');
+ my ($fixedauth,$varauth,$authmsg);
+ if (ref($rulematch{$ccuname.':'.$ccdomain}) eq 'HASH') {
+ my $matchedrule = $rulematch{$ccuname.':'.$ccdomain}{'username'};
+ my ($rules,$ruleorder) =
+ &Apache::lonnet::inst_userrules($ccdomain,'username');
+ if (ref($rules) eq 'HASH') {
+ if (ref($rules->{$matchedrule}) eq 'HASH') {
+ my $authtype = $rules->{$matchedrule}{'authtype'};
+ if ($authtype !~ /^(krb4|krb5|int|fsys|loc)$/) {
+ $r->print(&Apache::lonuserutils::set_login($ccdomain,$authformkrb,$authformint,$authformloc));
+ } else {
+ my $authparm = $rules->{$matchedrule}{'authparm'};
+ if ($authtype =~ /^krb(4|5)$/) {
+ my $ver = $1;
+ if ($authparm ne '') {
+ $fixedauth = <<"KERB";
+
+
+
+KERB
+ $authmsg = $rules->{$matchedrule}{'authmsg'};
+ }
+ } else {
+ $fixedauth =
+''."\n";
+ if ($rules->{$matchedrule}{'authparmfixed'}) {
+ $fixedauth .=
+''."\n";
+ } else {
+ $varauth =
+''."\n";
+ }
+ }
+ }
+ } else {
+ $r->print(&Apache::lonuserutils::set_login($ccdomain,$authformkrb,$authformint,$authformloc));
+ }
+ }
+ if ($authmsg) {
+ $r->print(<print(&Apache::lonuserutils::set_login($ccdomain,$authformkrb,$authformint,$authformloc));
+ }
+ $r->print(<
+ENDPORT
} else { # user already exists
+ my %lt=&Apache::lonlocal::texthash(
+ 'cup' => "Modify existing user: ",
+ 'id' => "in domain",
+ );
$r->print(<Change User Privileges
+$start_page
+$crumbs
$forminfo
-
User "$ccuname" in domain $ccdomain
+
$lt{'cup'} "$ccuname" $lt{'id'} "$ccdomain"
ENDCHANGEUSER
- # Get the users information
- my %userenv = &Apache::lonnet::get('environment',
- ['firstname','middlename','lastname','generation'],
- $ccdomain,$ccuname);
- my %rolesdump=&Apache::lonnet::dump('roles',$ccdomain,$ccuname);
- $r->print(<
-
');
+ my $user_auth_text =
+ &user_authentication($ccuname,$ccdomain,$krbdefdom,\%abv_auth);
+ my $user_quota_text;
+ if (&Apache::lonnet::allowed('mpq',$ccdomain)) {
+ # Current user has quota modification privileges
+ $user_quota_text = &portfolio_quota($ccuname,$ccdomain);
+ } elsif (&Apache::lonnet::allowed('mpq',$env{'request.role.domain'})) {
+ # Get the user's portfolio information
+ my %portq = &Apache::lonnet::get('environment',['portfolioquota'],
+ $ccdomain,$ccuname);
+
+ my %lt=&Apache::lonlocal::texthash(
+ 'dska' => "Disk space allocated to user's portfolio files",
+ 'youd' => "You do not have privileges to modify the portfolio quota for this user.",
+ 'ichr' => "If a change is required, contact a domain coordinator for the domain",
+ );
+ $user_quota_text = <$lt{'dska'}
+$lt{'youd'} $lt{'ichr'}: $ccdomain
+ENDNOPORTPRIV
+ }
+ if ($user_auth_text ne '') {
+ $r->print('
'.$user_auth_text);
+ if ($user_quota_text ne '') {
+ $r->print($user_quota_text);
+ }
+ $r->print('
');
+ }
+ $r->print('');
+ my %rolesdump=&Apache::lonnet::dump('roles',$ccdomain,$ccuname);
# Build up table of user roles to allow revocation of a role.
my ($tmp) = keys(%rolesdump);
unless ($tmp =~ /^(con_lost|error)/i) {
my $now=time;
- $r->print(<
-
Revoke Existing Roles
-
-
Revoke
Role
Extent
Start
End
-END
- foreach my $area (keys(%rolesdump)) {
+ my %lt=&Apache::lonlocal::texthash(
+ 'rer' => "Existing Roles",
+ 'rev' => "Revoke",
+ 'del' => "Delete",
+ 'ren' => "Re-Enable",
+ 'rol' => "Role",
+ 'ext' => "Extent",
+ 'sta' => "Start",
+ 'end' => "End"
+ );
+ my (%roletext,%sortrole,%roleclass,%rolepriv);
+ foreach my $area (sort { my $a1=join('_',(split('_',$a))[1,0]);
+ my $b1=join('_',(split('_',$b))[1,0]);
+ return $a1 cmp $b1;
+ } keys(%rolesdump)) {
next if ($area =~ /^rolesdef/);
+ my $envkey=$area;
my $role = $rolesdump{$area};
my $thisrole=$area;
$area =~ s/\_\w\w$//;
my ($role_code,$role_end_time,$role_start_time) =
split(/_/,$role);
- my $bgcol='ffffff';
+# Is this a custom role? Get role owner and title.
+ my ($croleudom,$croleuname,$croletitle)=
+ ($role_code=~m{^cr/($match_domain)/($match_username)/(\w+)$});
my $allowed=0;
- if ($area =~ /^\/(\w+)\/(\d\w+)/ ) {
+ my $delallowed=0;
+ my $sortkey=$role_code;
+ my $class='Unknown';
+ if ($area =~ m{^/($match_domain)/($match_courseid)} ) {
+ $class='Course';
+ my ($coursedom,$coursedir) = ($1,$2);
+ $sortkey.="\0$coursedom";
+ # $1.'_'.$2 is the course id (eg. 103_12345abcef103l3).
my %coursedata=
&Apache::lonnet::coursedescription($1.'_'.$2);
- my $carea='Course: '.$coursedata{'description'};
+ my $carea;
+ if (defined($coursedata{'description'})) {
+ $carea=$coursedata{'description'}.
+ ' '.&mt('Domain').': '.$coursedom.(' 'x8).
+ &Apache::loncommon::syllabuswrapper('Syllabus',$coursedir,$coursedom);
+ $sortkey.="\0".$coursedata{'description'};
+ $class=$coursedata{'type'};
+ } else {
+ $carea=&mt('Unavailable course').': '.$area;
+ $sortkey.="\0".&mt('Unavailable course').': '.$area;
+ }
+ $sortkey.="\0$coursedir";
$inccourses{$1.'_'.$2}=1;
- if (&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) {
+ if ((&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) ||
+ (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) {
$allowed=1;
}
+ if ((&Apache::lonnet::allowed('dro',$1)) ||
+ (&Apache::lonnet::allowed('dro',$ccdomain))) {
+ $delallowed=1;
+ }
+# - custom role. Needs more info, too
+ if ($croletitle) {
+ if (&Apache::lonnet::allowed('ccr',$1.'/'.$2)) {
+ $allowed=1;
+ $thisrole.='.'.$role_code;
+ }
+ }
# Compute the background color based on $area
- $bgcol=$1.'_'.$2;
- $bgcol=~s/[^8-9b-e]//g;
- $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6);
- if ($area=~/^\/(\w+)\/(\d\w+)\/(\w+)/) {
- $carea.=' Section/Group: '.$3;
+ if ($area=~m{^/($match_domain)/($match_courseid)/(\w+)}) {
+ $carea.=' Section: '.$3;
+ $sortkey.="\0$3";
}
$area=$carea;
} else {
+ $sortkey.="\0".$area;
# Determine if current user is able to revoke privileges
- if ($area=~ /^\/(\w+)\//) {
- if (&Apache::lonnet::allowed('c'.$role_code,$1)) {
+ if ($area=~m{^/($match_domain)/}) {
+ if ((&Apache::lonnet::allowed('c'.$role_code,$1)) ||
+ (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) {
$allowed=1;
}
+ if (((&Apache::lonnet::allowed('dro',$1)) ||
+ (&Apache::lonnet::allowed('dro',$ccdomain))) &&
+ ($role_code ne 'dc')) {
+ $delallowed=1;
+ }
} else {
if (&Apache::lonnet::allowed('c'.$role_code,'/')) {
$allowed=1;
}
}
+ if ($role_code eq 'ca' || $role_code eq 'au') {
+ $class='Construction Space';
+ } elsif ($role_code eq 'su') {
+ $class='System';
+ } else {
+ $class='Domain';
+ }
}
- # I have no idea what the hell the above code does
- # So the following is a check:
- if ($allowed) {
- # If we are looking at a co-author role, make sure it is
- # for the current users construction space before we let
- # them revoke it.
- if (($role_code eq 'ca') &&
- ($ENV{'request.role'} !~ /^dc/)) {
- if ($area !~
- /^\/$ENV{'user.domain'}\/$ENV{'user.name'}/) {
- $allowed = 0;
- }
+ if (($role_code eq 'ca') || ($role_code eq 'aa')) {
+ $area=~m{/($match_domain)/($match_username)};
+ if (&authorpriv($2,$1)) {
+ $allowed=1;
+ } else {
+ $allowed=0;
}
}
my $row = '';
- $row.='
';
+ $row.= '
';
my $active=1;
$active=0 if (($role_end_time) && ($now>$role_end_time));
if (($active) && ($allowed)) {
- $row.= '';
+ $row.= '';
+ } else {
+ if ($active) {
+ $row.=' ';
+ } else {
+ $row.=&mt('expired or revoked');
+ }
+ }
+ $row.='
'.
+&Apache::loncommon::end_data_table_header_row());
+ foreach my $type ('Construction Space','Course','Group','Domain','System','Unknown') {
+ if ($output{$type}) {
+ $r->print($output{$type}."\n");
+ }
+ }
+ $r->print(&Apache::loncommon::end_data_table());
+ }
} # End of unless
- my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
- if ($currentauth=~/^krb(4|5):/) {
- $currentauth=~/^krb(4|5):(.*)/;
- my $krbdefdom2=$1;
- my %param = ( formname => 'document.cu',
- kerb_def_dom => $krbdefdom
- );
- $loginscript = &Apache::loncommon::authform_header(%param);
- }
- # Check for a bad authentication type
- unless ($currentauth=~/^krb(4|5):/ or
- $currentauth=~/^unix:/ or
- $currentauth=~/^internal:/ or
- $currentauth=~/^localauth:/
- ) { # bad authentication scheme
- if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) {
- $r->print(<
-
-ERROR:
-This user has an unrecognized authentication scheme ($currentauth).
-Please specify login data below.
-
Login Data
-
$generalrule
-
$authformkrb
-
$authformint
-
$authformfsys
-
$authformloc
-ENDBADAUTH
- } else {
- # This user is not allowed to modify the users
- # authentication scheme, so just notify them of the problem
- $r->print(<
-
- ERROR:
-This user has an unrecognized authentication scheme ($currentauth).
-Please alert a domain coordinator of this situation.
-
-ENDBADAUTH
- }
- } else { # Authentication type is valid
- my $authformcurrent='';
- my $authform_other='';
- if ($currentauth=~/^krb(4|5):/) {
- $authformcurrent=$authformkrb;
- $authform_other="
Changing this value will overwrite existing authentication for the user; you should notify the user of this change.
-
-ENDCURRENTAUTH
- if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) {
- # Current user has login modification privileges
- $r->print(<
-
-
Change Current Login Data
-
$generalrule
-
$authformnop
-
$authformcurrent
-
Enter New Login Data
-$authform_other
-ENDOTHERAUTHS
- }
- } ## End of "check for bad authentication type" logic
} ## End of new user/old user logic
- $r->print('
Add Roles
');
+ my $addrolesdisplay = 0;
+ $r->print('
'.&mt('Add Roles').'
');
#
# Co-Author
#
-
- if (&Apache::lonnet::allowed('cca',$ENV{'user.domain'})) {
- my $cuname=$ENV{'user.name'};
- my $cudom=$ENV{'user.domain'};
- $r->print(<Construction Space
-
'."\n".
+ &Apache::loncommon::end_data_table_row()."\n".
+ &Apache::loncommon::end_data_table());
+ } elsif ($env{'request.role'} =~ /^au\./) {
+ if (!(&authorpriv($env{'user.name'},$env{'request.role.domain'}))) {
+ $r->print(''.
+ &mt('You do not have privileges to assign co-author roles.').
+ '');
+ } elsif (($env{'user.name'} eq $ccuname) &&
+ ($env{'user.domain'} eq $ccdomain)) {
+ $r->print(&mt('Assigning yourself a co-author or assistant co-author role in your own author area in Construction Space is not permitted'));
+ }
}
#
# Domain level
#
- $r->print('
Domain Level
'.
- '
Activate
Role
Extent
'.
- '
Start
End
');
- foreach ( sort( keys(%incdomains))) {
- my $thisdomain=$_;
- foreach ('dc','li','dg','au') {
- if (&Apache::lonnet::allowed('c'.$_,$thisdomain)) {
- my $plrole=&Apache::lonnet::plaintext($_);
- $r->print(<
-
');
+ $domaintext.= &Apache::loncommon::end_data_table();
+ if ($num_domain_level > 0) {
+ $r->print($domaintext);
+ $addrolesdisplay = 1;
+ }
#
# Course level
#
- $r->print(&course_level_table(%inccourses));
- $r->print("\n");
- $r->print("");
+
+ if ($env{'request.role'} =~ m{^dc\./($match_domain)/$}) {
+ $r->print(&course_level_dc($1,'Course'));
+ $r->print(' '."\n");
+ } elsif ($env{'request.role'} =~ m{^au\./($match_domain)/$}) {
+ if ($addrolesdisplay) {
+ $r->print(' print(' onClick="verify_message(this.form)" \>'."\n");
+ } else {
+ $r->print('onClick="this.form.submit()" \>'."\n");
+ }
+ } else {
+ $r->print(' '.
+ &mt('Back to previous page').'');
+ }
+ } else {
+ $r->print(&course_level_table(%inccourses));
+ $r->print(' '."\n");
+ }
+ $r->print(&Apache::lonhtmlcommon::echo_form_input(['phase','userrole','ccdomain','prevphase','currstate','ccuname','ccdomain']));
+ $r->print('');
+ $r->print('');
+ $r->print("".&Apache::loncommon::end_page());
+}
+
+sub user_authentication {
+ my ($ccuname,$ccdomain,$krbdefdom,$abv_auth) = @_;
+ my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
+ my ($loginscript,$outcome);
+ if ($currentauth=~/^(krb)(4|5):(.*)/) {
+ my $long_auth = $1.$2;
+ my $curr_kerb_ver = $2;
+ my $krbdefdom=$3;
+ my $curr_authtype = $abv_auth->{$long_auth};
+ my %param = ( formname => 'document.cu',
+ kerb_def_dom => $krbdefdom,
+ domain => $ccdomain,
+ curr_authtype => $curr_authtype,
+ curr_kerb_ver => $curr_kerb_ver,
+ );
+ $loginscript = &Apache::loncommon::authform_header(%param);
+ }
+ # Check for a bad authentication type
+ if ($currentauth !~ /^(krb4|krb5|unix|internal|localauth):/) {
+ # bad authentication scheme
+ my %lt=&Apache::lonlocal::texthash(
+ 'err' => "ERROR",
+ 'uuas' => "This user has an unrecognized authentication scheme",
+ 'adcs' => "Please alert a domain coordinator of this situation",
+ 'sldb' => "Please specify login data below",
+ 'ld' => "Login Data"
+ );
+ if (&Apache::lonnet::allowed('mau',$ccdomain)) {
+ &initialize_authen_forms($ccdomain);
+ my $choices = &Apache::lonuserutils::set_login($ccdomain,$authformkrb,$authformint,$authformloc);
+ $outcome = <
+$loginscript
+
+$lt{'err'}:
+$lt{'uuas'} ($currentauth). $lt{'sldb'}.
+
$lt{'ld'}
+$choices
+ENDBADAUTH
+ } else {
+ # This user is not allowed to modify the user's
+ # authentication scheme, so just notify them of the problem
+ $outcome = < $lt{'err'}:
+$lt{'uuas'} ($currentauth). $lt{'adcs'}.
+
+ENDBADAUTH
+ }
+ } else { # Authentication type is valid
+ &initialize_authen_forms($ccdomain,$currentauth);
+ my $authformnop_row;
+ if (&Apache::lonnet::allowed('mau',$ccdomain)) {
+ $authformnop_row = &Apache::loncommon::start_data_table_row();
+ }
+ my ($authformcurrent,$authform_other,$can_modify) =
+ &modify_login_block($ccdomain,$currentauth);
+ if (&Apache::lonnet::allowed('mau',$ccdomain)) {
+ # Current user has login modification privileges
+ my %lt=&Apache::lonlocal::texthash (
+ 'ld' => "Login Data",
+ 'ccld' => "Change Current Login Data",
+ 'enld' => "Enter New Login Data"
+ );
+ $outcome =
+ ''."\n".
+ '