--- loncom/interface/loncreateuser.pm 2017/08/15 23:42:33 1.406.2.14.2.1 +++ loncom/interface/loncreateuser.pm 2023/03/29 16:01:13 1.467 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Create a user # -# $Id: loncreateuser.pm,v 1.406.2.14.2.1 2017/08/15 23:42:33 raeburn Exp $ +# $Id: loncreateuser.pm,v 1.467 2023/03/29 16:01:13 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -71,6 +71,7 @@ use Apache::longroup; use Apache::lonuserutils; use Apache::loncoursequeueadmin; use LONCAPA qw(:DEFAULT :match); +use HTML::Entities; my $loginscript; # piece of javascript used in two separate instances my $authformnop; @@ -78,6 +79,7 @@ my $authformkrb; my $authformint; my $authformfsys; my $authformloc; +my $authformlti; sub initialize_authen_forms { my ($dom,$formname,$curr_authtype,$mode) = @_; @@ -88,7 +90,7 @@ sub initialize_authen_forms { domain => $dom, ); my %abv_auth = &auth_abbrev(); - if ($curr_authtype =~ /^(krb4|krb5|internal|localauth|unix):(.*)$/) { + if ($curr_authtype =~ /^(krb4|krb5|internal|localauth|unix|lti):(.*)$/) { my $long_auth = $1; my $curr_autharg = $2; my %abv_auth = &auth_abbrev(); @@ -107,6 +109,7 @@ sub initialize_authen_forms { $authformint = &Apache::loncommon::authform_internal(%param); $authformfsys = &Apache::loncommon::authform_filesystem(%param); $authformloc = &Apache::loncommon::authform_local(%param); + $authformlti = &Apache::loncommon::authform_lti(%param); } sub auth_abbrev { @@ -116,6 +119,7 @@ sub auth_abbrev { internal => 'int', localauth => 'loc', unix => 'fsys', + lti => 'lti', ); return %abv_auth; } @@ -243,6 +247,7 @@ sub build_tools_display { 'aboutme' => "Personal Information Page", 'webdav' => "WebDAV access to Authoring Spaces (if SSL and author/co-author)", 'portfolio' => "Personal User Portfolio", + 'timezone' => "Can set Time Zone", 'avai' => "Available", 'cusa' => "availability", 'chse' => "Change setting", @@ -252,13 +257,17 @@ sub build_tools_display { 'unofficial' => 'Can request creation of unofficial courses', 'community' => 'Can request creation of communities', 'textbook' => 'Can request creation of textbook courses', + 'placement' => 'Can request creation of placement tests', + 'lti' => 'Can request creation of LTI courses', 'requestauthor' => 'Can request author space', ); + $isadv = &Apache::lonnet::is_advanced_user($ccdomain,$ccuname); if ($context eq 'requestcourses') { %userenv = &Apache::lonnet::userenvironment($ccdomain,$ccuname, 'requestcourses.official','requestcourses.unofficial', - 'requestcourses.community','requestcourses.textbook'); - @usertools = ('official','unofficial','community','textbook'); + 'requestcourses.community','requestcourses.textbook', + 'requestcourses.placement','requestcourses.lti'); + @usertools = ('official','unofficial','community','textbook','placement','lti'); @options =('norequest','approval','autolimit','validate'); %validations = &Apache::lonnet::auto_courserequest_checks($ccdomain); %reqtitles = &courserequest_titles(); @@ -266,7 +275,6 @@ sub build_tools_display { $colspan = ' colspan="2"'; %domconfig = &Apache::lonnet::get_dom('configuration',['requestcourses'],$ccdomain); - $isadv = &Apache::lonnet::is_advanced_user($ccdomain,$ccuname); } elsif ($context eq 'requestauthor') { %userenv = &Apache::lonnet::userenvironment($ccdomain,$ccuname, 'requestauthor'); @@ -280,17 +288,18 @@ sub build_tools_display { } else { %userenv = &Apache::lonnet::userenvironment($ccdomain,$ccuname, 'tools.aboutme','tools.portfolio','tools.blog', - 'tools.webdav'); - @usertools = ('aboutme','blog','webdav','portfolio'); + 'tools.webdav','tools.timezone'); + @usertools = ('aboutme','blog','webdav','portfolio','timezone'); } foreach my $item (@usertools) { my ($custom_access,$curr_access,$cust_on,$cust_off,$tool_on,$tool_off, $currdisp,$custdisp,$custradio); $cust_off = 'checked="checked" '; $tool_on = 'checked="checked" '; - $curr_access = + $curr_access = &Apache::lonnet::usertools_access($ccuname,$ccdomain,$item,undef, - $context); + $context,\%userenv,'', + {'is_adv' => $isadv}); if ($context eq 'requestauthor') { if ($userenv{$context} ne '') { $cust_on = ' checked="checked" '; @@ -333,6 +342,7 @@ sub build_tools_display { ' '.$lt{$item}.''."\n". ' '."\n". &Apache::loncommon::start_data_table_row()."\n"; + if (($context eq 'requestcourses') || ($context eq 'requestauthor')) { my ($curroption,$currlimit); my $envkey = $context.'.'.$item; @@ -451,12 +461,14 @@ sub coursereq_externaluser { 'unofficial' => 'Can request creation of unofficial courses', 'community' => 'Can request creation of communities', 'textbook' => 'Can request creation of textbook courses', + 'placement' => 'Can request creation of placement tests', ); %userenv = &Apache::lonnet::userenvironment($ccdomain,$ccuname, 'reqcrsotherdom.official','reqcrsotherdom.unofficial', - 'reqcrsotherdom.community','reqcrsotherdom.textbook'); - @usertools = ('official','unofficial','community','textbook'); + 'reqcrsotherdom.community','reqcrsotherdom.textbook', + 'reqcrsotherdom.placement'); + @usertools = ('official','unofficial','community','textbook','placement'); @options = ('approval','validate','autolimit'); %validations = &Apache::lonnet::auto_courserequest_checks($cdom); my $optregex = join('|',@options); @@ -537,6 +549,8 @@ sub courserequest_titles { unofficial => 'Unofficial', community => 'Communities', textbook => 'Textbook', + placement => 'Placement Tests', + lti => 'LTI Provider', norequest => 'Not allowed', approval => 'Approval by Dom. Coord.', validate => 'With validation', @@ -880,7 +894,15 @@ ENDBLOCK (!(($env{'form.action'} eq 'singleuser') && ($context eq 'domain') && (!&Apache::lonnet::allowed('mau',$env{'request.role.domain'}))))) { my $defdom=$env{'request.role.domain'}; - my $domform = &Apache::loncommon::select_dom_form($defdom,'srchdomain'); + my ($trusted,$untrusted); + if ($context eq 'course') { + ($trusted,$untrusted) = &Apache::lonnet::trusted_domains('enroll',$defdom); + } elsif ($context eq 'author') { + ($trusted,$untrusted) = &Apache::lonnet::trusted_domains('othcoau',$defdom); + } elsif ($context eq 'domain') { + ($trusted,$untrusted) = &Apache::lonnet::trusted_domains('domroles',$defdom); + } + my $domform = &Apache::loncommon::select_dom_form($defdom,'srchdomain',undef,undef,undef,$trusted,$untrusted); my %lt=&Apache::lonlocal::texthash( 'enro' => 'Enroll one student', 'enrm' => 'Enroll one member', @@ -1465,15 +1487,21 @@ ENDAUTH $inst_results{$ccuname.':'.$ccdomain})); if ((&Apache::lonnet::allowed('ccc',$env{'request.role.domain'})) || (&Apache::lonnet::allowed('udp',$env{'request.role.domain'}))) { - $r->print('

'.&mt('User Can Request Creation of Courses/Communities in this Domain?').'

'. - &Apache::loncommon::start_data_table()); - if ($env{'request.role.domain'} eq $ccdomain) { - $r->print(&build_tools_display($ccuname,$ccdomain,'requestcourses')); + $r->print('

'.&mt('User Can Request Creation of Courses/Communities in this Domain?').'

'."\n"); + if (($env{'request.role.domain'} eq $ccdomain) || + (&Apache::lonnet::will_trust('reqcrs',$ccdomain,$env{'request.role.domain'}))) { + $r->print(&Apache::loncommon::start_data_table()); + if ($env{'request.role.domain'} eq $ccdomain) { + $r->print(&build_tools_display($ccuname,$ccdomain,'requestcourses')); + } else { + $r->print(&coursereq_externaluser($ccuname,$ccdomain, + $env{'request.role.domain'})); + } + $r->print(&Apache::loncommon::end_data_table()); } else { - $r->print(&coursereq_externaluser($ccuname,$ccdomain, - $env{'request.role.domain'})); + $r->print(&mt('Domain configuration for this domain prohibits course creation by users from domain: "[_1]"', + &Apache::lonnet::domain($ccdomain,'description'))); } - $r->print(&Apache::loncommon::end_data_table()); } $r->print(''); my @order = ('auth','quota','tools','requestauthor'); @@ -1486,7 +1514,7 @@ ENDAUTH ($env{'request.role.domain'} eq $ccdomain)) { $user_text{'requestauthor'} = &domainrole_req($ccuname,$ccdomain); } - $user_text{'auth'} = &user_authentication($ccuname,$ccdomain,$formname); + $user_text{'auth'} = &user_authentication($ccuname,$ccdomain,$formname,$crstype,$permission); if ((&Apache::lonnet::allowed('mpq',$ccdomain)) || (&Apache::lonnet::allowed('mut',$ccdomain)) || (&Apache::lonnet::allowed('udp',$ccdomain))) { @@ -1591,7 +1619,7 @@ ENDNOTOOLSPRIV if ($newuser) { $r->print(' onclick="auth_check()" \>'."\n"); } else { - $r->print('onclick="this.form.submit()" \>'."\n"); + $r->print(' onclick="this.form.submit()" \>'."\n"); } } else { $r->print(''. @@ -2129,11 +2157,20 @@ sub new_domain_roles { ''.&mt('Start').''.&mt('End').''. &Apache::loncommon::end_data_table_header_row(); my @allroles = &Apache::lonuserutils::roles_by_context('domain'); + my $uprimary = &Apache::lonnet::domain($env{'request.role.domain'},'primary'); + my $uintdom = &Apache::lonnet::internet_dom($uprimary); foreach my $thisdomain (sort(&Apache::lonnet::all_domains())) { foreach my $role (@allroles) { next if ($role eq 'ad'); next if (($role eq 'au') && ($ccdomain ne $thisdomain)); if (&Apache::lonnet::allowed('c'.$role,$thisdomain)) { + if ($role eq 'dc') { + unless ($thisdomain eq $env{'request.role.domain'}) { + my $domprim = &Apache::lonnet::domain($thisdomain,'primary'); + my $intdom = &Apache::lonnet::internet_dom($domprim); + next unless ($uintdom eq $intdom); + } + } my $plrole=&Apache::lonnet::plaintext($role); my %lt=&Apache::lonlocal::texthash( 'ssd' => "Set Start Date", @@ -2164,7 +2201,7 @@ sub new_domain_roles { } sub user_authentication { - my ($ccuname,$ccdomain,$formname) = @_; + my ($ccuname,$ccdomain,$formname,$crstype,$permission) = @_; my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain); my $outcome; my %lt=&Apache::lonlocal::texthash( @@ -2175,7 +2212,7 @@ sub user_authentication { 'ld' => "Login Data" ); # Check for a bad authentication type - if ($currentauth !~ /^(krb4|krb5|unix|internal|localauth):/) { + if ($currentauth !~ /^(krb4|krb5|unix|internal|localauth|lti):/) { # bad authentication scheme if (&Apache::lonnet::allowed('mau',$ccdomain)) { &initialize_authen_forms($ccdomain,$formname); @@ -2202,6 +2239,7 @@ $lt{'uuas'} ($currentauth). $lt{'adcs'}. ENDBADAUTH } } else { # Authentication type is valid + &initialize_authen_forms($ccdomain,$formname,$currentauth,'modifyuser'); my ($authformcurrent,$can_modify,@authform_others) = &modify_login_block($ccdomain,$currentauth); @@ -2236,6 +2274,43 @@ ENDBADAUTH } $outcome .= &Apache::loncommon::end_data_table(); } else { + if (($currentauth =~ /^internal:/) && + (&Apache::lonuserutils::can_change_internalpass($ccuname,$ccdomain,$crstype,$permission))) { + $outcome = <<"ENDJS"; + +ENDJS + + $outcome .= '

'.$lt{'ld'}.'

'. + &Apache::loncommon::start_data_table(). + &Apache::loncommon::start_data_table_row(). + ''.&mt('Internally authenticated').'
'.&mt("Change user's password?"). + ''.(' 'x2). + ''. + ''. + &Apache::loncommon::end_data_table_row(). + &Apache::loncommon::end_data_table(); + } if (&Apache::lonnet::allowed('udp',$ccdomain)) { # Current user has rights to view domain preferences for user's domain my $result; @@ -2253,6 +2328,8 @@ ENDBADAUTH $result = &mt('Currently using local (institutional) authentication.'); } elsif ($currentauth =~ /^unix:/) { $result = &mt('Currently Filesystem Authenticated.'); + } elsif ($currentauth =~ /^lti:/) { + $result = &mt('Currently LTI authenticated.'); } $outcome = '

'.$lt{'ld'}.'

'. &Apache::loncommon::start_data_table(). @@ -2291,6 +2368,9 @@ sub modify_login_block { if ($can_assign{'loc'}) { push(@authform_others,$authformloc); } + if ($can_assign{'lti'}) { + push(@authform_others,$authformlti); + } if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) { $show_override_msg = 1; } @@ -2302,6 +2382,9 @@ sub modify_login_block { if ($can_assign{'loc'}) { push(@authform_others,$authformloc); } + if ($can_assign{'lti'}) { + push(@authform_others,$authformlti); + } if ($can_assign{'int'}) { $show_override_msg = 1; } @@ -2316,6 +2399,9 @@ sub modify_login_block { if ($can_assign{'loc'}) { push(@authform_others,$authformloc); } + if ($can_assign{'lti'}) { + push(@authform_others,$authformlti); + } if ($can_assign{'fsys'}) { $show_override_msg = 1; } @@ -2327,9 +2413,23 @@ sub modify_login_block { if ($can_assign{'int'}) { push(@authform_others,$authformint); } + if ($can_assign{'lti'}) { + push(@authform_others,$authformlti); + } if ($can_assign{'loc'}) { $show_override_msg = 1; } + } elsif ($currentauth=~/^lti:/) { + $authformcurrent=$authformlti; + if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) { + push(@authform_others,$authformkrb); + } + if ($can_assign{'int'}) { + push(@authform_others,$authformint); + } + if ($can_assign{'loc'}) { + push(@authform_others,$authformloc); + } } if ($show_override_msg) { $authformcurrent = ''.&Apache::loncommon::end_data_table_row() .&Apache::loncommon::end_data_table(); @@ -7008,9 +7382,10 @@ ENDSCRIPT my ($nav_script,$nav_links); # table header - my $tableheader = '

'. + my $heading = '

'. &mt('User access logs for: [_1]', - &Apache::loncommon::aboutmewrapper(&Apache::loncommon::plainname($uname,$udom),$uname,$udom)).'

' + &Apache::loncommon::aboutmewrapper(&Apache::loncommon::plainname($uname,$udom),$uname,$udom)).''; + my $tableheader = $heading .&Apache::loncommon::start_data_table_header_row() .'' .'' @@ -7128,7 +7503,7 @@ ENDSCRIPT $r->print(&Apache::loncommon::end_data_table(). &userlogdisplay_navlinks(\%curr,$more_records)); } else { # No content displayed above - $r->print('

' + $r->print($heading.'

' .&mt('There are no records to display.') .'

'); } @@ -7178,7 +7553,7 @@ sub activity_display_filter { my $nolink = 1; my $output = '
'.$authformcurrent. @@ -2344,8 +2444,8 @@ sub modify_login_block { } sub personal_data_display { - my ($ccuname,$ccdomain,$newuser,$context,$inst_results,$rolesarray, - $now,$captchaform,$emailusername,$usertype,$usernameset,$condition,$excluded) = @_; + my ($ccuname,$ccdomain,$newuser,$context,$inst_results,$rolesarray,$now, + $captchaform,$emailusername,$usertype,$usernameset,$condition,$excluded,$showsubmit) = @_; my ($output,%userenv,%canmodify,%canmodify_status); my @userinfo = ('firstname','middlename','lastname','generation', 'permanentemail','id'); @@ -2428,7 +2528,7 @@ sub personal_data_display { } else { undef($condition); } - } + } if ($excluded) { unless ($excluded =~ /^\@[^\@]+$/) { undef($condition); @@ -2455,8 +2555,8 @@ sub personal_data_display { } $rowcount ++; $output .= &Apache::lonhtmlcommon::row_closure(1); - my $upassone = ''; - my $upasstwo = ''; + my $upassone = ''; + my $upasstwo = ''; $output .= &Apache::lonhtmlcommon::row_title(&mt('Password').'*', 'LC_pick_box_title', 'LC_oddrow_value')."\n". @@ -2468,12 +2568,13 @@ sub personal_data_display { $upasstwo. &Apache::lonhtmlcommon::row_closure()."\n"; if ($usernameset eq 'free') { - my $onclick = "toggleUsernameDisp(this,'selfcreateusername');"; + my $onclick = "toggleUsernameDisp(this,'selfcreateusername');"; $output .= &Apache::lonhtmlcommon::row_title($lt{'username'},undef,'LC_oddrow_value')."\n". - &mt('Use e-mail address: '). - ''."\n". - (' 'x2). - ''."\n". + ''.&mt('Use e-mail address: '). + ''.(' 'x2). + ''."\n". ''); } else { $r->print('
'.&mt('No information to display for this account request.').'
'); @@ -5215,7 +5540,8 @@ sub handler { ''.&mt('You do not have permission to view change logs').''); } } elsif ($env{'form.action'} eq 'helpdesk') { - if (($permission->{'owner'}) || ($permission->{'co-owner'})) { + if (($permission->{'owner'} || $permission->{'co-owner'}) && + ($permission->{'cusr'} || $permission->{'view'})) { if ($env{'form.state'} eq 'process') { if ($permission->{'owner'}) { &update_helpdeskaccess($r,$permission,$brcrum); @@ -5229,6 +5555,26 @@ sub handler { $r->print(&header(undef,{'no_nav_bar' => 1}). ''.&mt('You do not have permission to view helpdesk access').''); } + } elsif ($env{'form.action'} eq 'rolerequests') { + if ($permission->{cusr} || $permission->{view}) { + &print_queued_roles($r,$context,$permission,$brcrum); + } + } elsif ($env{'form.action'} eq 'queuedroles') { + if (($permission->{cusr}) && ($context eq 'domain')) { + if (&show_role_requests($context,$env{'request.role.domain'})) { + if ($env{'form.state'} eq 'done') { + &process_pendingroles($r,$context,$permission,$brcrum); + } else { + &print_pendingroles($r,$context,$permission,$brcrum); + } + } else { + $r->print(&header(undef,{'no_nav_bar' => 1}). + ''.&mt('Domain coordinator approval of requests from other domains for assignment of roles to users from this domain not in use.').''); + } + } else { + $r->print(&header(undef,{'no_nav_bar' => 1}). + ''.&mt('You do not have permission to view queued requests from other domains for assignment of roles to users from this domain.').''); + } } else { $bread_crumbs_component = 'User Management'; $args = { bread_crumbs => $brcrum, @@ -5480,6 +5826,7 @@ sub print_main_menu { listusers => 'Show and manage users in this community.', }, ); + if ($linkcontext eq 'domain') { unless ($permission->{'cusr'}) { $links{'domain'}{'singleuser'} = 'View a User'; @@ -5601,6 +5948,7 @@ sub print_main_menu { groups => 'Community Groups', }, ); + $linktext{'Placement'} = $linktext{'Course'}; my %linktitle = ( 'Course' => { @@ -5615,6 +5963,8 @@ sub print_main_menu { }, ); + $linktitle{'Placement'} = $linktitle{'Course'}; + push(@{ $menu[0]->{items} }, #Category: Single Users { linktext => $linktext{$crstype}{'single'}, @@ -5642,7 +5992,8 @@ sub print_main_menu { icon => 'helpdesk-access.png', #help => 'Course_Helpdesk_Access', url => '/adm/createuser?action=helpdesk', - permission => ($permission->{'owner'} || $permission->{'co-owner'}), + permission => (($permission->{'owner'} || $permission->{'co-owner'}) && + ($permission->{'view'} || $permission->{'cusr'})), linktitle => 'Helpdesk access options', }, { @@ -5721,6 +6072,28 @@ sub print_main_menu { }, ); } + push(@{ $menu[2]->{items} }, + { + linktext => 'Role Requests (other domains)', + icon => 'edit-find.png', + #help => 'Role_Requests', + url => '/adm/createuser?action=rolerequests', + permission => $permission->{'cusr'}, + linktitle => 'Role requests for users in other domains', + }, + ); + if (&show_role_requests($context,$env{'request.role.domain'})) { + push(@{ $menu[2]->{items} }, + { + linktext => 'Queued Role Assignments (this domain)', + icon => 'edit-find.png', + #help => 'Role_Approvals', + url => '/adm/createuser?action=queuedroles', + permission => $permission->{'cusr'}, + linktitle => "Role requests for this domain's users", + }, + ); + } return Apache::lonhtmlcommon::generate_menu(@menu); # { text => 'View Log-in History', # help => 'Course_User_Logins', @@ -6117,10 +6490,11 @@ ENDSCRIPT } elsif ($curr_types eq '') { $add_domtitle = &mt('Users in other domain:'); } + my ($trusted,$untrusted) = &Apache::lonnet::trusted_domains('enroll',$cdom); $output .= &Apache::loncommon::start_data_table_row() .'		'.$add_domtitle.'
' .&Apache::loncommon::select_dom_form('','selfenroll_newdom', - $includeempty,$showdomdesc,'','','',$readonly) + $includeempty,$showdomdesc,'',$trusted,$untrusted,$readonly) .'' .'		 '.&mt('When').'
'; my $startform = @@ -7265,14 +7640,10 @@ sub userlogdisplay_navlinks { sub role_display_filter { my ($context,$formname,$cdom,$cnum,$curr,$version,$crstype) = @_; - my $lctype; - if ($context eq 'course') { - $lctype = lc($crstype); - } my $nolink = 1; my $output = '
'. ''.&mt('Actions/page:').'
'. - &Apache::lonmeta::selectbox('show',$curr->{'show'},undef, + &Apache::lonmeta::selectbox('show',$curr->{'show'},'',undef, (&mt('all'),5,10,20,50,100,1000,10000)). '		  
'; my $startform = @@ -7296,7 +7667,7 @@ sub role_display_filter { if ($curr->{'role'} eq 'any') { $output .= ' selected="selected"'; } - $output .= '>'.&mt('Any').''."\n"; + $output .= '>'.&mt('Any').''."\n"; my @roles = &Apache::lonuserutils::roles_by_context($context,1,$crstype); foreach my $role (@roles) { my $plrole; @@ -7317,12 +7688,12 @@ sub role_display_filter { &mt('Context:').'
'. ''.&mt('Changes/page:').'
'. - &Apache::lonmeta::selectbox('show',$curr->{'show'},undef, + &Apache::lonmeta::selectbox('show',$curr->{'show'},'',undef, (&mt('all'),5,10,20,50,100,1000,10000)). '