--- loncom/interface/loncreateuser.pm 2002/08/23 19:43:11 1.42
+++ loncom/interface/loncreateuser.pm 2003/06/19 21:46:38 1.55
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Create a user
#
-# $Id: loncreateuser.pm,v 1.42 2002/08/23 19:43:11 matthew Exp $
+# $Id: loncreateuser.pm,v 1.55 2003/06/19 21:46:38 www Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -44,10 +44,9 @@
# 2/14,2/17,2/19,2/20,2/21,2/22,2/23,3/2,3/17,3/24,04/12 Gerd Kortemeyer
# April Guy Albertelli
# 05/10,10/16 Gerd Kortemeyer
-# 11/12,11/13,11/15 Scott Harrison
# 02/11/02 Matthew Hall
#
-# $Id: loncreateuser.pm,v 1.42 2002/08/23 19:43:11 matthew Exp $
+# $Id: loncreateuser.pm,v 1.55 2003/06/19 21:46:38 www Exp $
###
package Apache::loncreateuser;
@@ -55,6 +54,7 @@ package Apache::loncreateuser;
use strict;
use Apache::Constants qw(:common :http);
use Apache::lonnet;
+use Apache::loncommon;
my $loginscript; # piece of javascript used in two separate instances
my $generalrule;
@@ -71,15 +71,30 @@ BEGIN {
my %param = ( formname => 'document.cu',
kerb_def_dom => $krbdefdom
);
- $loginscript = &Apache::loncommon::authform_header(%param);
+# no longer static due to configurable kerberos defaults
+# $loginscript = &Apache::loncommon::authform_header(%param);
$generalrule = &Apache::loncommon::authform_authorwarning(%param);
$authformnop = &Apache::loncommon::authform_nochange(%param);
- $authformkrb = &Apache::loncommon::authform_kerberos(%param);
+# no longer static due to configurable kerberos defaults
+# $authformkrb = &Apache::loncommon::authform_kerberos(%param);
$authformint = &Apache::loncommon::authform_internal(%param);
$authformfsys = &Apache::loncommon::authform_filesystem(%param);
$authformloc = &Apache::loncommon::authform_local(%param);
}
+
+
+# ==================================================== Figure out author access
+
+sub authorpriv {
+ my ($auname,$audom)=@_;
+ if (($auname ne $ENV{'user.name'}) ||
+ (($audom ne $ENV{'user.domain'}) &&
+ ($audom ne $ENV{'request.role.domain'}))) { return ''; }
+ unless (&Apache::lonnet::allowed('cca',$audom)) { return ''; }
+ return 1;
+}
+
# =================================================================== Phase one
sub print_username_entry_form {
@@ -89,17 +104,24 @@ sub print_username_entry_form {
my $domform = &Apache::loncommon::select_dom_form($defdom,'ccdomain');
my $bodytag =&Apache::loncommon::bodytag(
'Create Users, Change User Privileges');
+ my $selscript=&Apache::loncommon::studentbrowser_javascript();
+ my $sellink=&Apache::loncommon::selectstudent_link
+ ('crtuser','ccuname','ccdomain');
$r->print(<<"ENDDOCUMENT");
The LearningOnline Network with CAPA
+$selscript
$bodytag
-
@@ -114,18 +136,21 @@ sub print_user_modification_page {
my $ccuname=$ENV{'form.ccuname'};
my $ccdomain=$ENV{'form.ccdomain'};
- $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/;
- my $krbdefdom=$1;
- $krbdefdom=~tr/a-z/A-Z/;
+ my $defdom=$ENV{'request.role.domain'};
+
+ my ($krbdef,$krbdefdom) =
+ &Apache::loncommon::get_kerberos_defaults($defdom);
+
my %param = ( formname => 'document.cu',
- kerb_def_dom => $krbdefdom
+ kerb_def_dom => $krbdefdom,
+ kerb_def_auth => $krbdef
);
$loginscript = &Apache::loncommon::authform_header(%param);
-
- my $defdom=$ENV{'request.role.domain'};
+ $authformkrb = &Apache::loncommon::authform_kerberos(%param);
$ccuname=~s/\W//g;
$ccdomain=~s/\W//g;
+ my $pjump_def = &Apache::lonhtmlcommon::pjump_javascript_definition();
my $dochead =<<"ENDDOCHEAD";
@@ -138,14 +163,7 @@ sub print_user_modification_page {
parmwin.close();
}
- function pjump(type,dis,value,marker,ret,call) {
- parmwin=window.open("/adm/rat/parameter.html?type="+escape(type)
- +"&value="+escape(value)+"&marker="+escape(marker)
- +"&return="+escape(ret)
- +"&call="+escape(call)+"&name="+escape(dis),"LONCAPAparms",
- "height=350,width=350,scrollbars=no,menubar=no");
-
- }
+ $pjump_def
function dateset() {
eval("document.cu."+document.cu.pres_marker.value+
@@ -170,7 +188,7 @@ ENDFORMINFO
my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain);
my %incdomains;
my %inccourses;
- foreach (%Apache::lonnet::hostdom) {
+ foreach (values(%Apache::lonnet::hostdom)) {
$incdomains{$_}=1;
}
foreach (keys(%ENV)) {
@@ -237,7 +255,7 @@ END
foreach ('firstname','middlename','lastname','generation') {
if (&Apache::lonnet::allowed('mau',$ccdomain)) {
$r->print(<<"END");
-
+
END
} else {
$r->print('
'.$userenv{$_}.'
');
@@ -255,7 +273,7 @@ END
Revoke Existing Roles
-
Revoke
Role
Extent
Start
End
+
Revoke
Delete
Role
Extent
Start
End
END
foreach my $area (keys(%rolesdump)) {
next if ($area =~ /^rolesdef/);
@@ -266,14 +284,26 @@ END
split(/_/,$role);
my $bgcol='ffffff';
my $allowed=0;
+ my $delallowed=0;
if ($area =~ /^\/(\w+)\/(\d\w+)/ ) {
my %coursedata=
&Apache::lonnet::coursedescription($1.'_'.$2);
- my $carea='Course: '.$coursedata{'description'};
+ my $carea;
+ if (defined($coursedata{'description'})) {
+ $carea='Course: '.$coursedata{'description'}.
+ ' Domain: '.$1;
+ } else {
+ $carea='Unavailable course: '.$area;
+ }
$inccourses{$1.'_'.$2}=1;
- if (&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) {
+ if ((&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) ||
+ (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) {
$allowed=1;
}
+ if ((&Apache::lonnet::allowed('dro',$1)) ||
+ (&Apache::lonnet::allowed('dro',$ccdomain))) {
+ $delallowed=1;
+ }
# Compute the background color based on $area
$bgcol=$1.'_'.$2;
$bgcol=~s/[^8-9b-e]//g;
@@ -285,27 +315,27 @@ END
} else {
# Determine if current user is able to revoke privileges
if ($area=~ /^\/(\w+)\//) {
- if (&Apache::lonnet::allowed('c'.$role_code,$1)) {
+ if ((&Apache::lonnet::allowed('c'.$role_code,$1)) ||
+ (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) {
$allowed=1;
}
+ if (((&Apache::lonnet::allowed('dro',$1)) ||
+ (&Apache::lonnet::allowed('dro',$ccdomain))) &&
+ ($role_code ne 'dc')) {
+ $delallowed=1;
+ }
} else {
if (&Apache::lonnet::allowed('c'.$role_code,'/')) {
$allowed=1;
}
}
}
- # I have no idea what the hell the above code does
- # So the following is a check:
- if ($allowed) {
- # If we are looking at a co-author role, make sure it is
- # for the current users construction space before we let
- # them revoke it.
- if (($role_code eq 'ca') &&
- ($ENV{'request.role'} !~ /^dc/)) {
- if ($area !~
- /^\/$ENV{'request.role.domain'}\/$ENV{'user.name'}/) {
- $allowed = 0;
- }
+ if ($role_code eq 'ca') {
+ $area=~/\/(\w+)\/(\w+)/;
+ if (&authorpriv($2,$1)) {
+ $allowed=1;
+ } else {
+ $allowed=0;
}
}
my $row = '';
@@ -317,6 +347,12 @@ END
} else {
$row.=' ';
}
+ $row.='