Annotation of loncom/interface/loncreateuser.pm, revision 1.69

1.20      harris41    1: # The LearningOnline Network with CAPA
1.1       www         2: # Create a user
                      3: #
1.69    ! albertel    4: # $Id: loncreateuser.pm,v 1.68 2003/09/21 21:40:06 www Exp $
1.22      albertel    5: #
                      6: # Copyright Michigan State University Board of Trustees
                      7: #
                      8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
                      9: #
                     10: # LON-CAPA is free software; you can redistribute it and/or modify
                     11: # it under the terms of the GNU General Public License as published by
                     12: # the Free Software Foundation; either version 2 of the License, or
                     13: # (at your option) any later version.
                     14: #
                     15: # LON-CAPA is distributed in the hope that it will be useful,
                     16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
                     17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
                     18: # GNU General Public License for more details.
                     19: #
                     20: # You should have received a copy of the GNU General Public License
                     21: # along with LON-CAPA; if not, write to the Free Software
                     22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
                     23: #
                     24: # /home/httpd/html/adm/gpl.txt
                     25: #
                     26: # http://www.lon-capa.org/
                     27: #
1.20      harris41   28: ###
                     29: 
1.1       www        30: package Apache::loncreateuser;
1.66      bowersj2   31: 
                     32: =pod
                     33: 
                     34: =head1 NAME
                     35: 
                     36: Apache::loncreateuser - handler to create users and custom roles
                     37: 
                     38: =head1 SYNOPSIS
                     39: 
                     40: Apache::loncreateuser provides an Apache handler for creating users,
                     41:     editing their login parameters, roles, and removing roles, and
                     42:     also creating and assigning custom roles.
                     43: 
                     44: =head1 OVERVIEW
                     45: 
                     46: =head2 Custom Roles
                     47: 
                     48: In LON-CAPA, roles are actually collections of privileges. "Teaching
                     49: Assistant", "Course Coordinator", and other such roles are really just
                     50: collection of privileges that are useful in many circumstances.
                     51: 
                     52: Creating custom roles can be done by the Domain Coordinator through
                     53: the Create User functionality. That screen will show all privileges
                     54: that can be assigned to users. For a complete list of privileges,
                     55: please see C</home/httpd/lonTabs/rolesplain.tab>.
                     56: 
                     57: Custom role definitions are stored in the C<roles.db> file of the role
                     58: author.
                     59: 
                     60: =cut
1.1       www        61: 
                     62: use strict;
                     63: use Apache::Constants qw(:common :http);
                     64: use Apache::lonnet;
1.54      bowersj2   65: use Apache::loncommon;
1.68      www        66: use Apache::lonlocal;
1.1       www        67: 
1.20      harris41   68: my $loginscript; # piece of javascript used in two separate instances
                     69: my $generalrule;
                     70: my $authformnop;
                     71: my $authformkrb;
                     72: my $authformint;
                     73: my $authformfsys;
                     74: my $authformloc;
                     75: 
1.23      harris41   76: BEGIN {
1.20      harris41   77:     $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/;
                     78:     my $krbdefdom=$1;
                     79:     $krbdefdom=~tr/a-z/A-Z/;
1.31      matthew    80:     my %param = ( formname => 'document.cu',
                     81:                   kerb_def_dom => $krbdefdom 
                     82:                   );
1.48      albertel   83: # no longer static due to configurable kerberos defaults
                     84: #    $loginscript  = &Apache::loncommon::authform_header(%param);
1.31      matthew    85:     $generalrule  = &Apache::loncommon::authform_authorwarning(%param);
                     86:     $authformnop  = &Apache::loncommon::authform_nochange(%param);
1.48      albertel   87: # no longer static due to configurable kerberos defaults
                     88: #    $authformkrb  = &Apache::loncommon::authform_kerberos(%param);
1.31      matthew    89:     $authformint  = &Apache::loncommon::authform_internal(%param);
                     90:     $authformfsys = &Apache::loncommon::authform_filesystem(%param);
                     91:     $authformloc  = &Apache::loncommon::authform_local(%param);
1.20      harris41   92: }
                     93: 
1.43      www        94: 
1.59      www        95: # ======================================================= Existing Custom Roles
                     96: 
                     97: sub my_custom_roles {
                     98:     my %returnhash=();
                     99:     my %rolehash=&Apache::lonnet::dump('roles');
                    100:     foreach (keys %rolehash) {
                    101: 	if ($_=~/^rolesdef\_(\w+)$/) {
1.61      www       102: 	    $returnhash{$1}=$1;
1.59      www       103: 	}
                    104:     }
                    105:     return %returnhash;
                    106: }
1.43      www       107: 
                    108: # ==================================================== Figure out author access
                    109: 
                    110: sub authorpriv {
                    111:     my ($auname,$audom)=@_;
                    112:     if (($auname ne $ENV{'user.name'}) ||
                    113:         (($audom ne $ENV{'user.domain'}) &&
                    114:          ($audom ne $ENV{'request.role.domain'}))) { return ''; }
                    115:     unless (&Apache::lonnet::allowed('cca',$audom)) { return ''; }
                    116:     return 1;
                    117: }
                    118: 
1.2       www       119: # =================================================================== Phase one
1.1       www       120: 
1.42      matthew   121: sub print_username_entry_form {
1.2       www       122:     my $r=shift;
1.42      matthew   123:     my $defdom=$ENV{'request.role.domain'};
1.33      matthew   124:     my @domains = &Apache::loncommon::get_domains();
                    125:     my $domform = &Apache::loncommon::select_dom_form($defdom,'ccdomain');
1.40      www       126:     my $bodytag =&Apache::loncommon::bodytag(
                    127:                                   'Create Users, Change User Privileges');
1.46      www       128:     my $selscript=&Apache::loncommon::studentbrowser_javascript();
                    129:     my $sellink=&Apache::loncommon::selectstudent_link
                    130:                                         ('crtuser','ccuname','ccdomain');
1.59      www       131:     my %existingroles=&my_custom_roles();
                    132:     my $choice=&Apache::loncommon::select_form('make new role','rolename',
                    133: 		('make new role' => 'Generate new role ...',%existingroles));
1.33      matthew   134:     $r->print(<<"ENDDOCUMENT");
1.1       www       135: <html>
                    136: <head>
                    137: <title>The LearningOnline Network with CAPA</title>
1.46      www       138: $selscript
1.1       www       139: </head>
1.40      www       140: $bodytag
1.46      www       141: <form action="/adm/createuser" method="post" name="crtuser">
1.42      matthew   142: <input type="hidden" name="phase" value="get_user_info">
1.58      www       143: <h2>Set Individual User Roles</h2>
1.43      www       144: <table>
                    145: <tr><td>Username:</td><td><input type="text" size="15" name="ccuname">
1.46      www       146: </td><td rowspan="2">$sellink</td></tr><tr><td>
1.43      www       147: Domain:</td><td>$domform</td></tr>
1.58      www       148: </table>
                    149: <input name="userrole" type="submit" value="User Roles" />
1.2       www       150: </form>
1.58      www       151: <form action="/adm/createuser" method="post" name="docustom">
                    152: <input type="hidden" name="phase" value="selected_custom_edit">
                    153: <h2>Edit Custom Role Privileges</h2>
1.59      www       154: Name of Role: $choice <input type="text" size="15" name="newrolename" /><br />
1.58      www       155: <input name="customeditor" type="submit" value="Custom Role Editor" />
1.1       www       156: </body>
                    157: </html>
                    158: ENDDOCUMENT
1.2       www       159: }
                    160: 
                    161: # =================================================================== Phase two
1.42      matthew   162: sub print_user_modification_page {
1.2       www       163:     my $r=shift;
                    164:     my $ccuname=$ENV{'form.ccuname'};
                    165:     my $ccdomain=$ENV{'form.ccdomain'};
1.4       www       166: 
1.58      www       167:     $ccuname=~s/\W//gs;
                    168:     $ccdomain=~s/\W//gs;
                    169: 
                    170:     unless (($ccuname) && ($ccdomain)) {
                    171: 	&print_username_entry_form($r);
                    172:         return;
                    173:     }
                    174: 
1.48      albertel  175:     my $defdom=$ENV{'request.role.domain'};
                    176: 
                    177:     my ($krbdef,$krbdefdom) =
                    178:        &Apache::loncommon::get_kerberos_defaults($defdom);
                    179: 
1.31      matthew   180:     my %param = ( formname => 'document.cu',
1.48      albertel  181:                   kerb_def_dom => $krbdefdom,
                    182:                   kerb_def_auth => $krbdef
1.31      matthew   183:                   );
                    184:     $loginscript  = &Apache::loncommon::authform_header(%param);
1.48      albertel  185:     $authformkrb  = &Apache::loncommon::authform_kerberos(%param);
1.4       www       186: 
1.2       www       187:     $ccuname=~s/\W//g;
                    188:     $ccdomain=~s/\W//g;
1.52      matthew   189:     my $pjump_def = &Apache::lonhtmlcommon::pjump_javascript_definition();
1.25      matthew   190:     my $dochead =<<"ENDDOCHEAD";
1.2       www       191: <html>
                    192: <head>
                    193: <title>The LearningOnline Network with CAPA</title>
1.31      matthew   194: <script type="text/javascript" language="Javascript">
1.3       www       195: 
                    196:     function pclose() {
                    197:         parmwin=window.open("/adm/rat/empty.html","LONCAPAparms",
                    198:                  "height=350,width=350,scrollbars=no,menubar=no");
                    199:         parmwin.close();
                    200:     }
                    201: 
1.52      matthew   202:     $pjump_def
1.3       www       203: 
                    204:     function dateset() {
                    205:         eval("document.cu."+document.cu.pres_marker.value+
                    206:             ".value=document.cu.pres_value.value");
                    207:         pclose();
                    208:     }
                    209: 
                    210: </script>
1.2       www       211: </head>
1.25      matthew   212: ENDDOCHEAD
1.40      www       213:     $r->print(&Apache::loncommon::bodytag(
                    214:                                      'Create Users, Change User Privileges'));
1.25      matthew   215:     my $forminfo =<<"ENDFORMINFO";
                    216: <form action="/adm/createuser" method="post" name="cu">
1.42      matthew   217: <input type="hidden" name="phase"       value="update_user_data">
1.25      matthew   218: <input type="hidden" name="ccuname"     value="$ccuname">
                    219: <input type="hidden" name="ccdomain"    value="$ccdomain">
                    220: <input type="hidden" name="pres_value"  value="" >
                    221: <input type="hidden" name="pres_type"   value="" >
                    222: <input type="hidden" name="pres_marker" value="" >
                    223: ENDFORMINFO
1.2       www       224:     my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain);
                    225:     my %incdomains; 
                    226:     my %inccourses;
1.49      albertel  227:     foreach (values(%Apache::lonnet::hostdom)) {
1.13      www       228:        $incdomains{$_}=1;
1.24      matthew   229:     }
                    230:     foreach (keys(%ENV)) {
1.2       www       231: 	if ($_=~/^user\.priv\.cm\.\/(\w+)\/(\w+)/) {
                    232: 	    $inccourses{$1.'_'.$2}=1;
                    233:         }
1.24      matthew   234:     }
1.2       www       235:     if ($uhome eq 'no_host') {
1.29      matthew   236:         my $home_server_list=
1.32      matthew   237:             '<option value="default" selected>default</option>'."\n".
                    238:                 &Apache::loncommon::home_server_option_list($ccdomain);
                    239:         
1.26      matthew   240: 	$r->print(<<ENDNEWUSER);
1.25      matthew   241: $dochead
                    242: <h1>Create New User</h1>
                    243: $forminfo
                    244: <h2>New user "$ccuname" in domain $ccdomain</h2>
1.31      matthew   245: <script type="text/javascript" language="Javascript">
1.20      harris41  246: $loginscript
1.31      matthew   247: </script>
1.20      harris41  248: <input type='hidden' name='makeuser' value='1' />
1.4       www       249: <h3>Personal Data</h3>
1.25      matthew   250: <p>
                    251: <table>
                    252: <tr><td>First Name  </td>
                    253:     <td><input type='text' name='cfirst'  size='15' /></td></tr>
                    254: <tr><td>Middle Name </td> 
                    255:     <td><input type='text' name='cmiddle' size='15' /></td></tr>
                    256: <tr><td>Last Name   </td>
                    257:     <td><input type='text' name='clast'   size='15' /></td></tr>
                    258: <tr><td>Generation  </td>
                    259:     <td><input type='text' name='cgen'    size='5'  /></td></tr>
                    260: </table>
                    261: ID/Student Number <input type='text' name='cstid'   size='15' /></p>
1.29      matthew   262: Home Server: <select name="hserver" size="1"> $home_server_list </select>
1.25      matthew   263: <hr />
1.4       www       264: <h3>Login Data</h3>
1.31      matthew   265: <p>$generalrule </p>
                    266: <p>$authformkrb </p>
                    267: <p>$authformint </p>
                    268: <p>$authformfsys</p>
                    269: <p>$authformloc </p>
1.26      matthew   270: ENDNEWUSER
1.25      matthew   271:     } else { # user already exists
1.26      matthew   272: 	$r->print(<<ENDCHANGEUSER);
1.25      matthew   273: $dochead
                    274: <h1>Change User Privileges</h1>
                    275: $forminfo
1.60      www       276: <h2>User "$ccuname" in domain "$ccdomain"</h2>
1.26      matthew   277: ENDCHANGEUSER
1.28      matthew   278:         # Get the users information
                    279:         my %userenv = &Apache::lonnet::get('environment',
                    280:                           ['firstname','middlename','lastname','generation'],
                    281:                           $ccdomain,$ccuname);
                    282:         my %rolesdump=&Apache::lonnet::dump('roles',$ccdomain,$ccuname);
                    283:         $r->print(<<END);
                    284: <hr />
                    285: <table border="2">
                    286: <tr>
                    287: <th>first name</th><th>middle name</th><th>last name</th><th>generation</th>
                    288: </tr>
                    289: <tr>
                    290: END
                    291:         foreach ('firstname','middlename','lastname','generation') {
                    292:            if (&Apache::lonnet::allowed('mau',$ccdomain)) {
                    293:               $r->print(<<"END");            
1.53      www       294: <td><input type="text" name="c$_" value="$userenv{$_}" size="15" /></td>
1.28      matthew   295: END
                    296:            } else {
                    297:                $r->print('<td>'.$userenv{$_}.'</td>');
                    298:            }
                    299:         }
                    300:         $r->print(<<END);
                    301: </tr>
                    302: </table>
                    303: END
1.25      matthew   304:         # Build up table of user roles to allow revocation of a role.
1.28      matthew   305:         my ($tmp) = keys(%rolesdump);
                    306:         unless ($tmp =~ /^(con_lost|error)/i) {
1.2       www       307:            my $now=time;
1.37      matthew   308:            $r->print(<<END);
                    309: <hr />
                    310: <h3>Revoke Existing Roles</h3>
                    311: <table border=2>
1.53      www       312: <tr><th>Revoke</th><th>Delete</th><th>Role</th><th>Extent</th><th>Start</th><th>End</th>
1.37      matthew   313: END
1.67      albertel  314: 	   foreach my $area (sort { my $a1=join('_',(split('_',$a))[1,0]);
                    315: 				    my $b1=join('_',(split('_',$b))[1,0]);
                    316: 				    return $a1 cmp $b1;
                    317: 				} keys(%rolesdump)) {
1.37      matthew   318:                next if ($area =~ /^rolesdef/);
                    319:                my $role = $rolesdump{$area};
                    320:                my $thisrole=$area;
                    321:                $area =~ s/\_\w\w$//;
                    322:                my ($role_code,$role_end_time,$role_start_time) = 
                    323:                    split(/_/,$role);
1.64      www       324: # Is this a custom role? Get role owner and title.
                    325: 	       my ($croleudom,$croleuname,$croletitle)=
                    326: 	           ($role_code=~/^cr\/(\w+)\/(\w+)\/(\w+)$/);
1.37      matthew   327:                my $bgcol='ffffff';
                    328:                my $allowed=0;
1.53      www       329:                my $delallowed=0;
1.37      matthew   330:                if ($area =~ /^\/(\w+)\/(\d\w+)/ ) {
1.57      matthew   331:                    my ($coursedom,$coursedir) = ($1,$2);
                    332:                    # $1.'_'.$2 is the course id (eg. 103_12345abcef103l3).
1.37      matthew   333:                    my %coursedata=
                    334:                        &Apache::lonnet::coursedescription($1.'_'.$2);
1.51      albertel  335: 		   my $carea;
                    336: 		   if (defined($coursedata{'description'})) {
1.53      www       337: 		       $carea='Course: '.$coursedata{'description'}.
1.57      matthew   338:                            '<br />Domain: '.$coursedom.('&nbsp;'x8).
                    339:      &Apache::loncommon::syllabuswrapper('Syllabus',$coursedir,$coursedom);
1.51      albertel  340: 		   } else {
                    341: 		       $carea='Unavailable course: '.$area;
                    342: 		   }
1.37      matthew   343:                    $inccourses{$1.'_'.$2}=1;
1.53      www       344:                    if ((&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) ||
                    345:                        (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) {
1.37      matthew   346:                        $allowed=1;
                    347:                    }
1.53      www       348:                    if ((&Apache::lonnet::allowed('dro',$1)) ||
                    349:                        (&Apache::lonnet::allowed('dro',$ccdomain))) {
                    350:                        $delallowed=1;
                    351:                    }
1.64      www       352: # - custom role. Needs more info, too
                    353: 		   if ($croletitle) {
                    354: 		       if (&Apache::lonnet::allowed('ccr',$1.'/'.$2)) {
                    355: 			   $allowed=1;
                    356: 			   $thisrole.='.'.$role_code;
                    357: 		       }
                    358: 		   }
1.37      matthew   359:                    # Compute the background color based on $area
                    360:                    $bgcol=$1.'_'.$2;
1.62      www       361:                    $bgcol=~s/[^7-9a-e]//g;
                    362:                    $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',2,6);
1.37      matthew   363:                    if ($area=~/^\/(\w+)\/(\d\w+)\/(\w+)/) {
1.28      matthew   364:                        $carea.='<br>Section/Group: '.$3;
1.37      matthew   365:                    }
                    366:                    $area=$carea;
                    367:                } else {
                    368:                    # Determine if current user is able to revoke privileges
                    369:                    if ($area=~ /^\/(\w+)\//) {
1.53      www       370:                        if ((&Apache::lonnet::allowed('c'.$role_code,$1)) ||
                    371:                        (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) {
1.37      matthew   372:                            $allowed=1;
                    373:                        }
1.53      www       374:                        if (((&Apache::lonnet::allowed('dro',$1))  ||
                    375:                             (&Apache::lonnet::allowed('dro',$ccdomain))) &&
                    376:                            ($role_code ne 'dc')) {
                    377:                            $delallowed=1;
                    378:                        }
1.37      matthew   379:                    } else {
                    380:                        if (&Apache::lonnet::allowed('c'.$role_code,'/')) {
                    381:                            $allowed=1;
                    382:                        }
                    383:                    }
                    384:                }
1.43      www       385:                if ($role_code eq 'ca') {
                    386:                    $area=~/\/(\w+)\/(\w+)/;
                    387: 		   if (&authorpriv($2,$1)) {
                    388: 		       $allowed=1;
                    389:                    } else {
                    390:                        $allowed=0;
1.37      matthew   391:                    }
                    392:                }
                    393:                my $row = '';
1.62      www       394:                $row.='<tr bgcolor="#'.$bgcol.'"><td>';
1.37      matthew   395:                my $active=1;
                    396:                $active=0 if (($role_end_time) && ($now>$role_end_time));
                    397:                if (($active) && ($allowed)) {
                    398:                    $row.= '<input type="checkbox" name="rev:'.$thisrole.'">';
                    399:                } else {
1.56      www       400:                    if ($active) {
                    401:                       $row.='&nbsp;';
                    402: 		   } else {
                    403:                       $row.='expired or revoked';
                    404: 		   }
1.37      matthew   405:                }
1.53      www       406: 	       $row.='</td><td>';
                    407:                if ($delallowed) {
                    408:                    $row.= '<input type="checkbox" name="del:'.$thisrole.'">';
                    409:                } else {
                    410:                    $row.='&nbsp;';
                    411:                }
1.64      www       412: 	       my $plaintext='';
                    413: 	       unless ($croletitle) {
                    414: 		   $plaintext=&Apache::lonnet::plaintext($role_code);
                    415: 	       } else {
                    416: 	           $plaintext=
                    417: 		"Customrole '$croletitle' defined by $croleuname\@$croleudom";
                    418: 	       }
                    419:                $row.= '</td><td>'.$plaintext.
1.37      matthew   420:                       '</td><td>'.$area.
                    421:                       '</td><td>'.($role_start_time?localtime($role_start_time)
                    422:                                                    : '&nbsp;' ).
                    423:                       '</td><td>'.($role_end_time  ?localtime($role_end_time)
                    424:                                                    : '&nbsp;' )
                    425:                       ."</td></tr>\n";
                    426:                $r->print($row);
1.28      matthew   427:            } # end of foreach        (table building loop)
1.2       www       428: 	   $r->print('</table>');
1.28      matthew   429:         }  # End of unless
1.20      harris41  430: 	my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
1.41      albertel  431: 	if ($currentauth=~/^krb(4|5):/) {
                    432: 	    $currentauth=~/^krb(4|5):(.*)/;
1.45      matthew   433: 	    my $krbdefdom=$1;
1.31      matthew   434:             my %param = ( formname => 'document.cu',
                    435:                           kerb_def_dom => $krbdefdom 
                    436:                           );
                    437:             $loginscript  = &Apache::loncommon::authform_header(%param);
1.20      harris41  438: 	}
1.26      matthew   439: 	# Check for a bad authentication type
1.41      albertel  440:         unless ($currentauth=~/^krb(4|5):/ or
1.20      harris41  441: 		$currentauth=~/^unix:/ or
                    442: 		$currentauth=~/^internal:/ or
                    443: 		$currentauth=~/^localauth:/
1.26      matthew   444: 		) { # bad authentication scheme
1.42      matthew   445: 	    if (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'})) {
1.26      matthew   446: 		$r->print(<<ENDBADAUTH);
1.21      harris41  447: <hr />
1.31      matthew   448: <script type="text/javascript" language="Javascript">
1.21      harris41  449: $loginscript
1.31      matthew   450: </script>
1.20      harris41  451: <font color='#ff0000'>ERROR:</font>
                    452: This user has an unrecognized authentication scheme ($currentauth).
                    453: Please specify login data below.
                    454: <h3>Login Data</h3>
1.31      matthew   455: <p>$generalrule</p>
                    456: <p>$authformkrb</p>
                    457: <p>$authformint</p>
                    458: <p>$authformfsys</p>
                    459: <p>$authformloc</p>
1.26      matthew   460: ENDBADAUTH
                    461:             } else { 
                    462:                 # This user is not allowed to modify the users 
                    463:                 # authentication scheme, so just notify them of the problem
                    464: 		$r->print(<<ENDBADAUTH);
                    465: <hr />
1.31      matthew   466: <script type="text/javascript" language="Javascript">
1.26      matthew   467: $loginscript
1.31      matthew   468: </script>
1.26      matthew   469: <font color="#ff0000"> ERROR: </font>
                    470: This user has an unrecognized authentication scheme ($currentauth).
                    471: Please alert a domain coordinator of this situation.
                    472: <hr />
                    473: ENDBADAUTH
                    474:             }
                    475:         } else { # Authentication type is valid
1.20      harris41  476: 	    my $authformcurrent='';
1.26      matthew   477: 	    my $authform_other='';
1.41      albertel  478: 	    if ($currentauth=~/^krb(4|5):/) {
1.20      harris41  479: 		$authformcurrent=$authformkrb;
1.31      matthew   480: 		$authform_other="<p>$authformint</p>\n".
                    481:                     "<p>$authformfsys</p><p>$authformloc</p>";
1.20      harris41  482: 	    }
                    483: 	    elsif ($currentauth=~/^internal:/) {
                    484: 		$authformcurrent=$authformint;
1.31      matthew   485: 		$authform_other="<p>$authformkrb</p>".
                    486:                     "<p>$authformfsys</p><p>$authformloc</p>";
1.20      harris41  487: 	    }
                    488: 	    elsif ($currentauth=~/^unix:/) {
                    489: 		$authformcurrent=$authformfsys;
1.31      matthew   490: 		$authform_other="<p>$authformkrb</p>".
                    491:                     "<p>$authformint</p><p>$authformloc;</p>";
1.20      harris41  492: 	    }
                    493: 	    elsif ($currentauth=~/^localauth:/) {
                    494: 		$authformcurrent=$authformloc;
1.31      matthew   495: 		$authform_other="<p>$authformkrb</p>".
                    496:                     "<p>$authformint</p><p>$authformfsys</p>";
1.20      harris41  497: 	    }
1.53      www       498:             $authformcurrent.=' <i>(will override current values)</i><br />';
1.42      matthew   499:             if (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'})) {
1.26      matthew   500: 		# Current user has login modification privileges
                    501: 		$r->print(<<ENDOTHERAUTHS);
1.21      harris41  502: <hr />
1.31      matthew   503: <script type="text/javascript" language="Javascript">
1.21      harris41  504: $loginscript
1.31      matthew   505: </script>
1.20      harris41  506: <h3>Change Current Login Data</h3>
1.31      matthew   507: <p>$generalrule</p>
                    508: <p>$authformnop</p>
                    509: <p>$authformcurrent</p>
1.20      harris41  510: <h3>Enter New Login Data</h3>
1.26      matthew   511: $authform_other
                    512: ENDOTHERAUTHS
                    513:             }
                    514:         }  ## End of "check for bad authentication type" logic
1.25      matthew   515:     } ## End of new user/old user logic
1.20      harris41  516:     $r->print('<hr /><h3>Add Roles</h3>');
1.17      www       517: #
                    518: # Co-Author
                    519: # 
1.44      matthew   520:     if (&authorpriv($ENV{'user.name'},$ENV{'request.role.domain'}) &&
                    521:         ($ENV{'user.name'} ne $ccuname || $ENV{'user.domain'} ne $ccdomain)) {
                    522:         # No sense in assigning co-author role to yourself
1.17      www       523: 	my $cuname=$ENV{'user.name'};
1.42      matthew   524:         my $cudom=$ENV{'request.role.domain'};
1.17      www       525:        $r->print(<<ENDCOAUTH);
                    526: <h4>Construction Space</h4>
                    527: <table border=2><tr><th>Activate</th><th>Role</th><th>Extent</th>
                    528: <th>Start</th><th>End</th></tr>
                    529: <tr>
                    530: <td><input type=checkbox name="act_$cudom\_$cuname\_ca"></td>
                    531: <td>Co-Author</td>
                    532: <td>$cudom\_$cuname</td>
                    533: <td><input type=hidden name="start_$cudom\_$cuname\_ca" value=''>
                    534: <a href=
                    535: "javascript:pjump('date_start','Start Date Co-Author',document.cu.start_$cudom\_$cuname\_ca.value,'start_$cudom\_$cuname\_ca','cu.pres','dateset')">Set Start Date</a></td>
                    536: <td><input type=hidden name="end_$cudom\_$cuname\_ca" value=''>
                    537: <a href=
                    538: "javascript:pjump('date_end','End Date Co-Author',document.cu.end_$cudom\_$cuname\_ca.value,'end_$cudom\_$cuname\_ca','cu.pres','dateset')">Set End Date</a></td>
                    539: </tr>
                    540: </table>
                    541: ENDCOAUTH
                    542:     }
1.8       www       543: #
                    544: # Domain level
                    545: #
                    546:     $r->print('<h4>Domain Level</h4>'.
                    547:     '<table border=2><tr><th>Activate</th><th>Role</th><th>Extent</th>'.
                    548:     '<th>Start</th><th>End</th></tr>');
1.24      matthew   549:     foreach ( sort( keys(%incdomains))) {
1.2       www       550: 	my $thisdomain=$_;
1.69    ! albertel  551:         foreach ('dc','li','dg','au','sc') {
1.2       www       552:             if (&Apache::lonnet::allowed('c'.$_,$thisdomain)) {
1.8       www       553:                my $plrole=&Apache::lonnet::plaintext($_);
                    554:                $r->print(<<ENDDROW);
                    555: <tr>
                    556: <td><input type=checkbox name="act_$thisdomain\_$_"></td>
                    557: <td>$plrole</td>
                    558: <td>$thisdomain</td>
                    559: <td><input type=hidden name="start_$thisdomain\_$_" value=''>
                    560: <a href=
                    561: "javascript:pjump('date_start','Start Date $plrole',document.cu.start_$thisdomain\_$_.value,'start_$thisdomain\_$_','cu.pres','dateset')">Set Start Date</a></td>
                    562: <td><input type=hidden name="end_$thisdomain\_$_" value=''>
                    563: <a href=
                    564: "javascript:pjump('date_end','End Date $plrole',document.cu.end_$thisdomain\_$_.value,'end_$thisdomain\_$_','cu.pres','dateset')">Set End Date</a></td>
                    565: </tr>
                    566: ENDDROW
1.2       www       567:             }
1.24      matthew   568:         } 
                    569:     }
1.8       www       570:     $r->print('</table>');
                    571: #
                    572: # Course level
                    573: #
1.26      matthew   574:     $r->print(&course_level_table(%inccourses));
                    575:     $r->print("<hr /><input type=submit value=\"Modify User\">\n");
                    576:     $r->print("</form></body></html>");
1.2       www       577: }
1.1       www       578: 
1.4       www       579: # ================================================================= Phase Three
1.42      matthew   580: sub update_user_data {
1.4       www       581:     my $r=shift;
1.29      matthew   582:     my $uhome=&Apache::lonnet::homeserver($ENV{'form.ccuname'},
                    583:                                           $ENV{'form.ccdomain'});
1.27      matthew   584:     # Error messages
                    585:     my $error     = '<font color="#ff0000">Error:</font>';
                    586:     my $end       = '</body></html>';
                    587:     # Print header
1.4       www       588:     $r->print(<<ENDTHREEHEAD);
                    589: <html>
                    590: <head>
                    591: <title>The LearningOnline Network with CAPA</title>
                    592: </head>
                    593: ENDTHREEHEAD
1.40      www       594:     my $title;
                    595:     if (exists($ENV{'form.makeuser'})) {
                    596: 	$title='Set Privileges for New User';
                    597:     } else {
                    598:         $title='Modify User Privileges';
                    599:     }
                    600:     $r->print(&Apache::loncommon::bodytag($title));
1.27      matthew   601:     # Check Inputs
1.29      matthew   602:     if (! $ENV{'form.ccuname'} ) {
1.27      matthew   603: 	$r->print($error.'No login name specified.'.$end);
                    604: 	return;
                    605:     }
1.29      matthew   606:     if (  $ENV{'form.ccuname'}  =~/\W/) {
1.27      matthew   607: 	$r->print($error.'Invalid login name.  '.
                    608: 		  'Only letters, numbers, and underscores are valid.'.
                    609: 		  $end);
                    610: 	return;
                    611:     }
1.29      matthew   612:     if (! $ENV{'form.ccdomain'}       ) {
1.27      matthew   613: 	$r->print($error.'No domain specified.'.$end);
                    614: 	return;
                    615:     }
1.29      matthew   616:     if (  $ENV{'form.ccdomain'} =~/\W/) {
1.27      matthew   617: 	$r->print($error.'Invalid domain name.  '.
                    618: 		  'Only letters, numbers, and underscores are valid.'.
                    619: 		  $end);
                    620: 	return;
                    621:     }
1.29      matthew   622:     if (! exists($ENV{'form.makeuser'})) {
                    623:         # Modifying an existing user, so check the validity of the name
                    624:         if ($uhome eq 'no_host') {
                    625:             $r->print($error.'Unable to determine home server for '.
                    626:                       $ENV{'form.ccuname'}.' in domain '.
                    627:                       $ENV{'form.ccdomain'}.'.');
                    628:             return;
                    629:         }
                    630:     }
1.27      matthew   631:     # Determine authentication method and password for the user being modified
                    632:     my $amode='';
                    633:     my $genpwd='';
                    634:     if ($ENV{'form.login'} eq 'krb') {
1.41      albertel  635: 	$amode='krb';
                    636: 	$amode.=$ENV{'form.krbver'};
1.30      matthew   637: 	$genpwd=$ENV{'form.krbarg'};
1.27      matthew   638:     } elsif ($ENV{'form.login'} eq 'int') {
                    639: 	$amode='internal';
1.30      matthew   640: 	$genpwd=$ENV{'form.intarg'};
1.27      matthew   641:     } elsif ($ENV{'form.login'} eq 'fsys') {
                    642: 	$amode='unix';
1.30      matthew   643: 	$genpwd=$ENV{'form.fsysarg'};
1.27      matthew   644:     } elsif ($ENV{'form.login'} eq 'loc') {
                    645: 	$amode='localauth';
                    646: 	$genpwd=$ENV{'form.locarg'};
                    647: 	$genpwd=" " if (!$genpwd);
1.35      matthew   648:     } elsif (($ENV{'form.login'} eq 'nochange') ||
                    649:              ($ENV{'form.login'} eq ''        )) { 
1.34      matthew   650:         # There is no need to tell the user we did not change what they
                    651:         # did not ask us to change.
1.35      matthew   652:         # If they are creating a new user but have not specified login
                    653:         # information this will be caught below.
1.30      matthew   654:     } else {
                    655: 	    $r->print($error.'Invalid login mode or password'.$end);    
                    656: 	    return;
1.27      matthew   657:     }
                    658:     if ($ENV{'form.makeuser'}) {
                    659:         # Create a new user
                    660: 	$r->print(<<ENDNEWUSERHEAD);
1.29      matthew   661: <h3>Creating user "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"</h2>
1.27      matthew   662: ENDNEWUSERHEAD
                    663:         # Check for the authentication mode and password
                    664:         if (! $amode || ! $genpwd) {
                    665: 	    $r->print($error.'Invalid login mode or password'.$end);    
                    666: 	    return;
1.18      albertel  667: 	}
1.29      matthew   668:         # Determine desired host
                    669:         my $desiredhost = $ENV{'form.hserver'};
                    670:         if (lc($desiredhost) eq 'default') {
                    671:             $desiredhost = undef;
                    672:         } else {
1.39      matthew   673:             my %home_servers = &Apache::loncommon::get_library_servers
1.32      matthew   674:                 ($ENV{'form.ccdomain'});  
1.29      matthew   675:             if (! exists($home_servers{$desiredhost})) {
                    676:                 $r->print($error.'Invalid home server specified');
                    677:                 return;
                    678:             }
                    679:         }
1.27      matthew   680: 	# Call modifyuser
                    681: 	my $result = &Apache::lonnet::modifyuser
1.29      matthew   682: 	    ($ENV{'form.ccdomain'},$ENV{'form.ccuname'},$ENV{'form.cstid'},
                    683:              $amode,$genpwd,$ENV{'form.cfirst'},
                    684:              $ENV{'form.cmiddle'},$ENV{'form.clast'},$ENV{'form.cgen'},
                    685:              undef,$desiredhost
1.27      matthew   686: 	     );
                    687: 	$r->print('Generating user: '.$result);
1.29      matthew   688:         my $home = &Apache::lonnet::homeserver($ENV{'form.ccuname'},
                    689:                                                $ENV{'form.ccdomain'});
                    690:         $r->print('<br>Home server: '.$home.' '.
                    691:                   $Apache::lonnet::libserv{$home});
1.35      matthew   692:     } elsif (($ENV{'form.login'} ne 'nochange') &&
                    693:              ($ENV{'form.login'} ne ''        )) {
1.27      matthew   694: 	# Modify user privileges
                    695: 	$r->print(<<ENDMODIFYUSERHEAD);
1.29      matthew   696: <h2>User "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"</h2>
1.27      matthew   697: ENDMODIFYUSERHEAD
                    698:         if (! $amode || ! $genpwd) {
                    699: 	    $r->print($error.'Invalid login mode or password'.$end);    
                    700: 	    return;
1.20      harris41  701: 	}
1.27      matthew   702: 	# Only allow authentification modification if the person has authority
1.36      matthew   703: 	if (&Apache::lonnet::allowed('mau',$ENV{'form.ccdomain'})) {
1.20      harris41  704: 	    $r->print('Modifying authentication: '.
1.31      matthew   705:                       &Apache::lonnet::modifyuserauth(
1.29      matthew   706: 		       $ENV{'form.ccdomain'},$ENV{'form.ccuname'},
1.21      harris41  707:                        $amode,$genpwd));
1.20      harris41  708:             $r->print('<br>Home server: '.&Apache::lonnet::homeserver
1.29      matthew   709: 		  ($ENV{'form.ccuname'},$ENV{'form.ccdomain'}));
1.4       www       710: 	} else {
1.27      matthew   711: 	    # Okay, this is a non-fatal error.
                    712: 	    $r->print($error.'You do not have the authority to modify '.
                    713: 		      'this users authentification information.');    
                    714: 	}
1.28      matthew   715:     }
                    716:     ##
                    717:     if (! $ENV{'form.makeuser'} ) {
                    718:         # Check for need to change
                    719:         my %userenv = &Apache::lonnet::get
                    720:             ('environment',['firstname','middlename','lastname','generation'],
1.29      matthew   721:              $ENV{'form.ccdomain'},$ENV{'form.ccuname'});
1.28      matthew   722:         my ($tmp) = keys(%userenv);
                    723:         if ($tmp =~ /^(con_lost|error)/i) { 
                    724:             %userenv = ();
                    725:         }
                    726:         # Check to see if we need to change user information
                    727:         foreach ('firstname','middlename','lastname','generation') {
                    728:             # Strip leading and trailing whitespace
                    729:             $ENV{'form.c'.$_} =~ s/(\s+$|^\s+)//g; 
                    730:         }
1.29      matthew   731:         if (&Apache::lonnet::allowed('mau',$ENV{'form.ccdomain'}) && 
1.28      matthew   732:             ($ENV{'form.cfirstname'}  ne $userenv{'firstname'}  ||
                    733:              $ENV{'form.cmiddlename'} ne $userenv{'middlename'} ||
                    734:              $ENV{'form.clastname'}   ne $userenv{'lastname'}   ||
                    735:              $ENV{'form.cgeneration'} ne $userenv{'generation'} )) {
                    736:             # Make the change
                    737:             my %changeHash;
                    738:             $changeHash{'firstname'}  = $ENV{'form.cfirstname'};
                    739:             $changeHash{'middlename'} = $ENV{'form.cmiddlename'};
                    740:             $changeHash{'lastname'}   = $ENV{'form.clastname'};
                    741:             $changeHash{'generation'} = $ENV{'form.cgeneration'};
                    742:             my $putresult = &Apache::lonnet::put
                    743:                 ('environment',\%changeHash,
1.29      matthew   744:                  $ENV{'form.ccdomain'},$ENV{'form.ccuname'});
1.28      matthew   745:             if ($putresult eq 'ok') {
                    746:             # Tell the user we changed the name
                    747:                 $r->print(<<"END");
                    748: <table border="2">
                    749: <caption>User Information Changed</caption>
                    750: <tr><th>&nbsp;</th>
                    751:     <th>first</th>
                    752:     <th>middle</th>
                    753:     <th>last</th>
                    754:     <th>generation</th></tr>
                    755: <tr><td>Previous</td>
                    756:     <td>$userenv{'firstname'}  </td>
                    757:     <td>$userenv{'middlename'} </td>
                    758:     <td>$userenv{'lastname'}   </td>
                    759:     <td>$userenv{'generation'} </td></tr>
                    760: <tr><td>Changed To</td>
                    761:     <td>$ENV{'form.cfirstname'}  </td>
                    762:     <td>$ENV{'form.cmiddlename'} </td>
                    763:     <td>$ENV{'form.clastname'}   </td>
                    764:     <td>$ENV{'form.cgeneration'} </td></tr>
                    765: </table>
                    766: END
                    767:             } else { # error occurred
                    768:                 $r->print("<h2>Unable to successfully change environment for ".
1.29      matthew   769:                       $ENV{'form.ccuname'}." in domain ".
                    770:                       $ENV{'form.ccdomain'}."</h2>");
1.28      matthew   771:             }
                    772:         }  else { # End of if ($ENV ... ) logic
                    773:             # They did not want to change the users name but we can
                    774:             # still tell them what the name is
                    775:                 $r->print(<<"END");
1.29      matthew   776: <h2>User "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"</h2>
1.28      matthew   777: <h4>$userenv{'firstname'} $userenv{'middlename'} $userenv{'lastname'} </h4>
                    778: <h4>Generation: $userenv{'generation'}</h4>
                    779: END
                    780:         }
1.4       www       781:     }
1.27      matthew   782:     ##
1.4       www       783:     my $now=time;
1.6       www       784:     $r->print('<h3>Modifying Roles</h3>');
1.24      matthew   785:     foreach (keys (%ENV)) {
1.27      matthew   786: 	next if (! $ENV{$_});
                    787: 	# Revoke roles
                    788: 	if ($_=~/^form\.rev/) {
1.64      www       789: 	    if ($_=~/^form\.rev\:([^\_]+)\_([^\_\.]+)$/) {
                    790: # Revoke standard role
1.56      www       791: 	        $r->print('Revoking '.$2.' in '.$1.': <b>'.
1.65      www       792:                      &Apache::lonnet::revokerole($ENV{'form.ccdomain'},
                    793:                      $ENV{'form.ccuname'},$1,$2).'</b><br>');
1.53      www       794: 		if ($2 eq 'st') {
                    795: 		    $1=~/^\/(\w+)\/(\w+)/;
                    796: 		    my $cid=$1.'_'.$2;
1.56      www       797: 		    $r->print('Drop from classlist: <b>'.
1.53      www       798: 			 &Apache::lonnet::critical('put:'.
                    799:                              $ENV{'course.'.$cid.'.domain'}.':'.
                    800: 	                     $ENV{'course.'.$cid.'.num'}.':classlist:'.
                    801:                          &Apache::lonnet::escape($ENV{'form.ccuname'}.':'.
                    802:                              $ENV{'form.ccdomain'}).'='.
                    803:                          &Apache::lonnet::escape($now.':'),
1.56      www       804: 	                     $ENV{'course.'.$cid.'.home'}).'</b><br>');
1.53      www       805: 		}
                    806: 	    } 
1.64      www       807: 	    if ($_=~/^form\.rev\:([^\_]+)\_cr\.cr\/(\w+)\/(\w+)\/(\w+)$/) {
                    808: # Revoke custom role
                    809: 		$r->print(
1.65      www       810:                 'Revoking custom role '.$4.' by '.$3.'@'.$2.' in '.$1.': <b>'.
                    811: &Apache::lonnet::revokecustomrole($ENV{'form.ccdomain'},
                    812: 				  $ENV{'form.ccuname'},$1,$2,$3,$4).
1.64      www       813: 		'</b><br>');
                    814: 	    }
1.53      www       815: 	} elsif ($_=~/^form\.del/) {
                    816: 	    if ($_=~/^form\.del\:([^\_]+)\_([^\_]+)$/) {
                    817: 	        $r->print('Deleting '.$2.' in '.$1.': '.
                    818:                      &Apache::lonnet::assignrole($ENV{'form.ccdomain'},
                    819:                      $ENV{'form.ccuname'},$1,$2,$now,0,1).'<br>');
1.27      matthew   820: 		if ($2 eq 'st') {
                    821: 		    $1=~/^\/(\w+)\/(\w+)/;
                    822: 		    my $cid=$1.'_'.$2;
1.56      www       823: 		    $r->print('Drop from classlist: <b>'.
1.27      matthew   824: 			 &Apache::lonnet::critical('put:'.
                    825:                              $ENV{'course.'.$cid.'.domain'}.':'.
                    826: 	                     $ENV{'course.'.$cid.'.num'}.':classlist:'.
1.29      matthew   827:                          &Apache::lonnet::escape($ENV{'form.ccuname'}.':'.
                    828:                              $ENV{'form.ccdomain'}).'='.
1.27      matthew   829:                          &Apache::lonnet::escape($now.':'),
1.56      www       830: 	                     $ENV{'course.'.$cid.'.home'}).'</b><br>');
1.27      matthew   831: 		}
                    832: 	    } 
                    833: 	} elsif ($_=~/^form\.act/) {
1.65      www       834: 	    if 
                    835: ($_=~/^form\.act\_([^\_]+)\_([^\_]+)\_cr_cr_([^\_]+)_(\w+)_([^\_]+)$/) {
                    836:                 # Activate a custom role
                    837: 		my $url='/'.$1.'/'.$2;
                    838: 		my $full=$1.'_'.$2.'_cr_cr_'.$3.'_'.$4.'_'.$5;
                    839: 		if ($ENV{'form.sec_'.$full}) {
                    840: 		    $url.='/'.$ENV{'form.sec_'.$full};
                    841: 		}
                    842: 
                    843: 		my $start = ( $ENV{'form.start_'.$full} ? 
                    844: 			      $ENV{'form.start_'.$full} : 
                    845: 			      $now );
                    846: 		my $end   = ( $ENV{'form.end_'.$full} ? 
                    847: 			      $ENV{'form.end_'.$full} :
                    848: 			      0 );
                    849: 
                    850:     $r->print('Assigning custom role "'.$5.'" by '.$4.'@'.$3.' in '.$url.
                    851:                          ($start?', starting '.localtime($start):'').
                    852:                          ($end?', ending '.localtime($end):'').': <b>'.
                    853: 	      &Apache::lonnet::assigncustomrole(
                    854: 	$ENV{'form.ccdomain'},$ENV{'form.ccuname'},$url,$3,$4,$5,$end,$start).
                    855: 	      '</b><br>');
                    856: 	    } elsif ($_=~/^form\.act\_([^\_]+)\_([^\_]+)\_([^\_]+)$/) {
1.27      matthew   857: 		# Activate roles for sections with 3 id numbers
                    858: 		# set start, end times, and the url for the class
1.55      www       859: 
                    860: 		my $start = ( $ENV{'form.start_'.$1.'_'.$2.'_'.$3} ? 
                    861: 			      $ENV{'form.start_'.$1.'_'.$2.'_'.$3} : 
1.27      matthew   862: 			      $now );
1.55      www       863: 		my $end   = ( $ENV{'form.end_'.$1.'_'.$2.'_'.$3} ? 
                    864: 			      $ENV{'form.end_'.$1.'_'.$2.'_'.$3} :
1.27      matthew   865: 			      0 );
                    866: 		my $url='/'.$1.'/'.$2;
                    867: 		if ($ENV{'form.sec_'.$1.'_'.$2.'_'.$3}) {
                    868: 		    $url.='/'.$ENV{'form.sec_'.$1.'_'.$2.'_'.$3};
                    869: 		}
                    870: 		# Assign the role and report it
1.65      www       871: 		$r->print('Assigning '.$3.' in '.$url.
1.55      www       872:                          ($start?', starting '.localtime($start):'').
1.56      www       873:                          ($end?', ending '.localtime($end):'').': <b>'.
1.27      matthew   874:                           &Apache::lonnet::assignrole(
1.29      matthew   875:                               $ENV{'form.ccdomain'},$ENV{'form.ccuname'},
1.27      matthew   876:                               $url,$3,$end,$start).
1.56      www       877: 			  '</b><br>');
1.27      matthew   878: 		# Handle students differently
                    879: 		if ($3 eq 'st') {
                    880: 		    $url=~/^\/(\w+)\/(\w+)/;
                    881: 		    my $cid=$1.'_'.$2;
1.56      www       882: 		    $r->print('Add to classlist: <b>'.
1.27      matthew   883: 			      &Apache::lonnet::critical(
                    884: 				  'put:'.$ENV{'course.'.$cid.'.domain'}.':'.
                    885: 	                           $ENV{'course.'.$cid.'.num'}.':classlist:'.
                    886:                                    &Apache::lonnet::escape(
1.29      matthew   887:                                        $ENV{'form.ccuname'}.':'.
                    888:                                        $ENV{'form.ccdomain'} ).'='.
1.27      matthew   889:                                    &Apache::lonnet::escape($end.':'.$start),
                    890: 				       $ENV{'course.'.$cid.'.home'})
1.56      www       891: 			      .'</b><br>');
1.27      matthew   892: 		}
                    893: 	    } elsif ($_=~/^form\.act\_([^\_]+)\_([^\_]+)$/) {
                    894: 		# Activate roles for sections with two id numbers
                    895: 		# set start, end times, and the url for the class
                    896: 		my $start = ( $ENV{'form.start_'.$1.'_'.$2} ? 
                    897: 			      $ENV{'form.start_'.$1.'_'.$2} : 
                    898: 			      $now );
                    899: 		my $end   = ( $ENV{'form.end_'.$1.'_'.$2} ? 
                    900: 			      $ENV{'form.end_'.$1.'_'.$2} :
                    901: 			      0 );
                    902: 		my $url='/'.$1.'/';
                    903: 		# Assign the role and report it.
1.65      www       904: 		$r->print('Assigning '.$2.' in '.$url.': '.
1.56      www       905:                          ($start?', starting '.localtime($start):'').
                    906:                          ($end?', ending '.localtime($end):'').': <b>'.
1.27      matthew   907:                           &Apache::lonnet::assignrole(
1.29      matthew   908:                               $ENV{'form.ccdomain'},$ENV{'form.ccuname'},
1.27      matthew   909:                               $url,$2,$end,$start)
1.56      www       910: 			  .'</b><br>');
1.64      www       911: 	    } else {
                    912: 		$r->print('<p>ERROR: Unknown command <tt>'.$_.'</tt></p><br>');
                    913:             }
1.27      matthew   914: 	} 
                    915:     } # End of foreach (keys(%ENV))
1.5       www       916:     $r->print('</body></html>');
1.4       www       917: }
                    918: 
1.58      www       919: # ========================================================== Custom Role Editor
                    920: 
                    921: sub custom_role_editor {
                    922:     my $r=shift;
                    923:     my $rolename=$ENV{'form.rolename'};
                    924: 
1.59      www       925:     if ($rolename eq 'make new role') {
                    926: 	$rolename=$ENV{'form.newrolename'};
                    927:     }
                    928: 
1.63      www       929:     $rolename=~s/[^A-Za-z0-9]//gs;
1.58      www       930: 
                    931:     unless ($rolename) {
                    932: 	&print_username_entry_form($r);
                    933:         return;
                    934:     }
                    935: 
                    936:     $r->print(&Apache::loncommon::bodytag(
1.59      www       937:                      'Create Users, Change User Privileges').'<h2>');
1.61      www       938:     my $syspriv='';
                    939:     my $dompriv='';
                    940:     my $coursepriv='';
1.59      www       941:     my ($rdummy,$roledef)=
                    942: 			 &Apache::lonnet::get('roles',["rolesdef_$rolename"]);
1.60      www       943: # ------------------------------------------------------- Does this role exist?
1.59      www       944:     if (($rdummy ne 'con_lost') && ($roledef ne '')) {
                    945: 	$r->print('Existing Role "');
1.61      www       946: # ------------------------------------------------- Get current role privileges
                    947: 	($syspriv,$dompriv,$coursepriv)=split(/\_/,$roledef);
1.59      www       948:     } else {
                    949: 	$r->print('New Role "');
                    950: 	$roledef='';
                    951:     }
                    952:     $r->print($rolename.'"</h2>');
1.60      www       953: # ------------------------------------------------------- What can be assigned?
                    954:     my %full=();
                    955:     my %courselevel=();
1.61      www       956:     my %courselevelcurrent=();
1.60      www       957:     foreach (split(/\:/,$Apache::lonnet::pr{'cr:c'})) {
                    958: 	my ($priv,$restrict)=split(/\&/,$_);
                    959:         unless ($restrict) { $restrict='F'; }
                    960:         $courselevel{$priv}=$restrict;
1.61      www       961:         if ($coursepriv=~/\:$priv/) {
                    962: 	    $courselevelcurrent{$priv}=1;
                    963: 	}
1.60      www       964: 	$full{$priv}=1;
                    965:     }
                    966:     my %domainlevel=();
1.61      www       967:     my %domainlevelcurrent=();
1.60      www       968:     foreach (split(/\:/,$Apache::lonnet::pr{'cr:d'})) {
                    969: 	my ($priv,$restrict)=split(/\&/,$_);
                    970:         unless ($restrict) { $restrict='F'; }
                    971:         $domainlevel{$priv}=$restrict;
1.61      www       972:         if ($dompriv=~/\:$priv/) {
                    973: 	    $domainlevelcurrent{$priv}=1;
                    974: 	}
1.60      www       975: 	$full{$priv}=1;
                    976:     }
1.61      www       977:     my %systemlevel=();
                    978:     my %systemlevelcurrent=();
                    979:     foreach (split(/\:/,$Apache::lonnet::pr{'cr:s'})) {
                    980: 	my ($priv,$restrict)=split(/\&/,$_);
                    981:         unless ($restrict) { $restrict='F'; }
                    982:         $systemlevel{$priv}=$restrict;
                    983:         if ($syspriv=~/\:$priv/) {
                    984: 	    $systemlevelcurrent{$priv}=1;
                    985: 	}
                    986: 	$full{$priv}=1;
                    987:     }
                    988:     $r->print(<<ENDCCF);
                    989: <form method="post">
                    990: <input type="hidden" name="phase" value="set_custom_roles" />
                    991: <input type="hidden" name="rolename" value="$rolename" />
                    992: <table border="2">
                    993: <tr><th>Privilege</th><th>Course Level</th><th>Domain Level</th>
                    994: <th>System Level</th></tr>
                    995: ENDCCF
1.60      www       996:     foreach (sort keys %full) {
                    997: 	$r->print('<tr><td>'.&Apache::lonnet::plaintext($_).'</td><td>'.
1.61      www       998:     ($courselevel{$_}?'<input type="checkbox" name="'.$_.':c" '.
                    999:     ($courselevelcurrent{$_}?'checked="1"':'').' />':'&nbsp;').
                   1000:     '</td><td>'.
                   1001:     ($domainlevel{$_}?'<input type="checkbox" name="'.$_.':d" '.
                   1002:     ($domainlevelcurrent{$_}?'checked="1"':'').' />':'&nbsp;').
                   1003:     '</td><td>'.
                   1004:     ($systemlevel{$_}?'<input type="checkbox" name="'.$_.':s" '.
                   1005:     ($systemlevelcurrent{$_}?'checked="1"':'').' />':'&nbsp;').
                   1006:     '</td></tr>');
1.60      www      1007:     }
1.61      www      1008:     $r->print(
                   1009:    '<table><input type="submit" value="Define Role" /></form></body></html>');
                   1010: }
                   1011: 
                   1012: # ---------------------------------------------------------- Call to definerole
                   1013: sub set_custom_role {
                   1014:     my $r=shift;
                   1015: 
                   1016:     my $rolename=$ENV{'form.rolename'};
                   1017: 
1.63      www      1018:     $rolename=~s/[^A-Za-z0-9]//gs;
1.61      www      1019: 
                   1020:     unless ($rolename) {
                   1021: 	&print_username_entry_form($r);
                   1022:         return;
                   1023:     }
                   1024: 
                   1025:     $r->print(&Apache::loncommon::bodytag(
                   1026:                      'Create Users, Change User Privileges').'<h2>');
                   1027:     my ($rdummy,$roledef)=
                   1028: 			 &Apache::lonnet::get('roles',["rolesdef_$rolename"]);
                   1029: # ------------------------------------------------------- Does this role exist?
                   1030:     if (($rdummy ne 'con_lost') && ($roledef ne '')) {
                   1031: 	$r->print('Existing Role "');
                   1032:     } else {
                   1033: 	$r->print('New Role "');
                   1034: 	$roledef='';
                   1035:     }
                   1036:     $r->print($rolename.'"</h2>');
                   1037: # ------------------------------------------------------- What can be assigned?
                   1038:     my $sysrole='';
                   1039:     my $domrole='';
                   1040:     my $courole='';
                   1041: 
                   1042:     foreach (split(/\:/,$Apache::lonnet::pr{'cr:c'})) {
                   1043: 	my ($priv,$restrict)=split(/\&/,$_);
                   1044:         unless ($restrict) { $restrict=''; }
                   1045:         if ($ENV{'form.'.$priv.':c'}) {
                   1046: 	    $courole.=':'.$_;
                   1047: 	}
                   1048:     }
                   1049: 
                   1050:     foreach (split(/\:/,$Apache::lonnet::pr{'cr:d'})) {
                   1051: 	my ($priv,$restrict)=split(/\&/,$_);
                   1052:         unless ($restrict) { $restrict=''; }
                   1053:         if ($ENV{'form.'.$priv.':d'}) {
                   1054: 	    $domrole.=':'.$_;
                   1055: 	}
                   1056:     }
                   1057: 
                   1058:     foreach (split(/\:/,$Apache::lonnet::pr{'cr:s'})) {
                   1059: 	my ($priv,$restrict)=split(/\&/,$_);
                   1060:         unless ($restrict) { $restrict=''; }
                   1061:         if ($ENV{'form.'.$priv.':s'}) {
                   1062: 	    $sysrole.=':'.$_;
                   1063: 	}
                   1064:     }
1.63      www      1065:     $r->print('<br />Defining Role: '.
1.61      www      1066: 	   &Apache::lonnet::definerole($rolename,$sysrole,$domrole,$courole));
1.63      www      1067:     if ($ENV{'request.course.id'}) {
                   1068:         my $url='/'.$ENV{'request.course.id'};
                   1069:         $url=~s/\_/\//g;
                   1070: 	$r->print('<br />Assigning Role to Self: '.
                   1071: 	      &Apache::lonnet::assigncustomrole($ENV{'user.domain'},
                   1072: 						$ENV{'user.name'},
                   1073: 						$url,
                   1074: 						$ENV{'user.domain'},
                   1075: 						$ENV{'user.name'},
                   1076: 						$rolename));
                   1077:     }
1.61      www      1078:     $r->print('</body></html>');
1.58      www      1079: }
                   1080: 
1.2       www      1081: # ================================================================ Main Handler
                   1082: sub handler {
                   1083:     my $r = shift;
                   1084: 
                   1085:     if ($r->header_only) {
1.68      www      1086:        &Apache::loncommon::content_type($r,'text/html');
1.2       www      1087:        $r->send_http_header;
                   1088:        return OK;
                   1089:     }
                   1090: 
                   1091:     if ((&Apache::lonnet::allowed('cta',$ENV{'request.course.id'})) ||
                   1092:         (&Apache::lonnet::allowed('cin',$ENV{'request.course.id'})) || 
                   1093:         (&Apache::lonnet::allowed('ccr',$ENV{'request.course.id'})) || 
                   1094:         (&Apache::lonnet::allowed('cep',$ENV{'request.course.id'})) ||
1.42      matthew  1095:         (&Apache::lonnet::allowed('cca',$ENV{'request.role.domain'})) ||
                   1096:         (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'}))) {
1.68      www      1097:        &Apache::loncommon::content_type($r,'text/html');
1.2       www      1098:        $r->send_http_header;
                   1099:        unless ($ENV{'form.phase'}) {
1.42      matthew  1100: 	   &print_username_entry_form($r);
1.2       www      1101:        }
1.42      matthew  1102:        if ($ENV{'form.phase'} eq 'get_user_info') {
                   1103:            &print_user_modification_page($r);
                   1104:        } elsif ($ENV{'form.phase'} eq 'update_user_data') {
                   1105:            &update_user_data($r);
1.58      www      1106:        } elsif ($ENV{'form.phase'} eq 'selected_custom_edit') {
                   1107:            &custom_role_editor($r);
1.61      www      1108:        } elsif ($ENV{'form.phase'} eq 'set_custom_roles') {
                   1109: 	   &set_custom_role($r);
1.2       www      1110:        }
1.1       www      1111:    } else {
                   1112:       $ENV{'user.error.msg'}=
1.9       albertel 1113:         "/adm/createuser:mau:0:0:Cannot modify user data";
1.1       www      1114:       return HTTP_NOT_ACCEPTABLE; 
                   1115:    }
                   1116:    return OK;
                   1117: } 
1.26      matthew  1118: 
1.27      matthew  1119: #-------------------------------------------------- functions for &phase_two
1.26      matthew  1120: sub course_level_table {
                   1121:     my %inccourses = @_;
                   1122:     my $table = '';
1.62      www      1123: # Custom Roles?
                   1124: 
                   1125:     my %customroles=&my_custom_roles();
                   1126: 
1.26      matthew  1127:     foreach (sort( keys(%inccourses))) {
                   1128: 	my $thiscourse=$_;
                   1129: 	my $protectedcourse=$_;
                   1130: 	$thiscourse=~s:_:/:g;
                   1131: 	my %coursedata=&Apache::lonnet::coursedescription($thiscourse);
                   1132: 	my $area=$coursedata{'description'};
1.50      albertel 1133: 	if (!defined($area)) { $area='Unavailable course: '.$_; }
1.26      matthew  1134: 	my $bgcol=$thiscourse;
1.62      www      1135: 	$bgcol=~s/[^7-9a-e]//g;
                   1136: 	$bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',2,6);
1.26      matthew  1137: 	foreach  ('st','ta','ep','ad','in','cc') {
                   1138: 	    if (&Apache::lonnet::allowed('c'.$_,$thiscourse)) {
                   1139: 		my $plrole=&Apache::lonnet::plaintext($_);
                   1140: 		$table .= <<ENDEXTENT;
                   1141: <tr bgcolor="#$bgcol">
                   1142: <td><input type="checkbox" name="act_$protectedcourse\_$_"></td>
                   1143: <td>$plrole</td>
                   1144: <td>$area</td>
                   1145: ENDEXTENT
                   1146: 	        if ($_ ne 'cc') {
                   1147: 		    $table .= <<ENDSECTION;
                   1148: <td><input type="text" size="5" name="sec_$protectedcourse\_$_"></td>
                   1149: ENDSECTION
                   1150:                 } else { 
                   1151: 		    $table .= <<ENDSECTION;
                   1152: <td>&nbsp</td> 
                   1153: ENDSECTION
                   1154:                 }
                   1155: 		$table .= <<ENDTIMEENTRY;
                   1156: <td><input type=hidden name="start_$protectedcourse\_$_" value=''>
                   1157: <a href=
                   1158: "javascript:pjump('date_start','Start Date $plrole',document.cu.start_$protectedcourse\_$_.value,'start_$protectedcourse\_$_','cu.pres','dateset')">Set Start Date</a></td>
                   1159: <td><input type=hidden name="end_$protectedcourse\_$_" value=''>
                   1160: <a href=
                   1161: "javascript:pjump('date_end','End Date $plrole',document.cu.end_$protectedcourse\_$_.value,'end_$protectedcourse\_$_','cu.pres','dateset')">Set End Date</a></td>
                   1162: ENDTIMEENTRY
                   1163:                 $table.= "</tr>\n";
                   1164:             }
                   1165:         }
1.62      www      1166:         foreach (sort keys %customroles) {
1.65      www      1167: 	    if (&Apache::lonnet::allowed('ccr',$thiscourse)) {
                   1168: 		my $plrole=$_;
                   1169:                 my $customrole=$protectedcourse.'_cr_cr_'.$ENV{'user.domain'}.
                   1170: 		    '_'.$ENV{'user.name'}.'_'.$plrole;
                   1171: 		$table .= <<ENDENTRY;
1.62      www      1172: <tr bgcolor="#$bgcol">
1.65      www      1173: <td><input type="checkbox" name="act_$customrole"></td>
1.62      www      1174: <td>$plrole</td>
                   1175: <td>$area</td>
1.65      www      1176: <td><input type="text" size="5" name="sec_$customrole"></td>
                   1177: <td><input type=hidden name="start_$customrole" value=''>
1.62      www      1178: <a href=
1.65      www      1179: "javascript:pjump('date_start','Start Date $plrole',document.cu.start_$customrole.value,'start_$customrole','cu.pres','dateset')">Set Start Date</a></td>
                   1180: <td><input type=hidden name="end_$customrole" value=''>
1.62      www      1181: <a href=
1.65      www      1182: "javascript:pjump('date_end','End Date $plrole',document.cu.end_$customrole.value,'end_$customrole','cu.pres','dateset')">Set End Date</a></td></tr>
1.62      www      1183: ENDENTRY
1.65      www      1184:            }
1.62      www      1185: 	}
1.26      matthew  1186:     }
                   1187:     return '' if ($table eq ''); # return nothing if there is nothing 
                   1188:                                  # in the table
                   1189:     my $result = <<ENDTABLE;
                   1190: <h4>Course Level</h4>
                   1191: <table border=2><tr><th>Activate</th><th>Role</th><th>Extent</th>
                   1192: <th>Group/Section</th><th>Start</th><th>End</th></tr>
                   1193: $table
                   1194: </table>
                   1195: ENDTABLE
                   1196:     return $result;
                   1197: }
1.27      matthew  1198: #---------------------------------------------- end functions for &phase_two
1.29      matthew  1199: 
                   1200: #--------------------------------- functions for &phase_two and &phase_three
                   1201: 
                   1202: #--------------------------end of functions for &phase_two and &phase_three
1.1       www      1203: 
                   1204: 1;
                   1205: __END__
1.2       www      1206: 
                   1207: 

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>