--- loncom/interface/loncreateuser.pm 2022/11/17 19:07:21 1.464
+++ loncom/interface/loncreateuser.pm 2022/11/23 02:55:37 1.465
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Create a user
#
-# $Id: loncreateuser.pm,v 1.464 2022/11/17 19:07:21 raeburn Exp $
+# $Id: loncreateuser.pm,v 1.465 2022/11/23 02:55:37 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -3977,7 +3977,13 @@ sub update_roles {
my ($r,$context,$showcredits) = @_;
my $now=time;
my @rolechanges;
- my %disallowed;
+ my (%disallowed,%got_role_approvals,%got_instdoms,%process_by,%instdoms,
+ %pending,%reject,%notifydc);
+ $got_role_approvals{$context} = '';
+ $process_by{$context} = {};
+ my @domroles = &Apache::lonuserutils::domain_roles();
+ my @cstrroles = &Apache::lonuserutils::construction_space_roles();
+ my @courseroles = &Apache::lonuserutils::roles_by_context('course',1);
$r->print(''.&mt('Modifying Roles').'
');
foreach my $key (keys(%env)) {
next if (! $env{$key});
@@ -4079,6 +4085,7 @@ sub update_roles {
if ($key=~/^form\.ren\:([^\_]+)\_([^\_\.]+)$/) {
my $url = $1;
my $role = $2;
+ my $id = $url.'_'.$role;
my $logmsg;
my $output;
if ($role eq 'st') {
@@ -4086,10 +4093,16 @@ sub update_roles {
my ($cdom,$cnum,$csec) = ($1,$2,$3);
my $credits;
if ($showcredits) {
- my $defaultcredits =
+ my $defaultcredits =
&Apache::lonuserutils::get_defaultcredits($cdom,$cnum);
$credits = &get_user_credits($defaultcredits,$cdom,$cnum);
}
+ unless ($udom eq $cdom) {
+ next if (&Apache::lonuserutils::restricted_dom($context,$id,$udom,
+ $uname,$role,$now,0,$cdom,$cnum,$csec,$credits,
+ \%process_by,\%instdoms,\%got_role_approvals,
+ \%got_instdoms,\%reject,\%pending,\%notifydc));
+ }
my $result = &Apache::loncommon::commit_studentrole(\$logmsg,$udom,$uname,$url,$role,$now,0,$cdom,$cnum,$csec,$context,$credits);
if (($result =~ /^error/) || ($result eq 'not_in_class') || ($result eq 'unknown_course') || ($result eq 'refused')) {
if ($result eq 'refused' && $logmsg) {
@@ -4105,6 +4118,22 @@ sub update_roles {
}
}
} else {
+ my ($cdom,$cnum,$csec);
+ if (grep(/^\Q$role\E$/,@cstrroles)) {
+ ($cdom,$cnum) = ($url =~ m{^/($match_domain)/($match_username)$});
+ } elsif (grep(/^\Q$role\E$/,@domroles)) {
+ ($cdom) = ($url =~ m{^/($match_domain)/$});
+ } elsif ($url =~ m-^/($match_domain)/($match_courseid)/?(\w*)$-) {
+ ($cdom,$cnum,$csec) = ($1,$2,$3);
+ }
+ if ($cdom ne '') {
+ unless ($udom eq $cdom) {
+ next if (&Apache::lonuserutils::restricted_dom($context,$id,$udom,
+ $uname,$role,$now,0,$cdom,$cnum,$csec,'',\%process_by,
+ \%instdoms,\%got_role_approvals,\%got_instdoms,\%reject,
+ \%pending,\%notifydc));
+ }
+ }
my $result=&Apache::lonnet::assignrole($env{'form.ccdomain'},
$env{'form.ccuname'},$url,$role,0,$now,'','',
$context);
@@ -4123,6 +4152,17 @@ sub update_roles {
# Re-enable custom role
if ($key=~m{^form\.ren\:([^_]+)_cr\.cr/($match_domain)/($match_username)/(\w+)$}) {
my ($url,$rdom,$rnam,$rolename) = ($1,$2,$3,$4);
+ my $id = $url.'_cr'."/$rdom/$rnam/$rolename";
+ my $role = "cr/$rdom/$rnam/$rolename";
+ if ($url =~ m-^/($match_domain)/($match_courseid)/?(\w*)$-) {
+ my ($cdom,$cnum,$csec) = ($1,$2,$3);
+ unless ($udom eq $cdom) {
+ next if (&Apache::lonuserutils::restricted_dom($context,$id,$udom,
+ $uname,$role,$now,0,$cdom,$cnum,$csec,'',\%process_by,
+ \%instdoms,\%got_role_approvals,\%got_instdoms,\%reject,
+ \%pending,\%notifydc));
+ }
+ }
my $result = &Apache::lonnet::assigncustomrole(
$env{'form.ccdomain'}, $env{'form.ccuname'},
$url,$rdom,$rnam,$rolename,0,$now,undef,$context);
@@ -4144,6 +4184,8 @@ sub update_roles {
# Activate a custom role
my ($one,$two,$three,$four,$five)=($1,$2,$3,$4,$5);
my $url='/'.$one.'/'.$two;
+ my $id = $url.'_cr/'."$three/$four/$five";
+ my $role = "cr/$three/$four/$five";
my $full=$one.'_'.$two.'_cr_cr_'.$three.'_'.$four.'_'.$five;
my $start = ( $env{'form.start_'.$full} ?
@@ -4152,15 +4194,22 @@ sub update_roles {
my $end = ( $env{'form.end_'.$full} ?
$env{'form.end_'.$full} :
0 );
-
+
# split multiple sections
my %sections = ();
my $num_sections = &build_roles($env{'form.sec_'.$full},\%sections,$five);
if ($num_sections == 0) {
+ unless ($udom eq $one) {
+ next if (&Apache::lonuserutils::restricted_dom($context,$id,$udom,
+ $uname,$role,$start,$end,$one,$two,'','',\%process_by,
+ \%instdoms,\%got_role_approvals,\%got_instdoms,\%reject,
+ \%pending,\%notifydc));
+ }
$r->print(&Apache::loncommon::commit_customrole($udom,$uname,$url,$three,$four,$five,$start,$end,$context));
} else {
my %curr_groups =
&Apache::longroup::coursegroups($one,$two);
+ my ($restricted,$numchanges);
foreach my $sec (sort {$a cmp $b} keys(%sections)) {
if (($sec eq 'none') || ($sec eq 'all') ||
exists($curr_groups{$sec})) {
@@ -4168,8 +4217,18 @@ sub update_roles {
next;
}
my $securl = $url.'/'.$sec;
+ my $secid = $securl.'_cr'."/$three/$four/$five";
+ undef($restricted);
+ unless ($udom eq $one) {
+ next if (&Apache::lonuserutils::restricted_dom($context,$secid,$udom,
+ $uname,$role,$start,$end,$one,$two,$sec,'',\%process_by,
+ \%instdoms,\%got_role_approvals,\%got_instdoms,\%reject,
+ \%pending,\%notifydc));
+ }
+ $numchanges ++;
$r->print(&Apache::loncommon::commit_customrole($udom,$uname,$securl,$three,$four,$five,$start,$end,$context));
}
+ next unless ($numchanges);
}
if (!grep(/^cr$/,@rolechanges)) {
push(@rolechanges,'cr');
@@ -4185,11 +4244,12 @@ sub update_roles {
$env{'form.end_'.$one.'_'.$two.'_'.$three} :
0 );
my $url='/'.$one.'/'.$two;
+ my $id = $url.'_'.$three;
my $type = 'three';
# split multiple sections
my %sections = ();
my $num_sections = &build_roles($env{'form.sec_'.$one.'_'.$two.'_'.$three},\%sections,$three);
- my $credits;
+ my ($credits,$numchanges);
if ($three eq 'st') {
if ($showcredits) {
my $defaultcredits =
@@ -4202,11 +4262,19 @@ sub update_roles {
}
}
if ($num_sections == 0) {
+ unless ($udom eq $one) {
+ next if (&Apache::lonuserutils::restricted_dom($context,$id,$udom,
+ $uname,$three,$start,$end,$one,$two,'',$credits,\%process_by,
+ \%instdoms,\%got_role_approvals,\%got_instdoms,\%reject,
+ \%pending,\%notifydc));
+ }
+ $numchanges ++;
$r->print(&Apache::loncommon::commit_standardrole($udom,$uname,$url,$three,$start,$end,$one,$two,'',$context,$credits));
} else {
my %curr_groups =
&Apache::longroup::coursegroups($one,$two);
my $emptysec = 0;
+ my $restricted;
foreach my $sec (sort {$a cmp $b} keys(%sections)) {
$sec =~ s/\W//g;
if ($sec ne '') {
@@ -4216,14 +4284,34 @@ sub update_roles {
next;
}
my $securl = $url.'/'.$sec;
+ my $secid = $securl.'_'.$three;
+ unless ($udom eq $one) {
+ undef($restricted);
+ $restricted = &Apache::lonuserutils::restricted_dom($context,$secid,$udom,
+ $uname,$three,$start,$end,$one,$two,$sec,$credits,\%process_by,
+ \%instdoms,\%got_role_approvals,\%got_instdoms,\%reject,
+ \%pending,\%notifydc);
+ next if ($restricted);
+ }
+ $numchanges ++;
$r->print(&Apache::loncommon::commit_standardrole($udom,$uname,$securl,$three,$start,$end,$one,$two,$sec,$context,$credits));
} else {
$emptysec = 1;
}
}
if ($emptysec) {
+ unless ($udom eq $one) {
+ undef($restricted);
+ $restricted = &Apache::lonuserutils::restricted_dom($context,$id,$udom,
+ $uname,$three,$start,$end,$one,$two,'',$credits,\%process_by,
+ \%instdoms,\%got_role_approvals,\%got_instdoms,\%reject,
+ \%pending,\%notifydc);
+ next if ($restricted);
+ }
+ $numchanges ++;
$r->print(&Apache::loncommon::commit_standardrole($udom,$uname,$url,$three,$start,$end,$one,$two,'',$context,$credits));
}
+ next unless ($numchanges);
}
if (!grep(/^\Q$three\E$/,@rolechanges)) {
push(@rolechanges,$three);
@@ -4240,24 +4328,54 @@ sub update_roles {
my $one = $1;
my $two = $2;
my $url='/'.$one.'/';
+ my $id = $url.'_'.$two;
# split multiple sections
my %sections = ();
+ my ($restricted,$numchanges);
my $num_sections = &build_roles($env{'form.sec_'.$one.'_'.$two},\%sections,$two);
if ($num_sections == 0) {
+ unless ($udom eq $one) {
+ $restricted = &Apache::lonuserutils::restricted_dom($context,$id,$udom,
+ $uname,$two,$start,$end,$one,$two,'','',\%process_by,
+ \%instdoms,\%got_role_approvals,\%got_instdoms,\%reject,
+ \%pending,\%notifydc);
+ next if ($restricted);
+ }
+ $numchanges ++;
$r->print(&Apache::loncommon::commit_standardrole($udom,$uname,$url,$two,$start,$end,$one,undef,'',$context));
} else {
my $emptysec = 0;
foreach my $sec (sort {$a cmp $b} keys(%sections)) {
if ($sec ne '') {
my $securl = $url.'/'.$sec;
+ my $secid = $securl.'_'.$two;
+ unless ($udom eq $one) {
+ undef($restricted);
+ $restricted = &Apache::lonuserutils::restricted_dom($context,$secid,$udom,
+ $uname,$two,$start,$end,$one,$two,$sec,'',\%process_by,
+ \%instdoms,\%got_role_approvals,\%got_instdoms,\%reject,
+ \%pending,\%notifydc);
+ next if ($restricted);
+ }
+ $numchanges ++;
$r->print(&Apache::loncommon::commit_standardrole($udom,$uname,$securl,$two,$start,$end,$one,undef,$sec,$context));
} else {
$emptysec = 1;
}
}
if ($emptysec) {
+ unless ($udom eq $one) {
+ undef($restricted);
+ $restricted = &Apache::lonuserutils::restricted_dom($context,$id,$udom,
+ $uname,$two,$start,$end,$one,$two,'','',\%process_by,
+ \%instdoms,\%got_role_approvals,\%got_instdoms,\%reject,
+ \%pending,\%notifydc);
+ next if ($restricted);
+ }
+ $numchanges ++;
$r->print(&Apache::loncommon::commit_standardrole($udom,$uname,$url,$two,$start,$end,$one,undef,'',$context));
}
+ next unless ($numchanges);
}
if (!grep(/^\Q$two\E$/,@rolechanges)) {
push(@rolechanges,$two);
@@ -4281,6 +4399,12 @@ sub update_roles {
}
}
} # End of foreach (keys(%env))
+ if (keys(%reject)) {
+ $r->print(&Apache::lonuserutils::print_roles_rejected($context,\%reject));
+ }
+ if (keys(%pending)) {
+ $r->print(&Apache::lonuserutils::print_roles_queued($context,\%pending,\%notifydc));
+ }
# Flush the course logs so reverse user roles immediately updated
$r->register_cleanup(\&Apache::lonnet::flushcourselogs);
if (@rolechanges == 0) {
@@ -4335,11 +4459,34 @@ sub enroll_single_student {
}
}
}
+ my ($startdate,$enddate) = &Apache::lonuserutils::get_dates_from_form();
+ my (%got_role_approvals,%got_instdoms,%process_by,%instdoms,%pending,%reject,%notifydc);
+ unless ($env{'form.ccdomain'} eq $env{'course.'.$env{'request.course.id'}.'.domain'}) {
+ my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+ my $csec = $env{'form.sections'};
+ my $id = "/$cdom/$cnum";
+ if ($csec ne '') {
+ $id .= "/$csec";
+ }
+ $id .= '_st';
+ if (&Apache::lonuserutils::restricted_dom($context,$id,$env{'form.ccdomain'},$env{'form.ccuname'},
+ 'st',$startdate,$enddate,$cdom,$cnum,$csec,$credits,
+ \%process_by,\%instdoms,\%got_role_approvals,\%got_instdoms,
+ \%reject,\%pending,\%notifydc)) {
+ if (keys(%reject)) {
+ $r->print(&Apache::lonuserutils::print_roles_rejected($context,\%reject));
+ }
+ if (keys(%pending)) {
+ $r->print(&Apache::lonuserutils::print_roles_queued($context,\%pending,\%notifydc));
+ }
+ return;
+ }
+ }
# Clean out any old student roles the user has in this class.
&Apache::lonuserutils::modifystudent($env{'form.ccdomain'},
$env{'form.ccuname'},$env{'request.course.id'},undef,$uhome);
- my ($startdate,$enddate) = &Apache::lonuserutils::get_dates_from_form();
my $enroll_result =
&Apache::lonnet::modify_student_enrollment($env{'form.ccdomain'},
$env{'form.ccuname'},$env{'form.cid'},$env{'form.cfirstname'},
@@ -4701,6 +4848,31 @@ sub set_custom_role {
);
}
+sub show_role_requests {
+ my ($caller,$dom) = @_;
+ my $showrolereqs;
+ my %domconfig = &Apache::lonnet::get_dom('configuration',['privacy'],$dom);
+ if (ref($domconfig{'privacy'}) eq 'HASH') {
+ if (ref($domconfig{'privacy'}{'approval'}) eq 'HASH') {
+ my %approvalconf = %{$domconfig{'privacy'}{'approval'}};
+ foreach my $key ('instdom','extdom') {
+ if (ref($approvalconf{$key}) eq 'HASH') {
+ if (keys(%{$approvalconf{$key}})) {
+ foreach my $context ('domain','author','course','community') {
+ if ($approvalconf{$key}{$context} eq $caller) {
+ $showrolereqs = 1;
+ last if ($showrolereqs);
+ }
+ }
+ }
+ }
+ last if ($showrolereqs);
+ }
+ }
+ }
+ return $showrolereqs;
+}
+
# ================================================================ Main Handler
sub handler {
my $r = shift;
@@ -5381,6 +5553,26 @@ sub handler {
$r->print(&header(undef,{'no_nav_bar' => 1}).
''.&mt('You do not have permission to view helpdesk access').'');
}
+ } elsif ($env{'form.action'} eq 'rolerequests') {
+ if ($permission->{cusr} || $permission->{view}) {
+ &print_queued_roles($r,$context,$permission,$brcrum);
+ }
+ } elsif ($env{'form.action'} eq 'queuedroles') {
+ if (($permission->{cusr}) && ($context eq 'domain')) {
+ if (&show_role_requests($context,$env{'request.role.domain'})) {
+ if ($env{'form.state'} eq 'done') {
+ &process_pendingroles($r,$context,$permission,$brcrum);
+ } else {
+ &print_pendingroles($r,$context,$permission,$brcrum);
+ }
+ } else {
+ $r->print(&header(undef,{'no_nav_bar' => 1}).
+ ''.&mt('Domain coordinator approval of requests from other domains for assignment of roles to users from this domain not in use.').'');
+ }
+ } else {
+ $r->print(&header(undef,{'no_nav_bar' => 1}).
+ ''.&mt('You do not have permission to view queued requests from other domains for assignment of roles to users from this domain.').'');
+ }
} else {
$bread_crumbs_component = 'User Management';
$args = { bread_crumbs => $brcrum,
@@ -5632,6 +5824,7 @@ sub print_main_menu {
listusers => 'Show and manage users in this community.',
},
);
+
if ($linkcontext eq 'domain') {
unless ($permission->{'cusr'}) {
$links{'domain'}{'singleuser'} = 'View a User';
@@ -5877,6 +6070,28 @@ sub print_main_menu {
},
);
}
+ push(@{ $menu[2]->{items} },
+ {
+ linktext => 'Role Requests (other domains)',
+ icon => 'edit-find.png',
+ #help => 'Role_Requests',
+ url => '/adm/createuser?action=rolerequests',
+ permission => $permission->{'cusr'},
+ linktitle => 'Role requests for users in other domains',
+ },
+ );
+ if (&show_role_requests($context,$env{'request.role.domain'})) {
+ push(@{ $menu[2]->{items} },
+ {
+ linktext => 'Queued Role Assignments (this domain)',
+ icon => 'edit-find.png',
+ #help => 'Role_Approvals',
+ url => '/adm/createuser?action=queuedroles',
+ permission => $permission->{'cusr'},
+ linktitle => "Role requests for this domain's users",
+ },
+ );
+ }
return Apache::lonhtmlcommon::generate_menu(@menu);
# { text => 'View Log-in History',
# help => 'Course_User_Logins',
@@ -7961,6 +8176,67 @@ ENDJS
return;
}
+sub print_queued_roles {
+ my ($r,$context,$permission,$brcrum) = @_;
+ push (@{$brcrum},
+ {href => '/adm/createuser?action=rolerequests',
+ text => 'Role Requests (other domains)',
+ help => ''});
+ my $bread_crumbs_component = 'Role Requests';
+ my $args = { bread_crumbs => $brcrum,
+ bread_crumbs_component => $bread_crumbs_component};
+ # print page header
+ $r->print(&header('',$args));
+ my ($dom,$cnum);
+ $dom = $env{'request.role.domain'};
+ if ($context eq 'course') {
+ if ($env{'request.course.id'}) {
+ if (&Apache::loncommon::course_type() eq 'Community') {
+ $context = 'community';
+ }
+ $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+ }
+ } elsif ($context eq 'author') {
+ $cnum = $env{'user.name'};
+ }
+ $r->print(&Apache::loncoursequeueadmin::display_queued_requests('othdomqueue',$dom,$cnum,$context));
+ return;
+}
+
+sub print_pendingroles {
+ my ($r,$context,$permission,$brcrum) = @_;
+ push (@{$brcrum},
+ {href => '/adm/createuser?action=queuedroles',
+ text => 'Queued Role Assignments (users in this domain)',
+ help => ''});
+ my $bread_crumbs_component = 'Queued Role Assignments';
+ my $args = { bread_crumbs => $brcrum,
+ bread_crumbs_component => $bread_crumbs_component};
+ # print page header
+ $r->print(&header('',$args));
+ $r->print(&Apache::loncoursequeueadmin::display_queued_requests('othdomaction',$env{'request.role.domain'},'','domain'));
+ return;
+}
+
+sub process_pendingroles {
+ my ($r,$context,$permission,$brcrum) = @_;
+ push (@{$brcrum},
+ {href => '/adm/createuser?action=queuedroles',
+ text => 'Queued Role Assignments (users in this domain)',
+ help => ''},
+ {href => '/adm/createuser?action=processrolereq',
+ text => 'Process Queue',
+ help => ''});
+ my $bread_crumbs_component = 'Queued Role Assignments';
+ my $args = { bread_crumbs => $brcrum,
+ bread_crumbs_component => $bread_crumbs_component};
+ # print page header
+ $r->print(&header('',$args));
+ $r->print(&Apache::loncoursequeueadmin::update_request_queue('othdombydc',
+ $env{'request.role.domain'}));
+ return;
+}
+
sub domain_adhoc_access {
my ($roles,$domcurrent,$accesstypes,$usertypes,$othertitle) = @_;
my %domusage;