existing Custom Roles
+ sub my_custom_roles {
+     my %returnhash=();
+     my %rolehash=&Apache::lonnet::dump('roles');
+     foreach (keys %rolehash) {
+ 	if ($_=~/^rolesdef\_(\w+)$/) {
+ 	    $returnhash{$1}=$1;
+ 	}
+     }
+     return %returnhash;
+ }
+ # ==================================================== Figure out author access
+ sub authorpriv {
+     my ($auname,$audom)=@_;
+     if (($auname ne $ENV{'user.name'}) ||
+         (($audom ne $ENV{'user.domain'}) &&
+          ($audom ne $ENV{'request.role.domain'}))) { return ''; }
+     unless (&Apache::lonnet::allowed('cca',$audom)) { return ''; }
+     return 1;
+ }
  # =================================================================== Phase one
- sub phase_one {
+ sub print_username_entry_form {
      my $r=shift;
-     my $defdom=$ENV{'user.domain'};
+     my $defdom=$ENV{'request.role.domain'};
-     $r->print(<<ENDDOCUMENT);
+     my @domains = &Apache::loncommon::get_domains();
+     my $domform = &Apache::loncommon::select_dom_form($defdom,'ccdomain');
+     my $bodytag =&Apache::loncommon::bodytag(
+                                   'Create Users, Change User Privileges');
+     my $selscript=&Apache::loncommon::studentbrowser_javascript();
+     my $sellink=&Apache::loncommon::selectstudent_link
+                                         ('crtuser','ccuname','ccdomain');
+     my %existingroles=&my_custom_roles();
+     my $choice=&Apache::loncommon::select_form('make new role','rolename',
+ 		('make new role' => 'Generate new role ...',%existingroles));
+     $r->print(<<"ENDDOCUMENT");
  <html>
  <head>
  <title>The LearningOnline Network with CAPA</title>
+ $selscript
  </head>
- <body bgcolor="#FFFFFF">
+ $bodytag
- <h1>Create User, Change User Privileges</h1>
+ <form action="/adm/createuser" method="post" name="crtuser">
- <form action=/adm/createuser method=post>
+ <input type="hidden" name="phase" value="get_user_info">
- <input type=hidden name=phase value=two>
+ <h2>Set Individual User Roles</h2>
- Username: <input type=text size=15 name=ccuname><br>
+ <table>
- Domain: <input type=text size=15 name=ccdomain value=$defdom><p>
+ <tr><td>Username:</td><td><input type="text" size="15" name="ccuname">
- <input type=submit value="Continue">
+ </td><td rowspan="2">$sellink</td></tr><tr><td>
+ Domain:</td><td>$domform</td></tr>
+ </table>
+ <input name="userrole" type="submit" value="User Roles" />
  </form>
+ <form action="/adm/createuser" method="post" name="docustom">
+ <input type="hidden" name="phase" value="selected_custom_edit">
+ <h2>Edit Custom Role Privileges</h2>
+ Name of Role: $choice <input type="text" size="15" name="newrolename" /><br />
+ <input name="customeditor" type="submit" value="Custom Role Editor" />
  </body>
  </html>
  ENDDOCUMENT
  }
  # =================================================================== Phase two
+ sub print_user_modification_page {
- sub phase_two {
      my $r=shift;
      my $ccuname=$ENV{'form.ccuname'};
      my $ccdomain=$ENV{'form.ccdomain'};
-     $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/;
+     $ccuname=~s/\W//gs;
-     my $krbdefdom=$1;
+     $ccdomain=~s/\W//gs;
-     $krbdefdom=~tr/a-z/A-Z/;
+     unless (($ccuname) && ($ccdomain)) {
+ 	&print_username_entry_form($r);
+         return;
+     }
+     my $defdom=$ENV{'request.role.domain'};
+     my ($krbdef,$krbdefdom) =
+        &Apache::loncommon::get_kerberos_defaults($defdom);
-     my $defdom=$ENV{'user.domain'};
+     my %param = ( formname => 'document.cu',
+                   kerb_def_dom => $krbdefdom,
+                   kerb_def_auth => $krbdef
+                   );
+     $loginscript  = &Apache::loncommon::authform_header(%param);
+     $authformkrb  = &Apache::loncommon::authform_kerberos(%param);
      $ccuname=~s/\W//g;
      $ccdomain=~s/\W//g;
-     $r->print(<<ENDENHEAD);
+     my $pjump_def = &Apache::lonhtmlcommon::pjump_javascript_definition();
+     my $dochead =<<"ENDDOCHEAD";
  <html>
  <head>
  <title>The LearningOnline Network with CAPA</title>
- <script>
+ <script type="text/javascript" language="Javascript">
      function pclose() {
          parmwin=window.open("/adm/rat/empty.html","LONCAPAparms",
- Line 74  sub phase_two {
+ Line 199  sub phase_two {
          parmwin.close();
      }
-     function pjump(type,dis,value,marker,ret,call) {
+     $pjump_def
-         parmwin=window.open("/adm/rat/parameter.html?type="+escape(type)
-                  +"&value="+escape(value)+"&marker="+escape(marker)
-                  +"&return="+escape(ret)
-                  +"&call="+escape(call)+"&name="+escape(dis),"LONCAPAparms",
-                  "height=350,width=350,scrollbars=no,menubar=no");
-     }
      function dateset() {
          eval("document.cu."+document.cu.pres_marker.value+
- Line 91  sub phase_two {
+ Line 209  sub phase_two {
  </script>
  </head>
- <body bgcolor="#FFFFFF">
+ ENDDOCHEAD
- <img align=right src=/adm/lonIcons/lonlogos.gif>
+     $r->print(&Apache::loncommon::bodytag(
- <h1>Create User, Change User Privileges</h1>
+                                      'Create Users, Change User Privileges'));
- <form action=/adm/createuser method=post name=cu>
+     my $forminfo =<<"ENDFORMINFO";
- <input type=hidden name=phase value=three>
+ <form action="/adm/createuser" method="post" name="cu">
- <input type=hidden name=ccuname value=$ccuname>
+ <input type="hidden" name="phase"       value="update_user_data">
- <input type=hidden name=ccdomain value=$ccdomain>
+ <input type="hidden" name="ccuname"     value="$ccuname">
- <input type="hidden" value='' name="pres_value">
+ <input type="hidden" name="ccdomain"    value="$ccdomain">
- <input type="hidden" value='' name="pres_type">
+ <input type="hidden" name="pres_value"  value="" >
- <input type="hidden" value='' name="pres_marker">
+ <input type="hidden" name="pres_type"   value="" >
- <input type=hidden name=cuname value="$ccuname">
+ <input type="hidden" name="pres_marker" value="" >
- <input type=hidden name=cdomain value="$ccdomain">
+ ENDFORMINFO
- ENDENHEAD
      my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain);
      my %incdomains;
      my %inccourses;
-     $incdomains{$ENV{'user.domain'}}=1;
+     foreach (values(%Apache::lonnet::hostdom)) {
-     map {
+        $incdomains{$_}=1;
+     }
+     foreach (keys(%ENV)) {
  	if ($_=~/^user\.priv\.cm\.\/(\w+)\/(\w+)/) {
  	    $inccourses{$1.'_'.$2}=1;
          }
-     } %ENV;
+     }
      if ($uhome eq 'no_host') {
- 	$r->print(<<ENDNUSER);
+         my $home_server_list=
- <h2>New user $ccuname at $ccdomain</h2>
+             '<option value="default" selected>default</option>'."\n".
- <script>
+                 &Apache::loncommon::home_server_option_list($ccdomain);
- function setkrb(vf) {
-     if (vf.krbdom.value!='') {
+ 	$r->print(<<ENDNEWUSER);
-        vf.login[0].checked=true;
+ $dochead
-        vf.krbdom.value=vf.krbdom.value.toUpperCase();
+ <h1>Create New User</h1>
-        vf.intpwd.value='';
+ $forminfo
-    }
+ <h2>New user "$ccuname" in domain $ccdomain</h2>
- }
+ <script type="text/javascript" language="Javascript">
+ $loginscript
- function setint(vf) {
-     if (vf.intpwd.value!='') {
-        vf.login[1].checked=true;
-        vf.krbdom.value='';
-    }
- }
- function clickkrb(vf) {
-     vf.krbdom.value='$krbdefdom';
-     vf.intpwd.value='';
- }
- function clickint(vf) {
-     vf.krbdom.value='';
- }
  </script>
- <input type=hidden name=makeuser value=1>
+ <input type='hidden' name='makeuser' value='1' />
  <h3>Personal Data</h3>
- First Name: <input type=text name=cfirst size=15><br>
+ <p>
- Middle Name: <input type=text name=cmiddle size=15><br>
+ <table>
- Last Name: <input type=text name=clast size=15><br>
+ <tr><td>First Name  </td>
- Generation: <input type=text name=cgen size=5><p>
+     <td><input type='text' name='cfirst'  size='15' /></td></tr>
+ <tr><td>Middle Name </td>
- ID/Student Number: <input type=text name=cstid size=10><p>
+     <td><input type='text' name='cmiddle' size='15' /></td></tr>
+ <tr><td>Last Name   </td>
+     <td><input type='text' name='clast'   size='15' /></td></tr>
+ <tr><td>Generation  </td>
+     <td><input type='text' name='cgen'    size='5'  /></td></tr>
+ </table>
+ ID/Student Number <input type='text' name='cstid'   size='15' /></p>
+ Home Server: <select name="hserver" size="1"> $home_server_list </select>
+ <hr />
  <h3>Login Data</h3>
- <input type=radio name=login value=krb onClick="clickkrb(this.form);">
+ <p>$generalrule </p>
- Kerberos authenticated with domain
+ <p>$authformkrb </p>
- <input type=text size=10 name=krbdom onChange="setkrb(this.form);"><p>
+ <p>$authformint </p>
- <input type=radio name=login value=int onClick="clickint(this.form);">
+ <p>$authformfsys</p>
- Internally authenticated (with initial password
+ <p>$authformloc </p>
- <input type=text size=10 name=intpwd onChange="setint(this.form);">)
+ ENDNEWUSER
- ENDNUSER
+     } else { # user already exists
-     } else {
+ 	$r->print(<<ENDCHANGEUSER);
- 	$r->print('<h2>Existing user '.$ccuname.' at '.$ccdomain.'</h2>');
+ $dochead
+ <h1>Change User Privileges</h1>
-         my $rolesdump=&Apache::lonnet::reply(
+ $forminfo
-                                   "dump:$ccdomain:$ccuname:roles",$uhome);
+ <h2>User "$ccuname" in domain "$ccdomain"</h2>
-         unless ($rolesdump eq 'con_lost') {
+ ENDCHANGEUSER
+         # Get the users information
+         my %userenv = &Apache::lonnet::get('environment',
+                           ['firstname','middlename','lastname','generation'],
+                           $ccdomain,$ccuname);
+         my %rolesdump=&Apache::lonnet::dump('roles',$ccdomain,$ccuname);
+         $r->print(<<END);
+ <hr />
+ <table border="2">
+ <tr>
+ <th>first name</th><th>middle name</th><th>last name</th><th>generation</th>
+ </tr>
+ <tr>
+ END
+         foreach ('firstname','middlename','lastname','generation') {
+            if (&Apache::lonnet::allowed('mau',$ccdomain)) {
+               $r->print(<<"END");
+ <td><input type="text" name="c$_" value="$userenv{$_}" size="15" /></td>
+ END
+            } else {
+                $r->print('<td>'.$userenv{$_}.'</td>');
+            }
+         }
+         $r->print(<<END);
+ </tr>
+ </table>
+ END
+         # Build up table of user roles to allow revocation of a role.
+         my ($tmp) = keys(%rolesdump);
+         unless ($tmp =~ /^(con_lost|error)/i) {
             my $now=time;
-            $r->print('<h4>Revoke Existing Roles</h4>'.
+            $r->print(<<END);
-              '<table border=2><tr><th>Revoke</th><th>Role</th><th>Extent</th>'.
+ <hr />
- 		     '<th>Start</th><th>End</th>');
+ <h3>Revoke Existing Roles</h3>
-            map {
+ <table border=2>
-              if ($_!~/^rolesdef\&/) {
+ <tr><th>Revoke</th><th>Delete</th><th>Role</th><th>Extent</th><th>Start</th><th>End</th>
+ END
-               my ($area,$role)=split(/=/,$_);
+ 	   foreach my $area (sort { my $a1=join('_',(split('_',$a))[1,0]);
-               my $thisrole=$area;
+ 				    my $b1=join('_',(split('_',$b))[1,0]);
-               $area=~s/\_\w\w$//;
+ 				    return $a1 cmp $b1;
-               my ($trole,$tend,$tstart)=split(/_/,$role);
+ 				} keys(%rolesdump)) {
-               my $bgcol='ffffff';
+                next if ($area =~ /^rolesdef/);
-               my $allows=0;
+                my $role = $rolesdump{$area};
-               if ($area=~/^\/(\w+)\/(\d\w+)/) {
+                my $thisrole=$area;
-                  my %coursedata=&Apache::lonnet::coursedescription($1.'_'.$2);
+                $area =~ s/\_\w\w$//;
-                  my $carea='Course: '.$coursedata{'description'};
+                my ($role_code,$role_end_time,$role_start_time) =
-                  $inccourses{$1.'_'.$2}=1;
+                    split(/_/,$role);
-                  if (&Apache::lonnet::allowed('c'.$trole,$1.'/'.$2)) {
+ # Is this a custom role? Get role owner and title.
- 		     $allows=1;
+ 	       my ($croleudom,$croleuname,$croletitle)=
-                  }
+ 	           ($role_code=~/^cr\/(\w+)\/(\w+)\/(\w+)$/);
-                  $bgcol=$1.'_'.$2;
+                my $bgcol='ffffff';
-                  $bgcol=~s/[^8-9b-e]//g;
+                my $allowed=0;
-                  $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6);
+                my $delallowed=0;
-                  if ($area=~/^\/(\w+)\/(\d\w+)\/(\w+)/) {
+                if ($area =~ /^\/(\w+)\/(\d\w+)/ ) {
-                      $carea.='<br>Section/Group: '.$3;
+                    my ($coursedom,$coursedir) = ($1,$2);
- 		 }
+                    # $1.'_'.$2 is the course id (eg. 103_12345abcef103l3).
-                  $area=$carea;
+                    my %coursedata=
- 	      } else {
+                        &Apache::lonnet::coursedescription($1.'_'.$2);
-                  if ($area=~/^\/(\w+)\//) {
+ 		   my $carea;
- 		     $incdomains{$1}=1;
+ 		   if (defined($coursedata{'description'})) {
-                      if (&Apache::lonnet::allowed('c'.$trole,$1)) {
+ 		       $carea='Course: '.$coursedata{'description'}.
- 			 $allows=1;
+                            '<br />Domain: '.$coursedom.('&nbsp;'x8).
-                      }
+      &Apache::loncommon::syllabuswrapper('Syllabus',$coursedir,$coursedom);
-                  } else {
+ 		   } else {
-                      if (&Apache::lonnet::allowed('c'.$trole,'/')) {
+ 		       $carea='Unavailable course: '.$area;
- 			 $allows=1;
+ 		   }
-                      }
+                    $inccourses{$1.'_'.$2}=1;
-                  }
+                    if ((&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) ||
- 	      }
+                        (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) {
+                        $allowed=1;
-               my $active=1;
+                    }
-               if (($tend) && ($now>$tend)) { $active=0; }
+                    if ((&Apache::lonnet::allowed('dro',$1)) ||
+                        (&Apache::lonnet::allowed('dro',$ccdomain))) {
-               $r->print('<tr bgcolor=#'.$bgcol.'><td>');
+                        $delallowed=1;
-               if ($active) {
+                    }
-                   if ($allows) {
+ # - custom role. Needs more info, too
- 		     $r->print(
+ 		   if ($croletitle) {
-                              '<input type=checkbox name="rev:'.$thisrole.'">');
+ 		       if (&Apache::lonnet::allowed('ccr',$1.'/'.$2)) {
- 		 } else {
+ 			   $allowed=1;
-                      $r->print('&nbsp;');
+ 			   $thisrole.='.'.$role_code;
-                  }
+ 		       }
-               } else {
+ 		   }
-                   $r->print('&nbsp;');
+                    # Compute the background color based on $area
-               }
+                    $bgcol=$1.'_'.$2;
-               $r->print('</td><td>'.&Apache::lonnet::plaintext($trole).
+                    $bgcol=~s/[^7-9a-e]//g;
-                         '</td><td>'.$area.'</td><td>'.
+                    $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',2,6);
-                         ($tstart?localtime($tstart):'&nbsp;').'</td><td>'.
+                    if ($area=~/^\/(\w+)\/(\d\w+)\/(\w+)/) {
-                         ($tend?localtime($tend):'&nbsp;')."</td></tr>\n");
+                        $carea.='<br>Section/Group: '.$3;
- 	     }
+                    }
- 	   } split(/&/,$rolesdump);
+                    $area=$carea;
+                } else {
+                    # Determine if current user is able to revoke privileges
+                    if ($area=~ /^\/(\w+)\//) {
+                        if ((&Apache::lonnet::allowed('c'.$role_code,$1)) ||
+                        (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) {
+                            $allowed=1;
+                        }
+                        if (((&Apache::lonnet::allowed('dro',$1))  ||
+                             (&Apache::lonnet::allowed('dro',$ccdomain))) &&
+                            ($role_code ne 'dc')) {
+                            $delallowed=1;
+                        }
+                    } else {
+                        if (&Apache::lonnet::allowed('c'.$role_code,'/')) {
+                            $allowed=1;
+                        }
+                    }
+                }
+                if ($role_code eq 'ca') {
+                    $area=~/\/(\w+)\/(\w+)/;
+ 		   if (&authorpriv($2,$1)) {
+ 		       $allowed=1;
+                    } else {
+                        $allowed=0;
+                    }
+                }
+                my $row = '';
+                $row.='<tr bgcolor="#'.$bgcol.'"><td>';
+                my $active=1;
+                $active=0 if (($role_end_time) && ($now>$role_end_time));
+                if (($active) && ($allowed)) {
+                    $row.= '<input type="checkbox" name="rev:'.$thisrole.'">';
+                } else {
+                    if ($active) {
+                       $row.='&nbsp;';
+ 		   } else {
+                       $row.='expired or revoked';
+ 		   }
+                }
+ 	       $row.='</td><td>';
+                if ($delallowed) {
+                    $row.= '<input type="checkbox" name="del:'.$thisrole.'">';
+                } else {
+                    $row.='&nbsp;';
+                }
+ 	       my $plaintext='';
+ 	       unless ($croletitle) {
+ 		   $plaintext=&Apache::lonnet::plaintext($role_code);
+ 	       } else {
+ 	           $plaintext=
+ 		"Customrole '$croletitle' defined by $croleuname\@$croleudom";
+ 	       }
+                $row.= '</td><td>'.$plaintext.
+                       '</td><td>'.$area.
+                       '</td><td>'.($role_start_time?localtime($role_start_time)
+                                                    : '&nbsp;' ).
+                       '</td><td>'.($role_end_time  ?localtime($role_end_time)
+                                                    : '&nbsp;' )
+                       ."</td></tr>\n";
+                $r->print($row);
+            } # end of foreach        (table building loop)
  	   $r->print('</table>');
-          }
+         }  # End of unless
+ 	my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
+ 	if ($currentauth=~/^krb(4|5):/) {
+ 	    $currentauth=~/^krb(4|5):(.*)/;
+ 	    my $krbdefdom=$1;
+             my %param = ( formname => 'document.cu',
+                           kerb_def_dom => $krbdefdom
+                           );
+             $loginscript  = &Apache::loncommon::authform_header(%param);
+ 	}
+ 	# Check for a bad authentication type
+         unless ($currentauth=~/^krb(4|5):/ or
+ 		$currentauth=~/^unix:/ or
+ 		$currentauth=~/^internal:/ or
+ 		$currentauth=~/^localauth:/
+ 		) { # bad authentication scheme
+ 	    if (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'})) {
+ 		$r->print(<<ENDBADAUTH);
+ <hr />
+ <script type="text/javascript" language="Javascript">
+ $loginscript
+ </script>
+ <font color='#ff0000'>ERROR:</font>
+ This user has an unrecognized authentication scheme ($currentauth).
+ Please specify login data below.
+ <h3>Login Data</h3>
+ <p>$generalrule</p>
+ <p>$authformkrb</p>
+ <p>$authformint</p>
+ <p>$authformfsys</p>
+ <p>$authformloc</p>
+ ENDBADAUTH
+             } else {
+                 # This user is not allowed to modify the users
+                 # authentication scheme, so just notify them of the problem
+ 		$r->print(<<ENDBADAUTH);
+ <hr />
+ <script type="text/javascript" language="Javascript">
+ $loginscript
+ </script>
+ <font color="#ff0000"> ERROR: </font>
+ This user has an unrecognized authentication scheme ($currentauth).
+ Please alert a domain coordinator of this situation.
+ <hr />
+ ENDBADAUTH
+             }
+         } else { # Authentication type is valid
+ 	    my $authformcurrent='';
+ 	    my $authform_other='';
+ 	    if ($currentauth=~/^krb(4|5):/) {
+ 		$authformcurrent=$authformkrb;
+ 		$authform_other="<p>$authformint</p>\n".
+                     "<p>$authformfsys</p><p>$authformloc</p>";
+ 	    }
+ 	    elsif ($currentauth=~/^internal:/) {
+ 		$authformcurrent=$authformint;
+ 		$authform_other="<p>$authformkrb</p>".
+                     "<p>$authformfsys</p><p>$authformloc</p>";
+ 	    }
+ 	    elsif ($currentauth=~/^unix:/) {
+ 		$authformcurrent=$authformfsys;
+ 		$authform_other="<p>$authformkrb</p>".
+                     "<p>$authformint</p><p>$authformloc;</p>";
+ 	    }
+ 	    elsif ($currentauth=~/^localauth:/) {
+ 		$authformcurrent=$authformloc;
+ 		$authform_other="<p>$authformkrb</p>".
+                     "<p>$authformint</p><p>$authformfsys</p>";
+ 	    }
+             $authformcurrent.=' <i>(will override current values)</i><br />';
+             if (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'})) {
+ 		# Current user has login modification privileges
+ 		$r->print(<<ENDOTHERAUTHS);
+ <hr />
+ <script type="text/javascript" language="Javascript">
+ $loginscript
+ </script>
+ <h3>Change Current Login Data</h3>
+ <p>$generalrule</p>
+ <p>$authformnop</p>
+ <p>$authformcurrent</p>
+ <h3>Enter New Login Data</h3>
+ $authform_other
+ ENDOTHERAUTHS
+             }
+         }  ## End of "check for bad authentication type" logic
+     } ## End of new user/old user logic
+     $r->print('<hr /><h3>Add Roles</h3>');
+ #
+ # Co-Author
+ #
+     if (&authorpriv($ENV{'user.name'},$ENV{'request.role.domain'}) &&
+         ($ENV{'user.name'} ne $ccuname || $ENV{'user.domain'} ne $ccdomain)) {
+         # No sense in assigning co-author role to yourself
+ 	my $cuname=$ENV{'user.name'};
+         my $cudom=$ENV{'request.role.domain'};
+        $r->print(<<ENDCOAUTH);
+ <h4>Construction Space</h4>
+ <table border=2><tr><th>Activate</th><th>Role</th><th>Extent</th>
+ <th>Start</th><th>End</th></tr>
+ <tr>
+ <td><input type=checkbox name="act_$cudom\_$cuname\_ca"></td>
+ <td>Co-Author</td>
+ <td>$cudom\_$cuname</td>
+ <td><input type=hidden name="start_$cudom\_$cuname\_ca" value=''>
+ <a href=
+ "javascript:pjump('date_start','Start Date Co-Author',document.cu.start_$cudom\_$cuname\_ca.value,'start_$cudom\_$cuname\_ca','cu.pres','dateset')">Set Start Date</a></td>
+ <td><input type=hidden name="end_$cudom\_$cuname\_ca" value=''>
+ <a href=
+ "javascript:pjump('date_end','End Date Co-Author',document.cu.end_$cudom\_$cuname\_ca.value,'end_$cudom\_$cuname\_ca','cu.pres','dateset')">Set End Date</a></td>
+ </tr>
+ </table>
+ ENDCOAUTH
      }
-     $r->print('<hr><h3>Add Roles</h3><h4>System Level</h4>');
  #
  # Domain level
  #
      $r->print('<h4>Domain Level</h4>'.
      '<table border=2><tr><th>Activate</th><th>Role</th><th>Extent</th>'.
      '<th>Start</th><th>End</th></tr>');
-     map {
+     foreach ( sort( keys(%incdomains))) {
  	my $thisdomain=$_;
-         map {
+         foreach ('dc','li','dg','au','sc') {
              if (&Apache::lonnet::allowed('c'.$_,$thisdomain)) {
                 my $plrole=&Apache::lonnet::plaintext($_);
                 $r->print(<<ENDDROW);
- Line 254  ENDNUSER
+ Line 565  ENDNUSER
  </tr>
  ENDDROW
              }
-         } ('dc','cc','li','dg','au');
+         }
-     } sort keys %incdomains;
+     }
      $r->print('</table>');
  #
  # Course level
  #
-     $r->print('<h4>Course Level</h4>'.
+     $r->print(&course_level_table(%inccourses));
-     '<table border=2><tr><th>Activate</th><th>Role</th><th>Extent</th>'.
+     $r->print("<hr /><input type=submit value=\"Modify User\">\n");
-     '<th>Group/Section</th><th>Start</th><th>End</th></tr>');
+     $r->print("</form></body></html>");
-     map {
- 	my $thiscourse=$_;
-         my %coursedata=&Apache::lonnet::coursedescription($thiscourse);
-         my $area=$coursedata{'description'};
-         my $bgcol=$thiscourse;
-         $bgcol=~s/[^8-9b-e]//g;
-         $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6);
-         map {
-             if (&Apache::lonnet::allowed('c'.$_,$thiscourse)) {
-                my $plrole=&Apache::lonnet::plaintext($_);
-                $r->print(<<ENDROW);
- <tr bgcolor=#$bgcol>
- <td><input type=checkbox name="act_$thiscourse\_$_"></td>
- <td>$plrole</td>
- <td>$area</td>
- <td><input type=text size=5 name="sec_$thiscourse\_$_"></td>
- <td><input type=hidden name="start_$thiscourse\_$_" value=''>
- <a href=
- "javascript:pjump('date_start','Start Date $plrole',document.cu.start_$thiscourse\_$_.value,'start_$thiscourse\_$_','cu.pres','dateset')">Set Start Date</a></td>
- <td><input type=hidden name="end_$thiscourse\_$_" value=''>
- <a href=
- "javascript:pjump('date_end','End Date $plrole',document.cu.end_$thiscourse\_$_.value,'end_$thiscourse\_$_','cu.pres','dateset')">Set End Date</a></td>
- </tr>
- ENDROW
-             }
-         } ('st','ta','ep','ad','in');
-     } sort keys %inccourses;
-     $r->print('</table>');
-     $r->print('<input type=submit value="Modify User">');
-     $r->print('</form></body></html>');
  }
  # ================================================================= Phase Three
+ sub update_user_data {
- sub phase_three {
      my $r=shift;
+     my $uhome=&Apache::lonnet::homeserver($ENV{'form.ccuname'},
+                                           $ENV{'form.ccdomain'});
+     # Error messages
+     my $error     = '<font color="#ff0000">Error:</font>';
+     my $end       = '</body></html>';
+     # Print header
      $r->print(<<ENDTHREEHEAD);
  <html>
  <head>
  <title>The LearningOnline Network with CAPA</title>
  </head>
- <body bgcolor="#FFFFFF">
- <img align=right src=/adm/lonIcons/lonlogos.gif>
- <h1>Create User, Change User Privileges</h1>
  ENDTHREEHEAD
-    $r->print('<h2>'.$ENV{'form.cuname'}.' at '.$ENV{'form.cdomain'}.'</h2>');
+     my $title;
-    if ($ENV{'form.makeuser'}) {
+     if (exists($ENV{'form.makeuser'})) {
-     $r->print('<h3>Creating User</h3>');
+ 	$title='Set Privileges for New User';
-     if (($ENV{'form.cuname'})&&($ENV{'form.cuname'}!~/\W/)&&
+     } else {
-         ($ENV{'form.cdomain'})&&($ENV{'form.cdomain'}!~/\W/)) {
+         $title='Modify User Privileges';
- 	my $amode='';
+     }
-         my $genpwd='';
+     $r->print(&Apache::loncommon::bodytag($title));
-         if ($ENV{'form.login'} eq 'krb') {
+     # Check Inputs
-            $amode='krb4';
+     if (! $ENV{'form.ccuname'} ) {
-            $genpwd=$ENV{'form.krbdom'};
+ 	$r->print($error.'No login name specified.'.$end);
-         } elsif ($ENV{'form.login'} eq 'int') {
+ 	return;
-            $amode='internal';
+     }
-            $genpwd=$ENV{'form.intpwd'};
+     if (  $ENV{'form.ccuname'}  =~/\W/) {
+ 	$r->print($error.'Invalid login name.  '.
+ 		  'Only letters, numbers, and underscores are valid.'.
+ 		  $end);
+ 	return;
+     }
+     if (! $ENV{'form.ccdomain'}       ) {
+ 	$r->print($error.'No domain specified.'.$end);
+ 	return;
+     }
+     if (  $ENV{'form.ccdomain'} =~/\W/) {
+ 	$r->print($error.'Invalid domain name.  '.
+ 		  'Only letters, numbers, and underscores are valid.'.
+ 		  $end);
+ 	return;
+     }
+     if (! exists($ENV{'form.makeuser'})) {
+         # Modifying an existing user, so check the validity of the name
+         if ($uhome eq 'no_host') {
+             $r->print($error.'Unable to determine home server for '.
+                       $ENV{'form.ccuname'}.' in domain '.
+                       $ENV{'form.ccdomain'}.'.');
+             return;
          }
-         if (($amode) && ($genpwd)) {
+     }
-           $r->print('Generating user: '.&Apache::lonnet::modifyuser(
+     # Determine authentication method and password for the user being modified
-                       $ENV{'form.cdomain'},$ENV{'form.cuname'},
+     my $amode='';
-                       $ENV{'form.cstid'},$amode,$genpwd,
+     my $genpwd='';
-  	              $ENV{'form.cfirst'},$ENV{'form.cmiddle'},
+     if ($ENV{'form.login'} eq 'krb') {
-                       $ENV{'form.clast'},$ENV{'form.cgen'}));
+ 	$amode='krb';
-           $r->print('<br>Home server: '.&Apache::lonnet::homeserver
+ 	$amode.=$ENV{'form.krbver'};
-                       ($ENV{'form.cuname'},$ENV{'form.cdomain'}));
+ 	$genpwd=$ENV{'form.krbarg'};
+     } elsif ($ENV{'form.login'} eq 'int') {
- 	} else {
+ 	$amode='internal';
-            $r->print('Invalid login mode or password');
+ 	$genpwd=$ENV{'form.intarg'};
-         }
+     } elsif ($ENV{'form.login'} eq 'fsys') {
+ 	$amode='unix';
+ 	$genpwd=$ENV{'form.fsysarg'};
+     } elsif ($ENV{'form.login'} eq 'loc') {
+ 	$amode='localauth';
+ 	$genpwd=$ENV{'form.locarg'};
+ 	$genpwd=" " if (!$genpwd);
+     } elsif (($ENV{'form.login'} eq 'nochange') ||
+              ($ENV{'form.login'} eq ''        )) {
+         # There is no need to tell the user we did not change what they
+         # did not ask us to change.
+         # If they are creating a new user but have not specified login
+         # information this will be caught below.
      } else {
-         $r->print('Invalid username or domain');
+ 	    $r->print($error.'Invalid login mode or password'.$end);
+ 	    return;
      }
-    }
+     if ($ENV{'form.makeuser'}) {
-     my $now=time;
+         # Create a new user
-     $r->print('<h3>Modifying Roles</h3>');
+ 	$r->print(<<ENDNEWUSERHEAD);
-     map {
+ <h3>Creating user "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"</h3>
- 	if (($_=~/^form\.rev\:([^\_]+)\_([^\_]+)$/) && ($ENV{$_})) {
+ ENDNEWUSERHEAD
-            $r->print('Revoking '.$2.' in '.$1.': '.
+         # Check for the authentication mode and password
-           &Apache::lonnet::assignrole($ENV{'form.cdomain'},$ENV{'form.cuname'},
+         if (! $amode || ! $genpwd) {
-                                       $1,$2,$now).'<br>');
+ 	    $r->print($error.'Invalid login mode or password'.$end);
- 	}
+ 	    return;
-     } keys %ENV;
+ 	}
-     map {
+         # Determine desired host
- 	if (($_=~/^form\.act\_([^\_]+)\_([^\_]+)\_([^\_]+)$/) && ($ENV{$_})) {
+         my $desiredhost = $ENV{'form.hserver'};
-             my $url='/'.$1.'/'.$2;
+         if (lc($desiredhost) eq 'default') {
-             if ($ENV{'form.sec_'.$1.'_'.$2.'_'.$3}) {
+             $desiredhost = undef;
- 		$url.='/'.$ENV{'form.sec_'.$1.'_'.$2.'_'.$3};
+         } else {
-             }
+             my %home_servers = &Apache::loncommon::get_library_servers
-             my $start=$now;
+                 ($ENV{'form.ccdomain'});
-             if ($ENV{'form.start_'.$1.'_'.$2.'_'.$3}) {
+             if (! exists($home_servers{$desiredhost})) {
- 		$start=$ENV{'form.start_'.$1.'_'.$2.'_'.$3};
+                 $r->print($error.'Invalid home server specified');
+                 return;
              }
-             my $end=0;
+         }
-             if ($ENV{'form.end_'.$1.'_'.$2.'_'.$3}) {
+ 	# Call modifyuser
- 		$end=$ENV{'form.end_'.$1.'_'.$2.'_'.$3};
+ 	my $result = &Apache::lonnet::modifyuser
+ 	    ($ENV{'form.ccdomain'},$ENV{'form.ccuname'},$ENV{'form.cstid'},
+              $amode,$genpwd,$ENV{'form.cfirst'},
+              $ENV{'form.cmiddle'},$ENV{'form.clast'},$ENV{'form.cgen'},
+              undef,$desiredhost
+ 	     );
+ 	$r->print('Generating user: '.$result);
+         my $home = &Apache::lonnet::homeserver($ENV{'form.ccuname'},
+                                                $ENV{'form.ccdomain'});
+         $r->print('<br />Home server: '.$home.' '.
+                   $Apache::lonnet::libserv{$home});
+     } elsif (($ENV{'form.login'} ne 'nochange') &&
+              ($ENV{'form.login'} ne ''        )) {
+ 	# Modify user privileges
+ 	$r->print(<<ENDMODIFYUSERHEAD);
+ <h2>User "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"</h2>
+ ENDMODIFYUSERHEAD
+         if (! $amode || ! $genpwd) {
+ 	    $r->print($error.'Invalid login mode or password'.$end);
+ 	    return;
+ 	}
+ 	# Only allow authentification modification if the person has authority
+ 	if (&Apache::lonnet::allowed('mau',$ENV{'form.ccdomain'})) {
+ 	    $r->print('Modifying authentication: '.
+                       &Apache::lonnet::modifyuserauth(
+ 		       $ENV{'form.ccdomain'},$ENV{'form.ccuname'},
+                        $amode,$genpwd));
+             $r->print('<br>Home server: '.&Apache::lonnet::homeserver
+ 		  ($ENV{'form.ccuname'},$ENV{'form.ccdomain'}));
+ 	} else {
+ 	    # Okay, this is a non-fatal error.
+ 	    $r->print($error.'You do not have the authority to modify '.
+ 		      'this users authentification information.');
+ 	}
+     }
+     ##
+     if (! $ENV{'form.makeuser'} ) {
+         # Check for need to change
+         my %userenv = &Apache::lonnet::get
+             ('environment',['firstname','middlename','lastname','generation'],
+              $ENV{'form.ccdomain'},$ENV{'form.ccuname'});
+         my ($tmp) = keys(%userenv);
+         if ($tmp =~ /^(con_lost|error)/i) {
+             %userenv = ();
+         }
+         # Check to see if we need to change user information
+         foreach ('firstname','middlename','lastname','generation') {
+             # Strip leading and trailing whitespace
+             $ENV{'form.c'.$_} =~ s/(\s+$|^\s+)//g;
+         }
+         if (&Apache::lonnet::allowed('mau',$ENV{'form.ccdomain'}) &&
+             ($ENV{'form.cfirstname'}  ne $userenv{'firstname'}  ||
+              $ENV{'form.cmiddlename'} ne $userenv{'middlename'} ||
+              $ENV{'form.clastname'}   ne $userenv{'lastname'}   ||
+              $ENV{'form.cgeneration'} ne $userenv{'generation'} )) {
+             # Make the change
+             my %changeHash;
+             $changeHash{'firstname'}  = $ENV{'form.cfirstname'};
+             $changeHash{'middlename'} = $ENV{'form.cmiddlename'};
+             $changeHash{'lastname'}   = $ENV{'form.clastname'};
+             $changeHash{'generation'} = $ENV{'form.cgeneration'};
+             my $putresult = &Apache::lonnet::put
+                 ('environment',\%changeHash,
+                  $ENV{'form.ccdomain'},$ENV{'form.ccuname'});
+             if ($putresult eq 'ok') {
+             # Tell the user we changed the name
+                 $r->print(<<"END");
+ <table border="2">
+ <caption>User Information Changed</caption>
+ <tr><th>&nbsp;</th>
+     <th>first</th>
+     <th>middle</th>
+     <th>last</th>
+     <th>generation</th></tr>
+ <tr><td>Previous</td>
+     <td>$userenv{'firstname'}  </td>
+     <td>$userenv{'middlename'} </td>
+     <td>$userenv{'lastname'}   </td>
+     <td>$userenv{'generation'} </td></tr>
+ <tr><td>Changed To</td>
+     <td>$ENV{'form.cfirstname'}  </td>
+     <td>$ENV{'form.cmiddlename'} </td>
+     <td>$ENV{'form.clastname'}   </td>
+     <td>$ENV{'form.cgeneration'} </td></tr>
+ </table>
+ END
+             } else { # error occurred
+                 $r->print("<h2>Unable to successfully change environment for ".
+                       $ENV{'form.ccuname'}." in domain ".
+                       $ENV{'form.ccdomain'}."</h2>");
              }
-             $r->print('Assigning: '.$3.' in '.$url.': '.
+         }  else { # End of if ($ENV ... ) logic
-           &Apache::lonnet::assignrole($ENV{'form.cdomain'},$ENV{'form.cuname'},
+             # They did not want to change the users name but we can
-                                       $url,$3,$end,$start).'<br>');
+             # still tell them what the name is
-             if ($3 eq 'st') {
+                 $r->print(<<"END");
- 		my $cid=$url;
+ <h2>User "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"</h2>
-                 $cid=~s/^\///;
+ <h4>$userenv{'firstname'} $userenv{'middlename'} $userenv{'lastname'} </h4>
-                 $cid=~s/\//\_/g;
+ <h4>Generation: $userenv{'generation'}</h4>
-                $r->print('Add to classlist: '.
+ END
-           &Apache::lonnet::critical('put:'.$ENV{'course.'.$cid.'.domain'}.':'.
+         }
- 	              $ENV{'course.'.$cid.'.num'}.':classlist:'.
+     }
-                       &Apache::lonnet::escape($ENV{'form.cuname'}.':'.
+     ##
-                                               $ENV{'form.cdomain'}).'='.
+     my $now=time;
-                       &Apache::lonnet::escape($end.':'.$start),
+     $r->print('<h3>Modifying Roles</h3>');
- 	              $ENV{'course.'.$cid.'.home'}).'<br>');
+     foreach (keys (%ENV)) {
+ 	next if (! $ENV{$_});
+ 	# Revoke roles
+ 	if ($_=~/^form\.rev/) {
+ 	    if ($_=~/^form\.rev\:([^\_]+)\_([^\_\.]+)$/) {
+ # Revoke standard role
+ 	        $r->print('Revoking '.$2.' in '.$1.': <b>'.
+                      &Apache::lonnet::revokerole($ENV{'form.ccdomain'},
+                      $ENV{'form.ccuname'},$1,$2).'</b><br>');
+ 		if ($2 eq 'st') {
+ 		    $1=~/^\/(\w+)\/(\w+)/;
+ 		    my $cid=$1.'_'.$2;
+ 		    $r->print('Drop from classlist: <b>'.
+ 			 &Apache::lonnet::critical('put:'.
+                              $ENV{'course.'.$cid.'.domain'}.':'.
+ 	                     $ENV{'course.'.$cid.'.num'}.':classlist:'.
+                          &Apache::lonnet::escape($ENV{'form.ccuname'}.':'.
+                              $ENV{'form.ccdomain'}).'='.
+                          &Apache::lonnet::escape($now.':'),
+ 	                     $ENV{'course.'.$cid.'.home'}).'</b><br>');
+ 		}
+ 	    }
+ 	    if ($_=~/^form\.rev\:([^\_]+)\_cr\.cr\/(\w+)\/(\w+)\/(\w+)$/) {
+ # Revoke custom role
+ 		$r->print(
+                 'Revoking custom role '.$4.' by '.$3.'@'.$2.' in '.$1.': <b>'.
+ &Apache::lonnet::revokecustomrole($ENV{'form.ccdomain'},
+ 				  $ENV{'form.ccuname'},$1,$2,$3,$4).
+ 		'</b><br>');
  	    }
- 	} elsif (($_=~/^form\.act\_([^\_]+)\_([^\_]+)$/) && ($ENV{$_})) {
+ 	} elsif ($_=~/^form\.del/) {
-             my $url='/'.$1.'/';
+ 	    if ($_=~/^form\.del\:([^\_]+)\_([^\_]+)$/) {
-             my $start=$now;
+ 	        $r->print('Deleting '.$2.' in '.$1.': '.
-             if ($ENV{'form.start_'.$1.'_'.$2}) {
+                      &Apache::lonnet::assignrole($ENV{'form.ccdomain'},
- 		$start=$ENV{'form.start_'.$1.'_'.$2};
+                      $ENV{'form.ccuname'},$1,$2,$now,0,1).'<br>');
-             }
+ 		if ($2 eq 'st') {
-             my $end=0;
+ 		    $1=~/^\/(\w+)\/(\w+)/;
-             if ($ENV{'form.end_'.$1.'_'.$2}) {
+ 		    my $cid=$1.'_'.$2;
- 		$end=$ENV{'form.end_'.$1.'_'.$2};
+ 		    $r->print('Drop from classlist: <b>'.
+ 			 &Apache::lonnet::critical('put:'.
+                              $ENV{'course.'.$cid.'.domain'}.':'.
+ 	                     $ENV{'course.'.$cid.'.num'}.':classlist:'.
+                          &Apache::lonnet::escape($ENV{'form.ccuname'}.':'.
+                              $ENV{'form.ccdomain'}).'='.
+                          &Apache::lonnet::escape($now.':'),
+ 	                     $ENV{'course.'.$cid.'.home'}).'</b><br>');
+ 		}
+ 	    }
+ 	} elsif ($_=~/^form\.act/) {
+ 	    if
+ ($_=~/^form\.act\_([^\_]+)\_([^\_]+)\_cr_cr_([^\_]+)_(\w+)_([^\_]+)$/) {
+                 # Activate a custom role
+ 		my $url='/'.$1.'/'.$2;
+ 		my $full=$1.'_'.$2.'_cr_cr_'.$3.'_'.$4.'_'.$5;
+ 		if ($ENV{'form.sec_'.$full}) {
+ 		    $url.='/'.$ENV{'form.sec_'.$full};
+ 		}
+ 		my $start = ( $ENV{'form.start_'.$full} ?
+ 			      $ENV{'form.start_'.$full} :
+ 			      $now );
+ 		my $end   = ( $ENV{'form.end_'.$full} ?
+ 			      $ENV{'form.end_'.$full} :
+);
+     $r->print('Assigning custom role "'.$5.'" by '.$4.'@'.$3.' in '.$url.
+                          ($start?', starting '.localtime($start):'').
+                          ($end?', ending '.localtime($end):'').': <b>'.
+ 	      &Apache::lonnet::assigncustomrole(
+ 	$ENV{'form.ccdomain'},$ENV{'form.ccuname'},$url,$3,$4,$5,$end,$start).
+ 	      '</b><br>');
+ 	    } elsif ($_=~/^form\.act\_([^\_]+)\_([^\_]+)\_([^\_]+)$/) {
+ 		# Activate roles for sections with 3 id numbers
+ 		# set start, end times, and the url for the class
+ 		my $start = ( $ENV{'form.start_'.$1.'_'.$2.'_'.$3} ?
+ 			      $ENV{'form.start_'.$1.'_'.$2.'_'.$3} :
+ 			      $now );
+ 		my $end   = ( $ENV{'form.end_'.$1.'_'.$2.'_'.$3} ?
+ 			      $ENV{'form.end_'.$1.'_'.$2.'_'.$3} :
+);
+ 		my $url='/'.$1.'/'.$2;
+ 		if ($ENV{'form.sec_'.$1.'_'.$2.'_'.$3}) {
+ 		    $url.='/'.$ENV{'form.sec_'.$1.'_'.$2.'_'.$3};
+ 		}
+ 		# Assign the role and report it
+ 		$r->print('Assigning '.$3.' in '.$url.
+                          ($start?', starting '.localtime($start):'').
+                          ($end?', ending '.localtime($end):'').': <b>'.
+                           &Apache::lonnet::assignrole(
+                               $ENV{'form.ccdomain'},$ENV{'form.ccuname'},
+                               $url,$3,$end,$start).
+ 			  '</b><br>');
+ 		# Handle students differently
+ 		if ($3 eq 'st') {
+ 		    $url=~/^\/(\w+)\/(\w+)/;
+ 		    my $cid=$1.'_'.$2;
+ 		    $r->print('Add to classlist: <b>'.
+ 			      &Apache::lonnet::critical(
+ 				  'put:'.$ENV{'course.'.$cid.'.domain'}.':'.
+ 	                           $ENV{'course.'.$cid.'.num'}.':classlist:'.
+                                    &Apache::lonnet::escape(
+                                        $ENV{'form.ccuname'}.':'.
+                                        $ENV{'form.ccdomain'} ).'='.
+                                    &Apache::lonnet::escape($end.':'.$start),
+ 				       $ENV{'course.'.$cid.'.home'})
+ 			      .'</b><br>');
+ 		}
+ 	    } elsif ($_=~/^form\.act\_([^\_]+)\_([^\_]+)$/) {
+ 		# Activate roles for sections with two id numbers
+ 		# set start, end times, and the url for the class
+ 		my $start = ( $ENV{'form.start_'.$1.'_'.$2} ?
+ 			      $ENV{'form.start_'.$1.'_'.$2} :
+ 			      $now );
+ 		my $end   = ( $ENV{'form.end_'.$1.'_'.$2} ?
+ 			      $ENV{'form.end_'.$1.'_'.$2} :
+);
+ 		my $url='/'.$1.'/';
+ 		# Assign the role and report it.
+ 		$r->print('Assigning '.$2.' in '.$url.': '.
+                          ($start?', starting '.localtime($start):'').
+                          ($end?', ending '.localtime($end):'').': <b>'.
+                           &Apache::lonnet::assignrole(
+                               $ENV{'form.ccdomain'},$ENV{'form.ccuname'},
+                               $url,$2,$end,$start)
+ 			  .'</b><br>');
+ 	    } else {
+ 		$r->print('<p>ERROR: Unknown command <tt>'.$_.'</tt></p><br>');
              }
-             $r->print('Assigning: '.$2.' in '.$url.': '.
+ 	}
-           &Apache::lonnet::assignrole($ENV{'form.cdomain'},$ENV{'form.cuname'},
+     } # End of foreach (keys(%ENV))
-                                       $url,$2,$end,$start).'<br>');
+ # Flush the course logs so reverse user roles immediately updated
-         }
+     &Apache::lonnet::flushcourselogs();
-     } keys %ENV;
+     $r->print('</body></html>');
+ }
+ # ========================================================== Custom Role Editor
+ sub custom_role_editor {
+     my $r=shift;
+     my $rolename=$ENV{'form.rolename'};
+     if ($rolename eq 'make new role') {
+ 	$rolename=$ENV{'form.newrolename'};
+     }
+     $rolename=~s/[^A-Za-z0-9]//gs;
+     unless ($rolename) {
+ 	&print_username_entry_form($r);
+         return;
+     }
+     $r->print(&Apache::loncommon::bodytag(
+                      'Create Users, Change User Privileges').'<h2>');
+     my $syspriv='';
+     my $dompriv='';
+     my $coursepriv='';
+     my ($rdummy,$roledef)=
+ 			 &Apache::lonnet::get('roles',["rolesdef_$rolename"]);
+ # ------------------------------------------------------- Does this role exist?
+     if (($rdummy ne 'con_lost') && ($roledef ne '')) {
+ 	$r->print('Existing Role "');
+ # ------------------------------------------------- Get current role privileges
+ 	($syspriv,$dompriv,$coursepriv)=split(/\_/,$roledef);
+     } else {
+ 	$r->print('New Role "');
+ 	$roledef='';
+     }
+     $r->print($rolename.'"</h2>');
+ # ------------------------------------------------------- What can be assigned?
+     my %full=();
+     my %courselevel=();
+     my %courselevelcurrent=();
+     foreach (split(/\:/,$Apache::lonnet::pr{'cr:c'})) {
+ 	my ($priv,$restrict)=split(/\&/,$_);
+         unless ($restrict) { $restrict='F'; }
+         $courselevel{$priv}=$restrict;
+         if ($coursepriv=~/\:$priv/) {
+ 	    $courselevelcurrent{$priv}=1;
+ 	}
+ 	$full{$priv}=1;
+     }
+     my %domainlevel=();
+     my %domainlevelcurrent=();
+     foreach (split(/\:/,$Apache::lonnet::pr{'cr:d'})) {
+ 	my ($priv,$restrict)=split(/\&/,$_);
+         unless ($restrict) { $restrict='F'; }
+         $domainlevel{$priv}=$restrict;
+         if ($dompriv=~/\:$priv/) {
+ 	    $domainlevelcurrent{$priv}=1;
+ 	}
+ 	$full{$priv}=1;
+     }
+     my %systemlevel=();
+     my %systemlevelcurrent=();
+     foreach (split(/\:/,$Apache::lonnet::pr{'cr:s'})) {
+ 	my ($priv,$restrict)=split(/\&/,$_);
+         unless ($restrict) { $restrict='F'; }
+         $systemlevel{$priv}=$restrict;
+         if ($syspriv=~/\:$priv/) {
+ 	    $systemlevelcurrent{$priv}=1;
+ 	}
+ 	$full{$priv}=1;
+     }
+     $r->print(<<ENDCCF);
+ <form method="post">
+ <input type="hidden" name="phase" value="set_custom_roles" />
+ <input type="hidden" name="rolename" value="$rolename" />
+ <table border="2">
+ <tr><th>Privilege</th><th>Course Level</th><th>Domain Level</th>
+ <th>System Level</th></tr>
+ ENDCCF
+     foreach (sort keys %full) {
+ 	$r->print('<tr><td>'.&Apache::lonnet::plaintext($_).'</td><td>'.
+     ($courselevel{$_}?'<input type="checkbox" name="'.$_.':c" '.
+     ($courselevelcurrent{$_}?'checked="1"':'').' />':'&nbsp;').
+     '</td><td>'.
+     ($domainlevel{$_}?'<input type="checkbox" name="'.$_.':d" '.
+     ($domainlevelcurrent{$_}?'checked="1"':'').' />':'&nbsp;').
+     '</td><td>'.
+     ($systemlevel{$_}?'<input type="checkbox" name="'.$_.':s" '.
+     ($systemlevelcurrent{$_}?'checked="1"':'').' />':'&nbsp;').
+     '</td></tr>');
+     }
+     $r->print(
+    '<table><input type="submit" value="Define Role" /></form></body></html>');
+ }
+ # ---------------------------------------------------------- Call to definerole
+ sub set_custom_role {
+     my $r=shift;
+     my $rolename=$ENV{'form.rolename'};
+     $rolename=~s/[^A-Za-z0-9]//gs;
+     unless ($rolename) {
+ 	&print_username_entry_form($r);
+         return;
+     }
+     $r->print(&Apache::loncommon::bodytag(
+                      'Create Users, Change User Privileges').'<h2>');
+     my ($rdummy,$roledef)=
+ 			 &Apache::lonnet::get('roles',["rolesdef_$rolename"]);
+ # ------------------------------------------------------- Does this role exist?
+     if (($rdummy ne 'con_lost') && ($roledef ne '')) {
+ 	$r->print('Existing Role "');
+     } else {
+ 	$r->print('New Role "');
+ 	$roledef='';
+     }
+     $r->print($rolename.'"</h2>');
+ # ------------------------------------------------------- What can be assigned?
+     my $sysrole='';
+     my $domrole='';
+     my $courole='';
+     foreach (split(/\:/,$Apache::lonnet::pr{'cr:c'})) {
+ 	my ($priv,$restrict)=split(/\&/,$_);
+         unless ($restrict) { $restrict=''; }
+         if ($ENV{'form.'.$priv.':c'}) {
+ 	    $courole.=':'.$_;
+ 	}
+     }
+     foreach (split(/\:/,$Apache::lonnet::pr{'cr:d'})) {
+ 	my ($priv,$restrict)=split(/\&/,$_);
+         unless ($restrict) { $restrict=''; }
+         if ($ENV{'form.'.$priv.':d'}) {
+ 	    $domrole.=':'.$_;
+ 	}
+     }
+     foreach (split(/\:/,$Apache::lonnet::pr{'cr:s'})) {
+ 	my ($priv,$restrict)=split(/\&/,$_);
+         unless ($restrict) { $restrict=''; }
+         if ($ENV{'form.'.$priv.':s'}) {
+ 	    $sysrole.=':'.$_;
+ 	}
+     }
+     $r->print('<br />Defining Role: '.
+ 	   &Apache::lonnet::definerole($rolename,$sysrole,$domrole,$courole));
+     if ($ENV{'request.course.id'}) {
+         my $url='/'.$ENV{'request.course.id'};
+         $url=~s/\_/\//g;
+ 	$r->print('<br />Assigning Role to Self: '.
+ 	      &Apache::lonnet::assigncustomrole($ENV{'user.domain'},
+ 						$ENV{'user.name'},
+ 						$url,
+ 						$ENV{'user.domain'},
+ 						$ENV{'user.name'},
+ 						$rolename));
+     }
      $r->print('</body></html>');
  }
- Line 400  sub handler {
+ Line 1085  sub handler {
      my $r = shift;
      if ($r->header_only) {
-        $r->content_type('text/html');
+        &Apache::loncommon::content_type($r,'text/html');
         $r->send_http_header;
         return OK;
      }
- Line 409  sub handler {
+ Line 1094  sub handler {
          (&Apache::lonnet::allowed('cin',$ENV{'request.course.id'})) ||
          (&Apache::lonnet::allowed('ccr',$ENV{'request.course.id'})) ||
          (&Apache::lonnet::allowed('cep',$ENV{'request.course.id'})) ||
-         (&Apache::lonnet::allowed('mau',$ENV{'user.domain'}))) {
+         (&Apache::lonnet::allowed('cca',$ENV{'request.role.domain'})) ||
-        $r->content_type('text/html');
+         (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'}))) {
+        &Apache::loncommon::content_type($r,'text/html');
         $r->send_http_header;
         unless ($ENV{'form.phase'}) {
- 	   &phase_one($r);
+ 	   &print_username_entry_form($r);
         }
-        if ($ENV{'form.phase'} eq 'two') {
+        if ($ENV{'form.phase'} eq 'get_user_info') {
-            &phase_two($r);
+            &print_user_modification_page($r);
-        } elsif ($ENV{'form.phase'} eq 'three') {
+        } elsif ($ENV{'form.phase'} eq 'update_user_data') {
-            &phase_three($r);
+            &update_user_data($r);
+        } elsif ($ENV{'form.phase'} eq 'selected_custom_edit') {
+            &custom_role_editor($r);
+        } elsif ($ENV{'form.phase'} eq 'set_custom_roles') {
+ 	   &set_custom_role($r);
         }
     } else {
        $ENV{'user.error.msg'}=
- Line 428  sub handler {
+ Line 1118  sub handler {
     return OK;
  }
+ #-------------------------------------------------- functions for &phase_two
+ sub course_level_table {
+     my %inccourses = @_;
+     my $table = '';
+ # Custom Roles?
+     my %customroles=&my_custom_roles();
+     foreach (sort( keys(%inccourses))) {
+ 	my $thiscourse=$_;
+ 	my $protectedcourse=$_;
+ 	$thiscourse=~s:_:/:g;
+ 	my %coursedata=&Apache::lonnet::coursedescription($thiscourse);
+ 	my $area=$coursedata{'description'};
+ 	if (!defined($area)) { $area='Unavailable course: '.$_; }
+ 	my $bgcol=$thiscourse;
+ 	$bgcol=~s/[^7-9a-e]//g;
+ 	$bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',2,6);
+ 	foreach  ('st','ta','ep','ad','in','cc') {
+ 	    if (&Apache::lonnet::allowed('c'.$_,$thiscourse)) {
+ 		my $plrole=&Apache::lonnet::plaintext($_);
+ 		$table .= <<ENDEXTENT;
+ <tr bgcolor="#$bgcol">
+ <td><input type="checkbox" name="act_$protectedcourse\_$_"></td>
+ <td>$plrole</td>
+ <td>$area</td>
+ ENDEXTENT
+ 	        if ($_ ne 'cc') {
+ 		    $table .= <<ENDSECTION;
+ <td><input type="text" size="5" name="sec_$protectedcourse\_$_"></td>
+ ENDSECTION
+                 } else {
+ 		    $table .= <<ENDSECTION;
+ <td>&nbsp</td>
+ ENDSECTION
+                 }
+ 		$table .= <<ENDTIMEENTRY;
+ <td><input type=hidden name="start_$protectedcourse\_$_" value=''>
+ <a href=
+ "javascript:pjump('date_start','Start Date $plrole',document.cu.start_$protectedcourse\_$_.value,'start_$protectedcourse\_$_','cu.pres','dateset')">Set Start Date</a></td>
+ <td><input type=hidden name="end_$protectedcourse\_$_" value=''>
+ <a href=
+ "javascript:pjump('date_end','End Date $plrole',document.cu.end_$protectedcourse\_$_.value,'end_$protectedcourse\_$_','cu.pres','dateset')">Set End Date</a></td>
+ ENDTIMEENTRY
+                 $table.= "</tr>\n";
+             }
+         }
+         foreach (sort keys %customroles) {
+ 	    if (&Apache::lonnet::allowed('ccr',$thiscourse)) {
+ 		my $plrole=$_;
+                 my $customrole=$protectedcourse.'_cr_cr_'.$ENV{'user.domain'}.
+ 		    '_'.$ENV{'user.name'}.'_'.$plrole;
+ 		$table .= <<ENDENTRY;
+ <tr bgcolor="#$bgcol">
+ <td><input type="checkbox" name="act_$customrole"></td>
+ <td>$plrole</td>
+ <td>$area</td>
+ <td><input type="text" size="5" name="sec_$customrole"></td>
+ <td><input type=hidden name="start_$customrole" value=''>
+ <a href=
+ "javascript:pjump('date_start','Start Date $plrole',document.cu.start_$customrole.value,'start_$customrole','cu.pres','dateset')">Set Start Date</a></td>
+ <td><input type=hidden name="end_$customrole" value=''>
+ <a href=
+ "javascript:pjump('date_end','End Date $plrole',document.cu.end_$customrole.value,'end_$customrole','cu.pres','dateset')">Set End Date</a></td></tr>
+ ENDENTRY
+            }
+ 	}
+     }
+     return '' if ($table eq ''); # return nothing if there is nothing
+                                  # in the table
+     my $result = <<ENDTABLE;
+ <h4>Course Level</h4>
+ <table border=2><tr><th>Activate</th><th>Role</th><th>Extent</th>
+ <th>Group/Section</th><th>Start</th><th>End</th></tr>
+ $table
+ </table>
+ ENDTABLE
+     return $result;
+ }
+ #---------------------------------------------- end functions for &phase_two
+ #--------------------------------- functions for &phase_two and &phase_three
+ #--------------------------end of functions for &phase_two and &phase_three
 ;
  __END__

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.10
changed lines
	Added in v.1.70.2.1