--- loncom/interface/loncreateuser.pm 2002/08/07 18:04:35 1.37
+++ loncom/interface/loncreateuser.pm 2003/02/03 18:03:52 1.47
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Create a user
#
-# $Id: loncreateuser.pm,v 1.37 2002/08/07 18:04:35 matthew Exp $
+# $Id: loncreateuser.pm,v 1.47 2003/02/03 18:03:52 harris41 Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -44,10 +44,9 @@
# 2/14,2/17,2/19,2/20,2/21,2/22,2/23,3/2,3/17,3/24,04/12 Gerd Kortemeyer
# April Guy Albertelli
# 05/10,10/16 Gerd Kortemeyer
-# 11/12,11/13,11/15 Scott Harrison
# 02/11/02 Matthew Hall
#
-# $Id: loncreateuser.pm,v 1.37 2002/08/07 18:04:35 matthew Exp $
+# $Id: loncreateuser.pm,v 1.47 2003/02/03 18:03:52 harris41 Exp $
###
package Apache::loncreateuser;
@@ -80,27 +79,48 @@ BEGIN {
$authformloc = &Apache::loncommon::authform_local(%param);
}
+
+
+# ==================================================== Figure out author access
+
+sub authorpriv {
+ my ($auname,$audom)=@_;
+ if (($auname ne $ENV{'user.name'}) ||
+ (($audom ne $ENV{'user.domain'}) &&
+ ($audom ne $ENV{'request.role.domain'}))) { return ''; }
+ unless (&Apache::lonnet::allowed('cca',$audom)) { return ''; }
+ return 1;
+}
+
# =================================================================== Phase one
-sub phase_one {
+sub print_username_entry_form {
my $r=shift;
- my $defdom=$ENV{'user.domain'};
+ my $defdom=$ENV{'request.role.domain'};
my @domains = &Apache::loncommon::get_domains();
my $domform = &Apache::loncommon::select_dom_form($defdom,'ccdomain');
+ my $bodytag =&Apache::loncommon::bodytag(
+ 'Create Users, Change User Privileges');
+ my $selscript=&Apache::loncommon::studentbrowser_javascript();
+ my $sellink=&Apache::loncommon::selectstudent_link
+ ('crtuser','ccuname','ccdomain');
$r->print(<<"ENDDOCUMENT");
<html>
<head>
<title>The LearningOnline Network with CAPA</title>
+$selscript
</head>
-<body bgcolor="#FFFFFF">
-<h1>Create User, Change User Privileges</h1>
-<form action=/adm/createuser method=post>
-<input type=hidden name=phase value=two>
+$bodytag
+<form action="/adm/createuser" method="post" name="crtuser">
+<input type="hidden" name="phase" value="get_user_info">
<p>
-Username: <input type=text size=15 name=ccuname><br>
-Domain: $domform
+<table>
+<tr><td>Username:</td><td><input type="text" size="15" name="ccuname">
+</td><td rowspan="2">$sellink</td></tr><tr><td>
+Domain:</td><td>$domform</td></tr>
+</table>
</p>
-<input type=submit value="Continue">
+<input type="submit" value="Continue">
</form>
</body>
</html>
@@ -108,7 +128,7 @@ ENDDOCUMENT
}
# =================================================================== Phase two
-sub phase_two {
+sub print_user_modification_page {
my $r=shift;
my $ccuname=$ENV{'form.ccuname'};
my $ccdomain=$ENV{'form.ccdomain'};
@@ -121,7 +141,7 @@ sub phase_two {
);
$loginscript = &Apache::loncommon::authform_header(%param);
- my $defdom=$ENV{'user.domain'};
+ my $defdom=$ENV{'request.role.domain'};
$ccuname=~s/\W//g;
$ccdomain=~s/\W//g;
@@ -154,12 +174,12 @@ sub phase_two {
</script>
</head>
-<body bgcolor="#FFFFFF">
-<img align="right" src="/adm/lonIcons/lonlogos.gif">
ENDDOCHEAD
+ $r->print(&Apache::loncommon::bodytag(
+ 'Create Users, Change User Privileges'));
my $forminfo =<<"ENDFORMINFO";
<form action="/adm/createuser" method="post" name="cu">
-<input type="hidden" name="phase" value="three">
+<input type="hidden" name="phase" value="update_user_data">
<input type="hidden" name="ccuname" value="$ccuname">
<input type="hidden" name="ccdomain" value="$ccdomain">
<input type="hidden" name="pres_value" value="" >
@@ -234,8 +254,6 @@ ENDCHANGEUSER
<tr>
END
foreach ('firstname','middlename','lastname','generation') {
- my $result = &Apache::lonnet::allowed('mau',$ccdomain);
- &Apache::lonnet::logthis("allowed: mau, $ccdomain = $result");
if (&Apache::lonnet::allowed('mau',$ccdomain)) {
$r->print(<<"END");
<td><input type="text" name="c$_" value="$userenv{$_}" size="15"/></td>
@@ -295,18 +313,12 @@ END
}
}
}
- # I have no idea what the hell the above code does
- # So the following is a check:
- if ($allowed) {
- # If we are looking at a co-author role, make sure it is
- # for the current users construction space before we let
- # them revoke it.
- if (($role_code eq 'ca') &&
- ($ENV{'request.role'} !~ /^dc/)) {
- if ($area !~
- /^\/$ENV{'user.domain'}\/$ENV{'user.name'}/) {
- $allowed = 0;
- }
+ if ($role_code eq 'ca') {
+ $area=~/\/(\w+)\/(\w+)/;
+ if (&authorpriv($2,$1)) {
+ $allowed=1;
+ } else {
+ $allowed=0;
}
}
my $row = '';
@@ -330,21 +342,21 @@ END
$r->print('</table>');
} # End of unless
my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
- if ($currentauth=~/^krb4:/) {
- $currentauth=~/^krb4:(.*)/;
- my $krbdefdom2=$1;
+ if ($currentauth=~/^krb(4|5):/) {
+ $currentauth=~/^krb(4|5):(.*)/;
+ my $krbdefdom=$1;
my %param = ( formname => 'document.cu',
kerb_def_dom => $krbdefdom
);
$loginscript = &Apache::loncommon::authform_header(%param);
}
# Check for a bad authentication type
- unless ($currentauth=~/^krb4:/ or
+ unless ($currentauth=~/^krb(4|5):/ or
$currentauth=~/^unix:/ or
$currentauth=~/^internal:/ or
$currentauth=~/^localauth:/
) { # bad authentication scheme
- if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) {
+ if (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'})) {
$r->print(<<ENDBADAUTH);
<hr />
<script type="text/javascript" language="Javascript">
@@ -377,7 +389,7 @@ ENDBADAUTH
} else { # Authentication type is valid
my $authformcurrent='';
my $authform_other='';
- if ($currentauth=~/^krb4:/) {
+ if ($currentauth=~/^krb(4|5):/) {
$authformcurrent=$authformkrb;
$authform_other="<p>$authformint</p>\n".
"<p>$authformfsys</p><p>$authformloc</p>";
@@ -407,7 +419,7 @@ ENDBADAUTH
<td bgcolor='#cbbcbb'>Changing this value will overwrite existing authentication for the user; you should notify the user of this change.</td></tr>
</table>
ENDCURRENTAUTH
- if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) {
+ if (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'})) {
# Current user has login modification privileges
$r->print(<<ENDOTHERAUTHS);
<hr />
@@ -428,10 +440,11 @@ ENDOTHERAUTHS
#
# Co-Author
#
-
- if (&Apache::lonnet::allowed('cca',$ENV{'user.domain'})) {
+ if (&authorpriv($ENV{'user.name'},$ENV{'request.role.domain'}) &&
+ ($ENV{'user.name'} ne $ccuname || $ENV{'user.domain'} ne $ccdomain)) {
+ # No sense in assigning co-author role to yourself
my $cuname=$ENV{'user.name'};
- my $cudom=$ENV{'user.domain'};
+ my $cudom=$ENV{'request.role.domain'};
$r->print(<<ENDCOAUTH);
<h4>Construction Space</h4>
<table border=2><tr><th>Activate</th><th>Role</th><th>Extent</th>
@@ -487,7 +500,7 @@ ENDDROW
}
# ================================================================= Phase Three
-sub phase_three {
+sub update_user_data {
my $r=shift;
my $uhome=&Apache::lonnet::homeserver($ENV{'form.ccuname'},
$ENV{'form.ccdomain'});
@@ -500,9 +513,14 @@ sub phase_three {
<head>
<title>The LearningOnline Network with CAPA</title>
</head>
-<body bgcolor="#FFFFFF">
-<img align="right" src="/adm/lonIcons/lonlogos.gif">
ENDTHREEHEAD
+ my $title;
+ if (exists($ENV{'form.makeuser'})) {
+ $title='Set Privileges for New User';
+ } else {
+ $title='Modify User Privileges';
+ }
+ $r->print(&Apache::loncommon::bodytag($title));
# Check Inputs
if (! $ENV{'form.ccuname'} ) {
$r->print($error.'No login name specified.'.$end);
@@ -537,7 +555,8 @@ ENDTHREEHEAD
my $amode='';
my $genpwd='';
if ($ENV{'form.login'} eq 'krb') {
- $amode='krb4';
+ $amode='krb';
+ $amode.=$ENV{'form.krbver'};
$genpwd=$ENV{'form.krbarg'};
} elsif ($ENV{'form.login'} eq 'int') {
$amode='internal';
@@ -562,7 +581,6 @@ ENDTHREEHEAD
if ($ENV{'form.makeuser'}) {
# Create a new user
$r->print(<<ENDNEWUSERHEAD);
-<h1>Create User</h1>
<h3>Creating user "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"</h2>
ENDNEWUSERHEAD
# Check for the authentication mode and password
@@ -575,7 +593,7 @@ ENDNEWUSERHEAD
if (lc($desiredhost) eq 'default') {
$desiredhost = undef;
} else {
- my %home_servers = &Apache::loncommon::get_home_servers
+ my %home_servers = &Apache::loncommon::get_library_servers
($ENV{'form.ccdomain'});
if (! exists($home_servers{$desiredhost})) {
$r->print($error.'Invalid home server specified');
@@ -598,7 +616,6 @@ ENDNEWUSERHEAD
($ENV{'form.login'} ne '' )) {
# Modify user privileges
$r->print(<<ENDMODIFYUSERHEAD);
-<h1>Change User Privileges</h1>
<h2>User "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"</h2>
ENDMODIFYUSERHEAD
if (! $amode || ! $genpwd) {
@@ -780,17 +797,17 @@ sub handler {
(&Apache::lonnet::allowed('cin',$ENV{'request.course.id'})) ||
(&Apache::lonnet::allowed('ccr',$ENV{'request.course.id'})) ||
(&Apache::lonnet::allowed('cep',$ENV{'request.course.id'})) ||
- (&Apache::lonnet::allowed('cca',$ENV{'user.domain'})) ||
- (&Apache::lonnet::allowed('mau',$ENV{'user.domain'}))) {
+ (&Apache::lonnet::allowed('cca',$ENV{'request.role.domain'})) ||
+ (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'}))) {
$r->content_type('text/html');
$r->send_http_header;
unless ($ENV{'form.phase'}) {
- &phase_one($r);
+ &print_username_entry_form($r);
}
- if ($ENV{'form.phase'} eq 'two') {
- &phase_two($r);
- } elsif ($ENV{'form.phase'} eq 'three') {
- &phase_three($r);
+ if ($ENV{'form.phase'} eq 'get_user_info') {
+ &print_user_modification_page($r);
+ } elsif ($ENV{'form.phase'} eq 'update_user_data') {
+ &update_user_data($r);
}
} else {
$ENV{'user.error.msg'}=