--- loncom/interface/loncreateuser.pm 2002/04/29 14:47:57 1.35 +++ loncom/interface/loncreateuser.pm 2003/07/25 01:18:04 1.66 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Create a user # -# $Id: loncreateuser.pm,v 1.35 2002/04/29 14:47:57 matthew Exp $ +# $Id: loncreateuser.pm,v 1.66 2003/07/25 01:18:04 bowersj2 Exp $ # # Copyright Michigan State University Board of Trustees # @@ -25,36 +25,44 @@ # # http://www.lon-capa.org/ # -# (Create a course -# (My Desk -# -# (Internal Server Error Handler -# -# (Login Screen -# 5/21/99,5/22,5/25,5/26,5/31,6/2,6/10,7/12,7/14, -# 1/14/00,5/29,5/30,6/1,6/29,7/1,11/9 Gerd Kortemeyer) -# -# YEAR=2001 -# 3/1/1 Gerd Kortemeyer) -# -# 3/1 Gerd Kortemeyer) -# -# 2/14 Gerd Kortemeyer) -# -# 2/14,2/17,2/19,2/20,2/21,2/22,2/23,3/2,3/17,3/24,04/12 Gerd Kortemeyer -# April Guy Albertelli -# 05/10,10/16 Gerd Kortemeyer -# 11/12,11/13,11/15 Scott Harrison -# 02/11/02 Matthew Hall -# -# $Id: loncreateuser.pm,v 1.35 2002/04/29 14:47:57 matthew Exp $ ### package Apache::loncreateuser; +=pod + +=head1 NAME + +Apache::loncreateuser - handler to create users and custom roles + +=head1 SYNOPSIS + +Apache::loncreateuser provides an Apache handler for creating users, + editing their login parameters, roles, and removing roles, and + also creating and assigning custom roles. + +=head1 OVERVIEW + +=head2 Custom Roles + +In LON-CAPA, roles are actually collections of privileges. "Teaching +Assistant", "Course Coordinator", and other such roles are really just +collection of privileges that are useful in many circumstances. + +Creating custom roles can be done by the Domain Coordinator through +the Create User functionality. That screen will show all privileges +that can be assigned to users. For a complete list of privileges, +please see C</home/httpd/lonTabs/rolesplain.tab>. + +Custom role definitions are stored in the C<roles.db> file of the role +author. + +=cut + use strict; use Apache::Constants qw(:common :http); use Apache::lonnet; +use Apache::loncommon; my $loginscript; # piece of javascript used in two separate instances my $generalrule; @@ -71,60 +79,113 @@ BEGIN { my %param = ( formname => 'document.cu', kerb_def_dom => $krbdefdom ); - $loginscript = &Apache::loncommon::authform_header(%param); +# no longer static due to configurable kerberos defaults +# $loginscript = &Apache::loncommon::authform_header(%param); $generalrule = &Apache::loncommon::authform_authorwarning(%param); $authformnop = &Apache::loncommon::authform_nochange(%param); - $authformkrb = &Apache::loncommon::authform_kerberos(%param); +# no longer static due to configurable kerberos defaults +# $authformkrb = &Apache::loncommon::authform_kerberos(%param); $authformint = &Apache::loncommon::authform_internal(%param); $authformfsys = &Apache::loncommon::authform_filesystem(%param); $authformloc = &Apache::loncommon::authform_local(%param); } + +# ======================================================= Existing Custom Roles + +sub my_custom_roles { + my %returnhash=(); + my %rolehash=&Apache::lonnet::dump('roles'); + foreach (keys %rolehash) { + if ($_=~/^rolesdef\_(\w+)$/) { + $returnhash{$1}=$1; + } + } + return %returnhash; +} + +# ==================================================== Figure out author access + +sub authorpriv { + my ($auname,$audom)=@_; + if (($auname ne $ENV{'user.name'}) || + (($audom ne $ENV{'user.domain'}) && + ($audom ne $ENV{'request.role.domain'}))) { return ''; } + unless (&Apache::lonnet::allowed('cca',$audom)) { return ''; } + return 1; +} + # =================================================================== Phase one -sub phase_one { +sub print_username_entry_form { my $r=shift; - my $defdom=$ENV{'user.domain'}; + my $defdom=$ENV{'request.role.domain'}; my @domains = &Apache::loncommon::get_domains(); my $domform = &Apache::loncommon::select_dom_form($defdom,'ccdomain'); + my $bodytag =&Apache::loncommon::bodytag( + 'Create Users, Change User Privileges'); + my $selscript=&Apache::loncommon::studentbrowser_javascript(); + my $sellink=&Apache::loncommon::selectstudent_link + ('crtuser','ccuname','ccdomain'); + my %existingroles=&my_custom_roles(); + my $choice=&Apache::loncommon::select_form('make new role','rolename', + ('make new role' => 'Generate new role ...',%existingroles)); $r->print(<<"ENDDOCUMENT"); <html> <head> <title>The LearningOnline Network with CAPA</title> +$selscript </head> -<body bgcolor="#FFFFFF"> -<h1>Create User, Change User Privileges</h1> -<form action=/adm/createuser method=post> -<input type=hidden name=phase value=two> -<p> -Username: <input type=text size=15 name=ccuname><br> -Domain: $domform -</p> -<input type=submit value="Continue"> +$bodytag +<form action="/adm/createuser" method="post" name="crtuser"> +<input type="hidden" name="phase" value="get_user_info"> +<h2>Set Individual User Roles</h2> +<table> +<tr><td>Username:</td><td><input type="text" size="15" name="ccuname"> +</td><td rowspan="2">$sellink</td></tr><tr><td> +Domain:</td><td>$domform</td></tr> +</table> +<input name="userrole" type="submit" value="User Roles" /> </form> +<form action="/adm/createuser" method="post" name="docustom"> +<input type="hidden" name="phase" value="selected_custom_edit"> +<h2>Edit Custom Role Privileges</h2> +Name of Role: $choice <input type="text" size="15" name="newrolename" /><br /> +<input name="customeditor" type="submit" value="Custom Role Editor" /> </body> </html> ENDDOCUMENT } # =================================================================== Phase two -sub phase_two { +sub print_user_modification_page { my $r=shift; my $ccuname=$ENV{'form.ccuname'}; my $ccdomain=$ENV{'form.ccdomain'}; - $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/; - my $krbdefdom=$1; - $krbdefdom=~tr/a-z/A-Z/; + $ccuname=~s/\W//gs; + $ccdomain=~s/\W//gs; + + unless (($ccuname) && ($ccdomain)) { + &print_username_entry_form($r); + return; + } + + my $defdom=$ENV{'request.role.domain'}; + + my ($krbdef,$krbdefdom) = + &Apache::loncommon::get_kerberos_defaults($defdom); + my %param = ( formname => 'document.cu', - kerb_def_dom => $krbdefdom + kerb_def_dom => $krbdefdom, + kerb_def_auth => $krbdef ); $loginscript = &Apache::loncommon::authform_header(%param); - - my $defdom=$ENV{'user.domain'}; + $authformkrb = &Apache::loncommon::authform_kerberos(%param); $ccuname=~s/\W//g; $ccdomain=~s/\W//g; + my $pjump_def = &Apache::lonhtmlcommon::pjump_javascript_definition(); my $dochead =<<"ENDDOCHEAD"; <html> <head> @@ -137,14 +198,7 @@ sub phase_two { parmwin.close(); } - function pjump(type,dis,value,marker,ret,call) { - parmwin=window.open("/adm/rat/parameter.html?type="+escape(type) - +"&value="+escape(value)+"&marker="+escape(marker) - +"&return="+escape(ret) - +"&call="+escape(call)+"&name="+escape(dis),"LONCAPAparms", - "height=350,width=350,scrollbars=no,menubar=no"); - - } + $pjump_def function dateset() { eval("document.cu."+document.cu.pres_marker.value+ @@ -154,12 +208,12 @@ sub phase_two { </script> </head> -<body bgcolor="#FFFFFF"> -<img align="right" src="/adm/lonIcons/lonlogos.gif"> ENDDOCHEAD + $r->print(&Apache::loncommon::bodytag( + 'Create Users, Change User Privileges')); my $forminfo =<<"ENDFORMINFO"; <form action="/adm/createuser" method="post" name="cu"> -<input type="hidden" name="phase" value="three"> +<input type="hidden" name="phase" value="update_user_data"> <input type="hidden" name="ccuname" value="$ccuname"> <input type="hidden" name="ccdomain" value="$ccdomain"> <input type="hidden" name="pres_value" value="" > @@ -169,7 +223,7 @@ ENDFORMINFO my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain); my %incdomains; my %inccourses; - foreach (%Apache::lonnet::hostdom) { + foreach (values(%Apache::lonnet::hostdom)) { $incdomains{$_}=1; } foreach (keys(%ENV)) { @@ -218,7 +272,7 @@ ENDNEWUSER $dochead <h1>Change User Privileges</h1> $forminfo -<h2>User "$ccuname" in domain $ccdomain </h2> +<h2>User "$ccuname" in domain "$ccdomain"</h2> ENDCHANGEUSER # Get the users information my %userenv = &Apache::lonnet::get('environment', @@ -236,7 +290,7 @@ END foreach ('firstname','middlename','lastname','generation') { if (&Apache::lonnet::allowed('mau',$ccdomain)) { $r->print(<<"END"); -<td><input type="text" name="c$_" value="$userenv{$_}" size="15"/></td> +<td><input type="text" name="c$_" value="$userenv{$_}" size="15" /></td> END } else { $r->print('<td>'.$userenv{$_}.'</td>'); @@ -250,84 +304,141 @@ END my ($tmp) = keys(%rolesdump); unless ($tmp =~ /^(con_lost|error)/i) { my $now=time; - $r->print('<hr /><h3>Revoke Existing Roles</h3>'. - '<table border=2><tr><th>Revoke</th><th>Role</th><th>Extent</th>'. - '<th>Start</th><th>End</th>'); - foreach my $area (keys(%rolesdump)) { - if ($area!~/^rolesdef/) { - my $role = $rolesdump{$area}; - my $thisrole=$area; - $area=~s/\_\w\w$//; - my ($role_code,$role_end_time,$role_start_time) = - split(/_/,$role); - my $bgcol='ffffff'; - my $allows=0; - if ($area=~/^\/(\w+)\/(\d\w+)/) { - my %coursedata= - &Apache::lonnet::coursedescription($1.'_'.$2); - my $carea='Course: '.$coursedata{'description'}; - $inccourses{$1.'_'.$2}=1; - if (&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) { - $allows=1; - } - # Compute the background color based on $area - $bgcol=$1.'_'.$2; - $bgcol=~s/[^8-9b-e]//g; - $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6); - if ($area=~/^\/(\w+)\/(\d\w+)\/(\w+)/) { + $r->print(<<END); +<hr /> +<h3>Revoke Existing Roles</h3> +<table border=2> +<tr><th>Revoke</th><th>Delete</th><th>Role</th><th>Extent</th><th>Start</th><th>End</th> +END + foreach my $area (sort keys(%rolesdump)) { + next if ($area =~ /^rolesdef/); + my $role = $rolesdump{$area}; + my $thisrole=$area; + $area =~ s/\_\w\w$//; + my ($role_code,$role_end_time,$role_start_time) = + split(/_/,$role); +# Is this a custom role? Get role owner and title. + my ($croleudom,$croleuname,$croletitle)= + ($role_code=~/^cr\/(\w+)\/(\w+)\/(\w+)$/); + my $bgcol='ffffff'; + my $allowed=0; + my $delallowed=0; + if ($area =~ /^\/(\w+)\/(\d\w+)/ ) { + my ($coursedom,$coursedir) = ($1,$2); + # $1.'_'.$2 is the course id (eg. 103_12345abcef103l3). + my %coursedata= + &Apache::lonnet::coursedescription($1.'_'.$2); + my $carea; + if (defined($coursedata{'description'})) { + $carea='Course: '.$coursedata{'description'}. + '<br />Domain: '.$coursedom.(' 'x8). + &Apache::loncommon::syllabuswrapper('Syllabus',$coursedir,$coursedom); + } else { + $carea='Unavailable course: '.$area; + } + $inccourses{$1.'_'.$2}=1; + if ((&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) || + (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) { + $allowed=1; + } + if ((&Apache::lonnet::allowed('dro',$1)) || + (&Apache::lonnet::allowed('dro',$ccdomain))) { + $delallowed=1; + } +# - custom role. Needs more info, too + if ($croletitle) { + if (&Apache::lonnet::allowed('ccr',$1.'/'.$2)) { + $allowed=1; + $thisrole.='.'.$role_code; + } + } + # Compute the background color based on $area + $bgcol=$1.'_'.$2; + $bgcol=~s/[^7-9a-e]//g; + $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',2,6); + if ($area=~/^\/(\w+)\/(\d\w+)\/(\w+)/) { $carea.='<br>Section/Group: '.$3; - } - $area=$carea; - } else { - # Determine if current user is able to revoke privileges - if ($area=~/^\/(\w+)\//) { - if (&Apache::lonnet::allowed('c'.$role_code,$1)) { - $allows=1; - } - } else { - if (&Apache::lonnet::allowed('c'.$role_code,'/')) { - $allows=1; - } - } - } - $r->print('<tr bgcolor=#"'.$bgcol.'"><td>'); - my $active=1; - $active=0 if (($role_end_time) && ($now>$role_end_time)); - if (($active) && ($allows)) { - $r->print('<input type="checkbox" name="rev:' - .$thisrole.'">'); - } else { - $r->print(' '); - } - $r->print('</td><td>'. - &Apache::lonnet::plaintext($role_code). - '</td><td>'.$area.'</td><td>'. - ($role_start_time ? localtime($role_start_time) - : ' ' ) - .'</td><td>'. - ($role_end_time ? localtime($role_end_time) - : ' ' ) - ."</td></tr>\n"); - } + } + $area=$carea; + } else { + # Determine if current user is able to revoke privileges + if ($area=~ /^\/(\w+)\//) { + if ((&Apache::lonnet::allowed('c'.$role_code,$1)) || + (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) { + $allowed=1; + } + if (((&Apache::lonnet::allowed('dro',$1)) || + (&Apache::lonnet::allowed('dro',$ccdomain))) && + ($role_code ne 'dc')) { + $delallowed=1; + } + } else { + if (&Apache::lonnet::allowed('c'.$role_code,'/')) { + $allowed=1; + } + } + } + if ($role_code eq 'ca') { + $area=~/\/(\w+)\/(\w+)/; + if (&authorpriv($2,$1)) { + $allowed=1; + } else { + $allowed=0; + } + } + my $row = ''; + $row.='<tr bgcolor="#'.$bgcol.'"><td>'; + my $active=1; + $active=0 if (($role_end_time) && ($now>$role_end_time)); + if (($active) && ($allowed)) { + $row.= '<input type="checkbox" name="rev:'.$thisrole.'">'; + } else { + if ($active) { + $row.=' '; + } else { + $row.='expired or revoked'; + } + } + $row.='</td><td>'; + if ($delallowed) { + $row.= '<input type="checkbox" name="del:'.$thisrole.'">'; + } else { + $row.=' '; + } + my $plaintext=''; + unless ($croletitle) { + $plaintext=&Apache::lonnet::plaintext($role_code); + } else { + $plaintext= + "Customrole '$croletitle' defined by $croleuname\@$croleudom"; + } + $row.= '</td><td>'.$plaintext. + '</td><td>'.$area. + '</td><td>'.($role_start_time?localtime($role_start_time) + : ' ' ). + '</td><td>'.($role_end_time ?localtime($role_end_time) + : ' ' ) + ."</td></tr>\n"; + $r->print($row); } # end of foreach (table building loop) $r->print('</table>'); } # End of unless my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain); - if ($currentauth=~/^krb4:/) { - $currentauth=~/^krb4:(.*)/; - my $krbdefdom2=$1; + if ($currentauth=~/^krb(4|5):/) { + $currentauth=~/^krb(4|5):(.*)/; + my $krbdefdom=$1; my %param = ( formname => 'document.cu', kerb_def_dom => $krbdefdom ); $loginscript = &Apache::loncommon::authform_header(%param); } # Check for a bad authentication type - unless ($currentauth=~/^krb4:/ or + unless ($currentauth=~/^krb(4|5):/ or $currentauth=~/^unix:/ or $currentauth=~/^internal:/ or $currentauth=~/^localauth:/ ) { # bad authentication scheme - if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) { + if (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'})) { $r->print(<<ENDBADAUTH); <hr /> <script type="text/javascript" language="Javascript"> @@ -360,7 +471,7 @@ ENDBADAUTH } else { # Authentication type is valid my $authformcurrent=''; my $authform_other=''; - if ($currentauth=~/^krb4:/) { + if ($currentauth=~/^krb(4|5):/) { $authformcurrent=$authformkrb; $authform_other="<p>$authformint</p>\n". "<p>$authformfsys</p><p>$authformloc</p>"; @@ -380,17 +491,8 @@ ENDBADAUTH $authform_other="<p>$authformkrb</p>". "<p>$authformint</p><p>$authformfsys</p>"; } - $authformcurrent=<<ENDCURRENTAUTH; -<table border='1'> -<tr> -<td><font color='#ff0000'>* * * WARNING * * *</font></td> -<td><font color='#ff0000'>* * * WARNING * * *</font></td> -</tr> -<tr><td bgcolor='#cbbcbb'>$authformcurrent</td> -<td bgcolor='#cbbcbb'>Changing this value will overwrite existing authentication for the user; you should notify the user of this change.</td></tr> -</table> -ENDCURRENTAUTH - if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) { + $authformcurrent.=' <i>(will override current values)</i><br />'; + if (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'})) { # Current user has login modification privileges $r->print(<<ENDOTHERAUTHS); <hr /> @@ -411,10 +513,11 @@ ENDOTHERAUTHS # # Co-Author # - - if (&Apache::lonnet::allowed('cca',$ENV{'user.domain'})) { + if (&authorpriv($ENV{'user.name'},$ENV{'request.role.domain'}) && + ($ENV{'user.name'} ne $ccuname || $ENV{'user.domain'} ne $ccdomain)) { + # No sense in assigning co-author role to yourself my $cuname=$ENV{'user.name'}; - my $cudom=$ENV{'user.domain'}; + my $cudom=$ENV{'request.role.domain'}; $r->print(<<ENDCOAUTH); <h4>Construction Space</h4> <table border=2><tr><th>Activate</th><th>Role</th><th>Extent</th> @@ -470,7 +573,7 @@ ENDDROW } # ================================================================= Phase Three -sub phase_three { +sub update_user_data { my $r=shift; my $uhome=&Apache::lonnet::homeserver($ENV{'form.ccuname'}, $ENV{'form.ccdomain'}); @@ -483,9 +586,14 @@ sub phase_three { <head> <title>The LearningOnline Network with CAPA</title> </head> -<body bgcolor="#FFFFFF"> -<img align="right" src="/adm/lonIcons/lonlogos.gif"> ENDTHREEHEAD + my $title; + if (exists($ENV{'form.makeuser'})) { + $title='Set Privileges for New User'; + } else { + $title='Modify User Privileges'; + } + $r->print(&Apache::loncommon::bodytag($title)); # Check Inputs if (! $ENV{'form.ccuname'} ) { $r->print($error.'No login name specified.'.$end); @@ -520,7 +628,8 @@ ENDTHREEHEAD my $amode=''; my $genpwd=''; if ($ENV{'form.login'} eq 'krb') { - $amode='krb4'; + $amode='krb'; + $amode.=$ENV{'form.krbver'}; $genpwd=$ENV{'form.krbarg'}; } elsif ($ENV{'form.login'} eq 'int') { $amode='internal'; @@ -545,7 +654,6 @@ ENDTHREEHEAD if ($ENV{'form.makeuser'}) { # Create a new user $r->print(<<ENDNEWUSERHEAD); -<h1>Create User</h1> <h3>Creating user "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"</h2> ENDNEWUSERHEAD # Check for the authentication mode and password @@ -558,7 +666,7 @@ ENDNEWUSERHEAD if (lc($desiredhost) eq 'default') { $desiredhost = undef; } else { - my %home_servers = &Apache::loncommon::get_home_servers + my %home_servers = &Apache::loncommon::get_library_servers ($ENV{'form.ccdomain'}); if (! exists($home_servers{$desiredhost})) { $r->print($error.'Invalid home server specified'); @@ -581,7 +689,6 @@ ENDNEWUSERHEAD ($ENV{'form.login'} ne '' )) { # Modify user privileges $r->print(<<ENDMODIFYUSERHEAD); -<h1>Change User Privileges</h1> <h2>User "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"</h2> ENDMODIFYUSERHEAD if (! $amode || ! $genpwd) { @@ -589,7 +696,7 @@ ENDMODIFYUSERHEAD return; } # Only allow authentification modification if the person has authority - if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) { + if (&Apache::lonnet::allowed('mau',$ENV{'form.ccdomain'})) { $r->print('Modifying authentication: '. &Apache::lonnet::modifyuserauth( $ENV{'form.ccdomain'},$ENV{'form.ccuname'}, @@ -675,48 +782,100 @@ END next if (! $ENV{$_}); # Revoke roles if ($_=~/^form\.rev/) { - if ($_=~/^form\.rev\:([^\_]+)\_([^\_]+)$/) { - $r->print('Revoking '.$2.' in '.$1.': '. + if ($_=~/^form\.rev\:([^\_]+)\_([^\_\.]+)$/) { +# Revoke standard role + $r->print('Revoking '.$2.' in '.$1.': <b>'. + &Apache::lonnet::revokerole($ENV{'form.ccdomain'}, + $ENV{'form.ccuname'},$1,$2).'</b><br>'); + if ($2 eq 'st') { + $1=~/^\/(\w+)\/(\w+)/; + my $cid=$1.'_'.$2; + $r->print('Drop from classlist: <b>'. + &Apache::lonnet::critical('put:'. + $ENV{'course.'.$cid.'.domain'}.':'. + $ENV{'course.'.$cid.'.num'}.':classlist:'. + &Apache::lonnet::escape($ENV{'form.ccuname'}.':'. + $ENV{'form.ccdomain'}).'='. + &Apache::lonnet::escape($now.':'), + $ENV{'course.'.$cid.'.home'}).'</b><br>'); + } + } + if ($_=~/^form\.rev\:([^\_]+)\_cr\.cr\/(\w+)\/(\w+)\/(\w+)$/) { +# Revoke custom role + $r->print( + 'Revoking custom role '.$4.' by '.$3.'@'.$2.' in '.$1.': <b>'. +&Apache::lonnet::revokecustomrole($ENV{'form.ccdomain'}, + $ENV{'form.ccuname'},$1,$2,$3,$4). + '</b><br>'); + } + } elsif ($_=~/^form\.del/) { + if ($_=~/^form\.del\:([^\_]+)\_([^\_]+)$/) { + $r->print('Deleting '.$2.' in '.$1.': '. &Apache::lonnet::assignrole($ENV{'form.ccdomain'}, - $ENV{'form.ccuname'},$1,$2,$now).'<br>'); + $ENV{'form.ccuname'},$1,$2,$now,0,1).'<br>'); if ($2 eq 'st') { $1=~/^\/(\w+)\/(\w+)/; my $cid=$1.'_'.$2; - $r->print('Drop from classlist: '. + $r->print('Drop from classlist: <b>'. &Apache::lonnet::critical('put:'. $ENV{'course.'.$cid.'.domain'}.':'. $ENV{'course.'.$cid.'.num'}.':classlist:'. &Apache::lonnet::escape($ENV{'form.ccuname'}.':'. $ENV{'form.ccdomain'}).'='. &Apache::lonnet::escape($now.':'), - $ENV{'course.'.$cid.'.home'}).'<br>'); + $ENV{'course.'.$cid.'.home'}).'</b><br>'); } } } elsif ($_=~/^form\.act/) { - if ($_=~/^form\.act\_([^\_]+)\_([^\_]+)\_([^\_]+)$/) { + if +($_=~/^form\.act\_([^\_]+)\_([^\_]+)\_cr_cr_([^\_]+)_(\w+)_([^\_]+)$/) { + # Activate a custom role + my $url='/'.$1.'/'.$2; + my $full=$1.'_'.$2.'_cr_cr_'.$3.'_'.$4.'_'.$5; + if ($ENV{'form.sec_'.$full}) { + $url.='/'.$ENV{'form.sec_'.$full}; + } + + my $start = ( $ENV{'form.start_'.$full} ? + $ENV{'form.start_'.$full} : + $now ); + my $end = ( $ENV{'form.end_'.$full} ? + $ENV{'form.end_'.$full} : + 0 ); + + $r->print('Assigning custom role "'.$5.'" by '.$4.'@'.$3.' in '.$url. + ($start?', starting '.localtime($start):''). + ($end?', ending '.localtime($end):'').': <b>'. + &Apache::lonnet::assigncustomrole( + $ENV{'form.ccdomain'},$ENV{'form.ccuname'},$url,$3,$4,$5,$end,$start). + '</b><br>'); + } elsif ($_=~/^form\.act\_([^\_]+)\_([^\_]+)\_([^\_]+)$/) { # Activate roles for sections with 3 id numbers # set start, end times, and the url for the class - my $start = ( $ENV{'form.start_'.$1.'_'.$2} ? - $ENV{'form.start_'.$1.'_'.$2} : + + my $start = ( $ENV{'form.start_'.$1.'_'.$2.'_'.$3} ? + $ENV{'form.start_'.$1.'_'.$2.'_'.$3} : $now ); - my $end = ( $ENV{'form.end_'.$1.'_'.$2} ? - $ENV{'form.end_'.$1.'_'.$2} : + my $end = ( $ENV{'form.end_'.$1.'_'.$2.'_'.$3} ? + $ENV{'form.end_'.$1.'_'.$2.'_'.$3} : 0 ); my $url='/'.$1.'/'.$2; if ($ENV{'form.sec_'.$1.'_'.$2.'_'.$3}) { $url.='/'.$ENV{'form.sec_'.$1.'_'.$2.'_'.$3}; } # Assign the role and report it - $r->print('Assigning: '.$3.' in '.$url.': '. + $r->print('Assigning '.$3.' in '.$url. + ($start?', starting '.localtime($start):''). + ($end?', ending '.localtime($end):'').': <b>'. &Apache::lonnet::assignrole( $ENV{'form.ccdomain'},$ENV{'form.ccuname'}, $url,$3,$end,$start). - '<br>'); + '</b><br>'); # Handle students differently if ($3 eq 'st') { $url=~/^\/(\w+)\/(\w+)/; my $cid=$1.'_'.$2; - $r->print('Add to classlist: '. + $r->print('Add to classlist: <b>'. &Apache::lonnet::critical( 'put:'.$ENV{'course.'.$cid.'.domain'}.':'. $ENV{'course.'.$cid.'.num'}.':classlist:'. @@ -725,7 +884,7 @@ END $ENV{'form.ccdomain'} ).'='. &Apache::lonnet::escape($end.':'.$start), $ENV{'course.'.$cid.'.home'}) - .'<br>'); + .'</b><br>'); } } elsif ($_=~/^form\.act\_([^\_]+)\_([^\_]+)$/) { # Activate roles for sections with two id numbers @@ -738,17 +897,183 @@ END 0 ); my $url='/'.$1.'/'; # Assign the role and report it. - $r->print('Assigning: '.$2.' in '.$url.': '. + $r->print('Assigning '.$2.' in '.$url.': '. + ($start?', starting '.localtime($start):''). + ($end?', ending '.localtime($end):'').': <b>'. &Apache::lonnet::assignrole( $ENV{'form.ccdomain'},$ENV{'form.ccuname'}, $url,$2,$end,$start) - .'<br>'); - } + .'</b><br>'); + } else { + $r->print('<p>ERROR: Unknown command <tt>'.$_.'</tt></p><br>'); + } } } # End of foreach (keys(%ENV)) $r->print('</body></html>'); } +# ========================================================== Custom Role Editor + +sub custom_role_editor { + my $r=shift; + my $rolename=$ENV{'form.rolename'}; + + if ($rolename eq 'make new role') { + $rolename=$ENV{'form.newrolename'}; + } + + $rolename=~s/[^A-Za-z0-9]//gs; + + unless ($rolename) { + &print_username_entry_form($r); + return; + } + + $r->print(&Apache::loncommon::bodytag( + 'Create Users, Change User Privileges').'<h2>'); + my $syspriv=''; + my $dompriv=''; + my $coursepriv=''; + my ($rdummy,$roledef)= + &Apache::lonnet::get('roles',["rolesdef_$rolename"]); +# ------------------------------------------------------- Does this role exist? + if (($rdummy ne 'con_lost') && ($roledef ne '')) { + $r->print('Existing Role "'); +# ------------------------------------------------- Get current role privileges + ($syspriv,$dompriv,$coursepriv)=split(/\_/,$roledef); + } else { + $r->print('New Role "'); + $roledef=''; + } + $r->print($rolename.'"</h2>'); +# ------------------------------------------------------- What can be assigned? + my %full=(); + my %courselevel=(); + my %courselevelcurrent=(); + foreach (split(/\:/,$Apache::lonnet::pr{'cr:c'})) { + my ($priv,$restrict)=split(/\&/,$_); + unless ($restrict) { $restrict='F'; } + $courselevel{$priv}=$restrict; + if ($coursepriv=~/\:$priv/) { + $courselevelcurrent{$priv}=1; + } + $full{$priv}=1; + } + my %domainlevel=(); + my %domainlevelcurrent=(); + foreach (split(/\:/,$Apache::lonnet::pr{'cr:d'})) { + my ($priv,$restrict)=split(/\&/,$_); + unless ($restrict) { $restrict='F'; } + $domainlevel{$priv}=$restrict; + if ($dompriv=~/\:$priv/) { + $domainlevelcurrent{$priv}=1; + } + $full{$priv}=1; + } + my %systemlevel=(); + my %systemlevelcurrent=(); + foreach (split(/\:/,$Apache::lonnet::pr{'cr:s'})) { + my ($priv,$restrict)=split(/\&/,$_); + unless ($restrict) { $restrict='F'; } + $systemlevel{$priv}=$restrict; + if ($syspriv=~/\:$priv/) { + $systemlevelcurrent{$priv}=1; + } + $full{$priv}=1; + } + $r->print(<<ENDCCF); +<form method="post"> +<input type="hidden" name="phase" value="set_custom_roles" /> +<input type="hidden" name="rolename" value="$rolename" /> +<table border="2"> +<tr><th>Privilege</th><th>Course Level</th><th>Domain Level</th> +<th>System Level</th></tr> +ENDCCF + foreach (sort keys %full) { + $r->print('<tr><td>'.&Apache::lonnet::plaintext($_).'</td><td>'. + ($courselevel{$_}?'<input type="checkbox" name="'.$_.':c" '. + ($courselevelcurrent{$_}?'checked="1"':'').' />':' '). + '</td><td>'. + ($domainlevel{$_}?'<input type="checkbox" name="'.$_.':d" '. + ($domainlevelcurrent{$_}?'checked="1"':'').' />':' '). + '</td><td>'. + ($systemlevel{$_}?'<input type="checkbox" name="'.$_.':s" '. + ($systemlevelcurrent{$_}?'checked="1"':'').' />':' '). + '</td></tr>'); + } + $r->print( + '<table><input type="submit" value="Define Role" /></form></body></html>'); +} + +# ---------------------------------------------------------- Call to definerole +sub set_custom_role { + my $r=shift; + + my $rolename=$ENV{'form.rolename'}; + + $rolename=~s/[^A-Za-z0-9]//gs; + + unless ($rolename) { + &print_username_entry_form($r); + return; + } + + $r->print(&Apache::loncommon::bodytag( + 'Create Users, Change User Privileges').'<h2>'); + my ($rdummy,$roledef)= + &Apache::lonnet::get('roles',["rolesdef_$rolename"]); +# ------------------------------------------------------- Does this role exist? + if (($rdummy ne 'con_lost') && ($roledef ne '')) { + $r->print('Existing Role "'); + } else { + $r->print('New Role "'); + $roledef=''; + } + $r->print($rolename.'"</h2>'); +# ------------------------------------------------------- What can be assigned? + my $sysrole=''; + my $domrole=''; + my $courole=''; + + foreach (split(/\:/,$Apache::lonnet::pr{'cr:c'})) { + my ($priv,$restrict)=split(/\&/,$_); + unless ($restrict) { $restrict=''; } + if ($ENV{'form.'.$priv.':c'}) { + $courole.=':'.$_; + } + } + + foreach (split(/\:/,$Apache::lonnet::pr{'cr:d'})) { + my ($priv,$restrict)=split(/\&/,$_); + unless ($restrict) { $restrict=''; } + if ($ENV{'form.'.$priv.':d'}) { + $domrole.=':'.$_; + } + } + + foreach (split(/\:/,$Apache::lonnet::pr{'cr:s'})) { + my ($priv,$restrict)=split(/\&/,$_); + unless ($restrict) { $restrict=''; } + if ($ENV{'form.'.$priv.':s'}) { + $sysrole.=':'.$_; + } + } + $r->print('<br />Defining Role: '. + &Apache::lonnet::definerole($rolename,$sysrole,$domrole,$courole)); + if ($ENV{'request.course.id'}) { + my $url='/'.$ENV{'request.course.id'}; + $url=~s/\_/\//g; + $r->print('<br />Assigning Role to Self: '. + &Apache::lonnet::assigncustomrole($ENV{'user.domain'}, + $ENV{'user.name'}, + $url, + $ENV{'user.domain'}, + $ENV{'user.name'}, + $rolename)); + } + $r->print('</body></html>'); +} + # ================================================================ Main Handler sub handler { my $r = shift; @@ -763,17 +1088,21 @@ sub handler { (&Apache::lonnet::allowed('cin',$ENV{'request.course.id'})) || (&Apache::lonnet::allowed('ccr',$ENV{'request.course.id'})) || (&Apache::lonnet::allowed('cep',$ENV{'request.course.id'})) || - (&Apache::lonnet::allowed('cca',$ENV{'user.domain'})) || - (&Apache::lonnet::allowed('mau',$ENV{'user.domain'}))) { + (&Apache::lonnet::allowed('cca',$ENV{'request.role.domain'})) || + (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'}))) { $r->content_type('text/html'); $r->send_http_header; unless ($ENV{'form.phase'}) { - &phase_one($r); + &print_username_entry_form($r); } - if ($ENV{'form.phase'} eq 'two') { - &phase_two($r); - } elsif ($ENV{'form.phase'} eq 'three') { - &phase_three($r); + if ($ENV{'form.phase'} eq 'get_user_info') { + &print_user_modification_page($r); + } elsif ($ENV{'form.phase'} eq 'update_user_data') { + &update_user_data($r); + } elsif ($ENV{'form.phase'} eq 'selected_custom_edit') { + &custom_role_editor($r); + } elsif ($ENV{'form.phase'} eq 'set_custom_roles') { + &set_custom_role($r); } } else { $ENV{'user.error.msg'}= @@ -787,15 +1116,20 @@ sub handler { sub course_level_table { my %inccourses = @_; my $table = ''; +# Custom Roles? + + my %customroles=&my_custom_roles(); + foreach (sort( keys(%inccourses))) { my $thiscourse=$_; my $protectedcourse=$_; $thiscourse=~s:_:/:g; my %coursedata=&Apache::lonnet::coursedescription($thiscourse); my $area=$coursedata{'description'}; + if (!defined($area)) { $area='Unavailable course: '.$_; } my $bgcol=$thiscourse; - $bgcol=~s/[^8-9b-e]//g; - $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6); + $bgcol=~s/[^7-9a-e]//g; + $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',2,6); foreach ('st','ta','ep','ad','in','cc') { if (&Apache::lonnet::allowed('c'.$_,$thiscourse)) { my $plrole=&Apache::lonnet::plaintext($_); @@ -825,6 +1159,26 @@ ENDTIMEENTRY $table.= "</tr>\n"; } } + foreach (sort keys %customroles) { + if (&Apache::lonnet::allowed('ccr',$thiscourse)) { + my $plrole=$_; + my $customrole=$protectedcourse.'_cr_cr_'.$ENV{'user.domain'}. + '_'.$ENV{'user.name'}.'_'.$plrole; + $table .= <<ENDENTRY; +<tr bgcolor="#$bgcol"> +<td><input type="checkbox" name="act_$customrole"></td> +<td>$plrole</td> +<td>$area</td> +<td><input type="text" size="5" name="sec_$customrole"></td> +<td><input type=hidden name="start_$customrole" value=''> +<a href= +"javascript:pjump('date_start','Start Date $plrole',document.cu.start_$customrole.value,'start_$customrole','cu.pres','dateset')">Set Start Date</a></td> +<td><input type=hidden name="end_$customrole" value=''> +<a href= +"javascript:pjump('date_end','End Date $plrole',document.cu.end_$customrole.value,'end_$customrole','cu.pres','dateset')">Set End Date</a></td></tr> +ENDENTRY + } + } } return '' if ($table eq ''); # return nothing if there is nothing # in the table