--- loncom/interface/loncreateuser.pm 2002/04/23 21:05:45 1.33 +++ loncom/interface/loncreateuser.pm 2003/02/03 18:03:52 1.47 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Create a user # -# $Id: loncreateuser.pm,v 1.33 2002/04/23 21:05:45 matthew Exp $ +# $Id: loncreateuser.pm,v 1.47 2003/02/03 18:03:52 harris41 Exp $ # # Copyright Michigan State University Board of Trustees # @@ -44,10 +44,9 @@ # 2/14,2/17,2/19,2/20,2/21,2/22,2/23,3/2,3/17,3/24,04/12 Gerd Kortemeyer # April Guy Albertelli # 05/10,10/16 Gerd Kortemeyer -# 11/12,11/13,11/15 Scott Harrison # 02/11/02 Matthew Hall # -# $Id: loncreateuser.pm,v 1.33 2002/04/23 21:05:45 matthew Exp $ +# $Id: loncreateuser.pm,v 1.47 2003/02/03 18:03:52 harris41 Exp $ ### package Apache::loncreateuser; @@ -80,27 +79,48 @@ BEGIN { $authformloc = &Apache::loncommon::authform_local(%param); } + + +# ==================================================== Figure out author access + +sub authorpriv { + my ($auname,$audom)=@_; + if (($auname ne $ENV{'user.name'}) || + (($audom ne $ENV{'user.domain'}) && + ($audom ne $ENV{'request.role.domain'}))) { return ''; } + unless (&Apache::lonnet::allowed('cca',$audom)) { return ''; } + return 1; +} + # =================================================================== Phase one -sub phase_one { +sub print_username_entry_form { my $r=shift; - my $defdom=$ENV{'user.domain'}; + my $defdom=$ENV{'request.role.domain'}; my @domains = &Apache::loncommon::get_domains(); my $domform = &Apache::loncommon::select_dom_form($defdom,'ccdomain'); + my $bodytag =&Apache::loncommon::bodytag( + 'Create Users, Change User Privileges'); + my $selscript=&Apache::loncommon::studentbrowser_javascript(); + my $sellink=&Apache::loncommon::selectstudent_link + ('crtuser','ccuname','ccdomain'); $r->print(<<"ENDDOCUMENT"); <html> <head> <title>The LearningOnline Network with CAPA</title> +$selscript </head> -<body bgcolor="#FFFFFF"> -<h1>Create User, Change User Privileges</h1> -<form action=/adm/createuser method=post> -<input type=hidden name=phase value=two> +$bodytag +<form action="/adm/createuser" method="post" name="crtuser"> +<input type="hidden" name="phase" value="get_user_info"> <p> -Username: <input type=text size=15 name=ccuname><br> -Domain: $domform +<table> +<tr><td>Username:</td><td><input type="text" size="15" name="ccuname"> +</td><td rowspan="2">$sellink</td></tr><tr><td> +Domain:</td><td>$domform</td></tr> +</table> </p> -<input type=submit value="Continue"> +<input type="submit" value="Continue"> </form> </body> </html> @@ -108,7 +128,7 @@ ENDDOCUMENT } # =================================================================== Phase two -sub phase_two { +sub print_user_modification_page { my $r=shift; my $ccuname=$ENV{'form.ccuname'}; my $ccdomain=$ENV{'form.ccdomain'}; @@ -121,7 +141,7 @@ sub phase_two { ); $loginscript = &Apache::loncommon::authform_header(%param); - my $defdom=$ENV{'user.domain'}; + my $defdom=$ENV{'request.role.domain'}; $ccuname=~s/\W//g; $ccdomain=~s/\W//g; @@ -154,12 +174,12 @@ sub phase_two { </script> </head> -<body bgcolor="#FFFFFF"> -<img align="right" src="/adm/lonIcons/lonlogos.gif"> ENDDOCHEAD + $r->print(&Apache::loncommon::bodytag( + 'Create Users, Change User Privileges')); my $forminfo =<<"ENDFORMINFO"; <form action="/adm/createuser" method="post" name="cu"> -<input type="hidden" name="phase" value="three"> +<input type="hidden" name="phase" value="update_user_data"> <input type="hidden" name="ccuname" value="$ccuname"> <input type="hidden" name="ccdomain" value="$ccdomain"> <input type="hidden" name="pres_value" value="" > @@ -250,84 +270,93 @@ END my ($tmp) = keys(%rolesdump); unless ($tmp =~ /^(con_lost|error)/i) { my $now=time; - $r->print('<hr /><h3>Revoke Existing Roles</h3>'. - '<table border=2><tr><th>Revoke</th><th>Role</th><th>Extent</th>'. - '<th>Start</th><th>End</th>'); + $r->print(<<END); +<hr /> +<h3>Revoke Existing Roles</h3> +<table border=2> +<tr><th>Revoke</th><th>Role</th><th>Extent</th><th>Start</th><th>End</th> +END foreach my $area (keys(%rolesdump)) { - if ($area!~/^rolesdef/) { - my $role = $rolesdump{$area}; - my $thisrole=$area; - $area=~s/\_\w\w$//; - my ($role_code,$role_end_time,$role_start_time) = - split(/_/,$role); - my $bgcol='ffffff'; - my $allows=0; - if ($area=~/^\/(\w+)\/(\d\w+)/) { - my %coursedata= - &Apache::lonnet::coursedescription($1.'_'.$2); - my $carea='Course: '.$coursedata{'description'}; - $inccourses{$1.'_'.$2}=1; - if (&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) { - $allows=1; - } - # Compute the background color based on $area - $bgcol=$1.'_'.$2; - $bgcol=~s/[^8-9b-e]//g; - $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6); - if ($area=~/^\/(\w+)\/(\d\w+)\/(\w+)/) { + next if ($area =~ /^rolesdef/); + my $role = $rolesdump{$area}; + my $thisrole=$area; + $area =~ s/\_\w\w$//; + my ($role_code,$role_end_time,$role_start_time) = + split(/_/,$role); + my $bgcol='ffffff'; + my $allowed=0; + if ($area =~ /^\/(\w+)\/(\d\w+)/ ) { + my %coursedata= + &Apache::lonnet::coursedescription($1.'_'.$2); + my $carea='Course: '.$coursedata{'description'}; + $inccourses{$1.'_'.$2}=1; + if (&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) { + $allowed=1; + } + # Compute the background color based on $area + $bgcol=$1.'_'.$2; + $bgcol=~s/[^8-9b-e]//g; + $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6); + if ($area=~/^\/(\w+)\/(\d\w+)\/(\w+)/) { $carea.='<br>Section/Group: '.$3; - } - $area=$carea; - } else { - # Determine if current user is able to revoke privileges - if ($area=~/^\/(\w+)\//) { - if (&Apache::lonnet::allowed('c'.$role_code,$1)) { - $allows=1; - } - } else { - if (&Apache::lonnet::allowed('c'.$role_code,'/')) { - $allows=1; - } - } - } - $r->print('<tr bgcolor=#"'.$bgcol.'"><td>'); - my $active=1; - $active=0 if (($role_end_time) && ($now>$role_end_time)); - if (($active) && ($allows)) { - $r->print('<input type="checkbox" name="rev:' - .$thisrole.'">'); - } else { - $r->print(' '); - } - $r->print('</td><td>'. - &Apache::lonnet::plaintext($role_code). - '</td><td>'.$area.'</td><td>'. - ($role_start_time ? localtime($role_start_time) - : ' ' ) - .'</td><td>'. - ($role_end_time ? localtime($role_end_time) - : ' ' ) - ."</td></tr>\n"); - } + } + $area=$carea; + } else { + # Determine if current user is able to revoke privileges + if ($area=~ /^\/(\w+)\//) { + if (&Apache::lonnet::allowed('c'.$role_code,$1)) { + $allowed=1; + } + } else { + if (&Apache::lonnet::allowed('c'.$role_code,'/')) { + $allowed=1; + } + } + } + if ($role_code eq 'ca') { + $area=~/\/(\w+)\/(\w+)/; + if (&authorpriv($2,$1)) { + $allowed=1; + } else { + $allowed=0; + } + } + my $row = ''; + $row.='<tr bgcolor=#"'.$bgcol.'"><td>'; + my $active=1; + $active=0 if (($role_end_time) && ($now>$role_end_time)); + if (($active) && ($allowed)) { + $row.= '<input type="checkbox" name="rev:'.$thisrole.'">'; + } else { + $row.=' '; + } + $row.= '</td><td>'.&Apache::lonnet::plaintext($role_code). + '</td><td>'.$area. + '</td><td>'.($role_start_time?localtime($role_start_time) + : ' ' ). + '</td><td>'.($role_end_time ?localtime($role_end_time) + : ' ' ) + ."</td></tr>\n"; + $r->print($row); } # end of foreach (table building loop) $r->print('</table>'); } # End of unless my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain); - if ($currentauth=~/^krb4:/) { - $currentauth=~/^krb4:(.*)/; - my $krbdefdom2=$1; + if ($currentauth=~/^krb(4|5):/) { + $currentauth=~/^krb(4|5):(.*)/; + my $krbdefdom=$1; my %param = ( formname => 'document.cu', kerb_def_dom => $krbdefdom ); $loginscript = &Apache::loncommon::authform_header(%param); } # Check for a bad authentication type - unless ($currentauth=~/^krb4:/ or + unless ($currentauth=~/^krb(4|5):/ or $currentauth=~/^unix:/ or $currentauth=~/^internal:/ or $currentauth=~/^localauth:/ ) { # bad authentication scheme - if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) { + if (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'})) { $r->print(<<ENDBADAUTH); <hr /> <script type="text/javascript" language="Javascript"> @@ -360,7 +389,7 @@ ENDBADAUTH } else { # Authentication type is valid my $authformcurrent=''; my $authform_other=''; - if ($currentauth=~/^krb4:/) { + if ($currentauth=~/^krb(4|5):/) { $authformcurrent=$authformkrb; $authform_other="<p>$authformint</p>\n". "<p>$authformfsys</p><p>$authformloc</p>"; @@ -390,7 +419,7 @@ ENDBADAUTH <td bgcolor='#cbbcbb'>Changing this value will overwrite existing authentication for the user; you should notify the user of this change.</td></tr> </table> ENDCURRENTAUTH - if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) { + if (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'})) { # Current user has login modification privileges $r->print(<<ENDOTHERAUTHS); <hr /> @@ -411,10 +440,11 @@ ENDOTHERAUTHS # # Co-Author # - - if (&Apache::lonnet::allowed('cca',$ENV{'user.domain'})) { + if (&authorpriv($ENV{'user.name'},$ENV{'request.role.domain'}) && + ($ENV{'user.name'} ne $ccuname || $ENV{'user.domain'} ne $ccdomain)) { + # No sense in assigning co-author role to yourself my $cuname=$ENV{'user.name'}; - my $cudom=$ENV{'user.domain'}; + my $cudom=$ENV{'request.role.domain'}; $r->print(<<ENDCOAUTH); <h4>Construction Space</h4> <table border=2><tr><th>Activate</th><th>Role</th><th>Extent</th> @@ -470,7 +500,7 @@ ENDDROW } # ================================================================= Phase Three -sub phase_three { +sub update_user_data { my $r=shift; my $uhome=&Apache::lonnet::homeserver($ENV{'form.ccuname'}, $ENV{'form.ccdomain'}); @@ -483,9 +513,14 @@ sub phase_three { <head> <title>The LearningOnline Network with CAPA</title> </head> -<body bgcolor="#FFFFFF"> -<img align="right" src="/adm/lonIcons/lonlogos.gif"> ENDTHREEHEAD + my $title; + if (exists($ENV{'form.makeuser'})) { + $title='Set Privileges for New User'; + } else { + $title='Modify User Privileges'; + } + $r->print(&Apache::loncommon::bodytag($title)); # Check Inputs if (! $ENV{'form.ccuname'} ) { $r->print($error.'No login name specified.'.$end); @@ -520,7 +555,8 @@ ENDTHREEHEAD my $amode=''; my $genpwd=''; if ($ENV{'form.login'} eq 'krb') { - $amode='krb4'; + $amode='krb'; + $amode.=$ENV{'form.krbver'}; $genpwd=$ENV{'form.krbarg'}; } elsif ($ENV{'form.login'} eq 'int') { $amode='internal'; @@ -532,6 +568,12 @@ ENDTHREEHEAD $amode='localauth'; $genpwd=$ENV{'form.locarg'}; $genpwd=" " if (!$genpwd); + } elsif (($ENV{'form.login'} eq 'nochange') || + ($ENV{'form.login'} eq '' )) { + # There is no need to tell the user we did not change what they + # did not ask us to change. + # If they are creating a new user but have not specified login + # information this will be caught below. } else { $r->print($error.'Invalid login mode or password'.$end); return; @@ -539,7 +581,6 @@ ENDTHREEHEAD if ($ENV{'form.makeuser'}) { # Create a new user $r->print(<<ENDNEWUSERHEAD); -<h1>Create User</h1> <h3>Creating user "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"</h2> ENDNEWUSERHEAD # Check for the authentication mode and password @@ -552,7 +593,7 @@ ENDNEWUSERHEAD if (lc($desiredhost) eq 'default') { $desiredhost = undef; } else { - my %home_servers = &Apache::loncommon::get_home_servers + my %home_servers = &Apache::loncommon::get_library_servers ($ENV{'form.ccdomain'}); if (! exists($home_servers{$desiredhost})) { $r->print($error.'Invalid home server specified'); @@ -571,10 +612,10 @@ ENDNEWUSERHEAD $ENV{'form.ccdomain'}); $r->print('<br>Home server: '.$home.' '. $Apache::lonnet::libserv{$home}); - } elsif ($ENV{'form.login'} ne '') { + } elsif (($ENV{'form.login'} ne 'nochange') && + ($ENV{'form.login'} ne '' )) { # Modify user privileges $r->print(<<ENDMODIFYUSERHEAD); -<h1>Change User Privileges</h1> <h2>User "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"</h2> ENDMODIFYUSERHEAD if (! $amode || ! $genpwd) { @@ -582,7 +623,7 @@ ENDMODIFYUSERHEAD return; } # Only allow authentification modification if the person has authority - if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) { + if (&Apache::lonnet::allowed('mau',$ENV{'form.ccdomain'})) { $r->print('Modifying authentication: '. &Apache::lonnet::modifyuserauth( $ENV{'form.ccdomain'},$ENV{'form.ccuname'}, @@ -756,17 +797,17 @@ sub handler { (&Apache::lonnet::allowed('cin',$ENV{'request.course.id'})) || (&Apache::lonnet::allowed('ccr',$ENV{'request.course.id'})) || (&Apache::lonnet::allowed('cep',$ENV{'request.course.id'})) || - (&Apache::lonnet::allowed('cca',$ENV{'user.domain'})) || - (&Apache::lonnet::allowed('mau',$ENV{'user.domain'}))) { + (&Apache::lonnet::allowed('cca',$ENV{'request.role.domain'})) || + (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'}))) { $r->content_type('text/html'); $r->send_http_header; unless ($ENV{'form.phase'}) { - &phase_one($r); + &print_username_entry_form($r); } - if ($ENV{'form.phase'} eq 'two') { - &phase_two($r); - } elsif ($ENV{'form.phase'} eq 'three') { - &phase_three($r); + if ($ENV{'form.phase'} eq 'get_user_info') { + &print_user_modification_page($r); + } elsif ($ENV{'form.phase'} eq 'update_user_data') { + &update_user_data($r); } } else { $ENV{'user.error.msg'}=