--- loncom/interface/lonhelper.pm 2010/09/02 00:19:17 1.180.2.2
+++ loncom/interface/lonhelper.pm 2015/08/15 20:11:57 1.195
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# .helper XML handler to implement the LON-CAPA helper
#
-# $Id: lonhelper.pm,v 1.180.2.2 2010/09/02 00:19:17 raeburn Exp $
+# $Id: lonhelper.pm,v 1.195 2015/08/15 20:11:57 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -64,9 +64,11 @@ messages, resource selections, or date q
The helper tag is required to have one attribute, "title", which is the name
of the helper itself, such as "Parameter helper". The helper tag may optionally
-have a "requiredpriv" attribute, specifying the priviledge a user must have
+have a "requiredpriv" attribute, specifying the privilege a user must have
to use the helper, or get denied access. See loncom/auth/rolesplain.tab for
-useful privs. Default is full access, which is often wrong!
+useful privs. You may add the modifier &S at the end of the three letter priv
+if you want to grant access to users for whom the corresponding privilege is
+section-specific. The default is full access, which is often wrong!
=head2 State tags
@@ -261,7 +263,7 @@ sub real_handler {
my $uri = shift;
if (!defined($uri)) { $uri = $r->uri(); }
$env{'request.uri'} = $uri;
- my $filename = '/home/httpd/html' . $uri;
+ my $filename = $r->dir_config('lonDocRoot').$uri;
my $fh = Apache::File->new($filename);
my $file;
read $fh, $file, 100000000;
@@ -283,7 +285,8 @@ sub real_handler {
my $allowed = $helper->allowedCheck();
if (!$allowed) {
- $env{'user.error.msg'} = $env{'request.uri'}.':'.$helper->{REQUIRED_PRIV}.
+ my ($priv,$modifier) = split(/\&/,$helper->{REQUIRED_PRIV});
+ $env{'user.error.msg'} = $env{'request.uri'}.':'.$priv.
":0:0:Permission denied to access this helper.";
return HTTP_NOT_ACCEPTABLE;
}
@@ -508,8 +511,13 @@ sub allowedCheck {
if (!defined($self->{REQUIRED_PRIV})) {
return 1;
}
-
- return Apache::lonnet::allowed($self->{REQUIRED_PRIV}, $env{'request.course.id'});
+ my ($priv,$modifier) = split(/\&/,$self->{REQUIRED_PRIV});
+ my $allowed = &Apache::lonnet::allowed($priv,$env{'request.course.id'});
+ if ((!$allowed) && ($modifier eq 'S') && ($env{'request.course.sec'} ne '')) {
+ $allowed = &Apache::lonnet::allowed($priv,$env{'request.course.id'}.'/'.
+ $env{'request.course.sec'});
+ }
+ return $allowed;
}
sub changeState {
@@ -651,7 +659,7 @@ sub display {
$result .= $buttons;
- #foreach my $key (keys %{$self->{VARS}}) {
+ #foreach my $key (keys(%{$self->{VARS}})) {
# $result .= "|$key| -> " . $self->{VARS}->{$key} . " ";
#}
@@ -1476,9 +1484,9 @@ BUTTONS
HTML::Entities::encode($choice->[1],"<>&\"'")
. "'";
if ($checkedChoices{$choice->[1]}) {
- $result .= " checked='checked' ";
+ $result .= " checked='checked'";
}
- $result .= qq{id="id$id"};
+ $result .= qq{ id="id$id"};
my $choiceLabel = $choice->[0];
if ($choice->[3]) { # if we need to evaluate this choice
$choiceLabel = "sub { my $helper = shift; my $state = shift;" .
@@ -1486,7 +1494,7 @@ BUTTONS
$choiceLabel = eval($choiceLabel);
$choiceLabel = &$choiceLabel($helper, $self);
}
- $result .= "/>