File:
[LON-CAPA] /
loncom /
interface /
lontiny.pm
Revision
1.9:
download - view:
text,
annotated -
select for diffs
Tue May 24 16:23:04 2022 UTC (2 years, 2 months ago) by
raeburn
Branches:
MAIN
CVS tags:
HEAD
- Bug 6907 option to stop deep-linked items escaping iframe context.
Seventh component (target) added to the deeplink parameter.
Launch of deep-link (i.e. a tiny URL) sets $env{'request.deeplink.target'}.
1: # The LearningOnline Network with CAPA
2: # Extract domain, courseID, and symb from a shortened URL,
3: # and switch role to a role in designated course.
4: #
5: # $Id: lontiny.pm,v 1.9 2022/05/24 16:23:04 raeburn Exp $
6: #
7: # Copyright Michigan State University Board of Trustees
8: #
9: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
10: #
11: # LON-CAPA is free software; you can redistribute it and/or modify
12: # it under the terms of the GNU General Public License as published by
13: # the Free Software Foundation; either version 2 of the License, or
14: # (at your option) any later version.
15: #
16: # LON-CAPA is distributed in the hope that it will be useful,
17: # but WITHOUT ANY WARRANTY; without even the implied warranty of
18: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19: # GNU General Public License for more details.
20: #
21: # You should have received a copy of the GNU General Public License
22: # along with LON-CAPA; if not, write to the Free Software
23: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24: #
25: # /home/httpd/html/adm/gpl.txt
26: #
27: # http://www.lon-capa.org/
28: #
29:
30: package Apache::lontiny;
31:
32: use strict;
33: use Apache::Constants qw(:common :http);
34: use Apache::lonnet;
35: use Apache::loncommon;
36: use Apache::lonhtmlcommon;
37: use Apache::lonroles;
38: use Apache::lonuserstate;
39: use Apache::lonnavmaps;
40: use Apache::lonlocal;
41: use LONCAPA qw(:DEFAULT :match);
42:
43: sub handler {
44: my $r = shift;
45: my %user;
46: my $handle = &Apache::lonnet::check_for_valid_session($r,undef,\%user);
47: if ($handle ne '') {
48: my $lonidsdir=$r->dir_config('lonIDsDir');
49: &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
50: if ($r->uri =~ m{^/tiny/($match_domain)/(\w+)$}) {
51: my ($cdom,$key) = ($1,$2);
52: if (&Apache::lonnet::domain($cdom) ne '') {
53: my $configuname = &Apache::lonnet::get_domainconfiguser($cdom);
54: my $tinyurl;
55: my ($result,$cached)=&Apache::lonnet::is_cached_new('tiny',$cdom."\0".$key);
56: if (defined($cached)) {
57: $tinyurl = $result;
58: } else {
59: my %currtiny = &Apache::lonnet::get('tiny',[$key],$cdom,$configuname);
60: if ($currtiny{$key} ne '') {
61: $tinyurl = $currtiny{$key};
62: &Apache::lonnet::do_cache_new('tiny',$cdom."\0".$key,$currtiny{$key},600);
63: }
64: }
65: if ($tinyurl) {
66: my ($cnum,$symb) = split(/\&/,$tinyurl);
67: if ($cnum =~ /^$match_courseid$/) {
68: my $chome = &Apache::lonnet::homeserver($cnum,$cdom);
69: if ($chome ne 'no_host') {
70: &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['ttoken']);
71: if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
72: # Check for ttoken
73: my $newlauncher = &launch_check($r->uri,$symb);
74: my ($map,$resid,$url) = &Apache::lonnet::decode_symb($symb);
75: if (&Apache::lonnet::is_on_map($url)) {
76: my $realuri;
77: if ((&Apache::lonnet::EXT('resource.0.hiddenresource',$symb) =~ /^yes$/i) &&
78: (!$env{'request.role.adv'})) {
79: $env{'user.error.msg'}=$r->uri.':bre:1:1:Access to resource denied';
80: return HTTP_NOT_ACCEPTABLE;
81: }
82: if ((&Apache::lonnet::EXT('resource.0.encrypturl',$symb) =~ /^yes$/i) &&
83: (!$env{'request.role.adv'})) {
84: $realuri = &Apache::lonenc::encrypted(&Apache::lonnet::clutter($url));
85: if (($url =~ /\.sequence$/) &&
86: ($env{'course.'.$env{'request.course.id'}.'.type'} ne 'Placement')) {
87: $realuri .= '?navmap=1';
88: } else {
89: $realuri .= '?symb='.&Apache::lonenc::encrypted($symb);
90: }
91: } else {
92: $realuri = &Apache::lonnet::clutter($url);
93: if (($url =~ /\.sequence$/) &&
94: ($env{'course.'.$env{'request.course.id'}.'.type'} ne 'Placement')) {
95: $realuri .= '?navmap=1';
96: } else {
97: $realuri .= '?symb='.$symb;
98: }
99: }
100: my $update;
101: # Check if course needs to be re-initialized
102: if ($newlauncher) {
103: $update = 1;
104: } else {
105: my $loncaparev = $r->dir_config('lonVersion');
106: my ($result,@reinit) = &Apache::loncommon::needs_coursereinit($loncaparev);
107: if ($result eq 'update') {
108: $update = 1;
109: } elsif (!-e $env{'request.course.fn'}.'.db') {
110: $update = 1;
111: } elsif (!$env{'request.role.adv'}) {
112: my $navmap = Apache::lonnavmaps::navmap->new();
113: if (ref($navmap)) {
114: my $res = $navmap->getBySymb($symb);
115: if (ref($res)) {
116: my ($enc_in_bighash,$enc_in_parm);
117: $enc_in_bighash = $res->encrypted();
118: if (&Apache::lonnet::EXT('resource.0.encrypturl',$symb) =~ /^yes$/i) {
119: $enc_in_parm = 1;
120: }
121: if ($enc_in_bighash ne $enc_in_parm) {
122: $update = 1;
123: }
124: }
125: }
126: }
127: }
128: if ($update) {
129: my ($furl,$ferr)=
130: &Apache::lonuserstate::readmap($cdom.'/'.$cnum);
131: if ($ferr) {
132: $env{'user.error.msg'}=$r->uri.':bre:0:0:Course not initialized';
133: $env{'user.reinit'} = 1;
134: return HTTP_NOT_ACCEPTABLE;
135: }
136: }
137: my $host = $r->headers_in->get('Host');
138: if (!$host) {
139: $r->internal_redirect($realuri);
140: return OK;
141: } else {
142: my $protocol = 'http';
143: if ($r->get_server_port == 443) {
144: $protocol = 'https';
145: }
146: my $location = $protocol.'://'.$host.$realuri;
147: $r->headers_out->set(Location => $location);
148: return REDIRECT;
149: }
150: }
151: } else {
152: my %crsenv = &Apache::lonnet::coursedescription("$cdom/$cnum");
153: my @possroles = ('in','ta','ep','st','cr','ad');
154: if ($crsenv{'type'} eq 'Community') {
155: unshift(@possroles,'co');
156: } else {
157: unshift(@possroles,'cc');
158: }
159: my %roleshash = &Apache::lonnet::get_my_roles($env{'user.uname'},
160: $env{'user.domain'},
161: 'userroles',undef,
162: \@possroles,[$cdom],1);
163: my (%possroles,$hassection);
164: if (keys(%roleshash)) {
165: foreach my $entry (keys(%roleshash)) {
166: if ($entry =~ /^\Q$cnum:$cdom:\E([^:]+):([^:]*)$/) {
167: $possroles{$1} = $2;
168: if ($2 ne '') {
169: $hassection = 1;
170: }
171: }
172: }
173: }
174: my @allposs = keys(%possroles);
175: if ($env{'request.lti.login'}) {
176: &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'});
177: if ($env{'request.lti.target'} eq '') {
178: if ($env{'form.ltitarget'} eq 'iframe') {
179: &Apache::lonnet::appenv({'request.lti.target' => 'iframe'});
180: delete($env{'form.ltitarget'});
181: }
182: }
183: if ($env{'form.selectrole'}) {
184: foreach my $role (@allposs) {
185: my $newrole = "$role./$cdom/$cnum";
186: if ($possroles{$allposs[0]} ne '') {
187: $newrole .= "/$possroles{$role}";
188: }
189: if ($env{"form.$newrole"}) {
190: my $destination .= '/adm/roles?selectrole=1&'.$newrole.'=1'.
191: '&destinationurl='.&HTML::Entities::encode($r->uri);
192: if ($env{'form.ltitarget'} eq 'iframe') {
193: $destination .= '<itarget=iframe';
194: }
195: &do_redirect($r,$destination);
196: return OK;
197: }
198: }
199: }
200: }
201: if (@allposs == 0) {
202: &show_roles($r,\%crsenv,\%possroles);
203: } elsif (@allposs == 1) {
204: my $newrole = "$allposs[0]./$cdom/$cnum";
205: $newrole = "$allposs[0]./$cdom/$cnum";
206: if ($possroles{$allposs[0]} ne '') {
207: $newrole .= "/$possroles{$allposs[0]}";
208: }
209: my $destination .= '/adm/roles?selectrole=1&'.$newrole.'=1'.
210: '&destinationurl='.&HTML::Entities::encode($r->uri);
211: if ($env{'form.ttoken'}) {
212: $destination .= '&ttoken='.$env{'form.ttoken'};
213: }
214: &do_redirect($r,$destination);
215: } elsif (keys(%possroles) > 1) {
216: if (grep(/^(cc|co)$/,@allposs)) {
217: my $newrole;
218: if (exists($possroles{'cc'})) {
219: $newrole = 'cc';
220: } else {
221: $newrole = 'co';
222: }
223: $newrole .= "./$cdom/$cnum";
224: my $destination .= '/adm/roles?selectrole=1&'.$newrole.'=1'.
225: '&destinationurl='.&HTML::Entities::encode($r->uri);
226: if ($env{'form.ttoken'}) {
227: $destination .= '&ttoken='.$env{'form.ttoken'};
228: }
229: &do_redirect($r,$destination);
230: } else {
231: my $hascustom;
232: if (grep(/^cr\//,@allposs)) {
233: $hascustom = 1;
234: }
235: &show_roles($r,\%crsenv,\%possroles,$hassection,$hascustom);
236: }
237: }
238: return OK;
239: }
240: }
241: }
242: }
243: }
244: }
245: &generic_error($r);
246: return OK;
247: } else {
248: return FORBIDDEN;
249: }
250: }
251:
252: sub launch_check {
253: my ($linkuri,$symb) = @_;
254: my ($linkprotector,$linkproturi,$linkkey,$newlauncher);
255: if ($env{'form.ttoken'}) {
256: my %link_info = &Apache::lonnet::tmpget($env{'form.ttoken'});
257: &Apache::lonnet::tmpdel($env{'form.ttoken'});
258: delete($env{'form.ttoken'});
259: if ($link_info{'linkprot'}) {
260: ($linkprotector,$linkproturi) = split(/:/,$link_info{'linkprot'},2);
261: if ($env{'user.linkprotector'}) {
262: my @protectors = split(/,/,$env{'user.linkprotector'});
263: unless (grep(/^\Q$linkprotector\E$/,@protectors)) {
264: push(@protectors,$linkprotector);
265: @protectors = sort { $a <=> $b } @protectors;
266: &Apache::lonnet::appenv({'user.linkprotector' => join(',',@protectors)});
267: }
268: } else {
269: &Apache::lonnet::appenv({'user.linkprotector' => $linkprotector });
270: }
271: if ($env{'user.linkproturi'}) {
272: my @proturis = split(/,/,$env{'user.linkproturi'});
273: unless(grep(/^\Q$linkproturi\E$/,@proturis)) {
274: push(@proturis,$linkproturi);
275: @proturis = sort(@proturis);
276: &Apache::lonnet::appenv({'user.linkproturi' => join(',',@proturis)});
277: }
278: } else {
279: &Apache::lonnet::appenv({'user.linkproturi' => $linkproturi});
280: }
281: } elsif ($link_info{'linkkey'} ne '') {
282: $linkkey = $link_info{'linkkey'};
283: my $keyedlinkuri = $linkuri;
284: if ($env{'user.deeplinkkey'} ne '') {
285: my @linkkeys = split(/,/,$env{'user.deeplinkkey'});
286: unless (grep(/^\Q$linkkey\E$/,@linkkeys)) {
287: push(@linkkeys,$linkkey);
288: &Apache::lonnet::appenv({'user.deeplinkkey' => join(',',sort(@linkkeys))});
289: }
290: } else {
291: &Apache::lonnet::appenv({'user.deeplinkkey' => $linkkey});
292: }
293: if ($env{'user.keyedlinkuri'}) {
294: my @keyeduris = split(/,/,$env{'user.keyedlinkuri'});
295: unless (grep(/^\Q$keyedlinkuri\E$/,@keyeduris)) {
296: push(@keyeduris,$keyedlinkuri);
297: &Apache::lonnet::appenv({'user.keyedlinkuri' => join(',',sort(@keyeduris))});
298: }
299: } else {
300: &Apache::lonnet::appenv({'user.keyedlinkuri' => $keyedlinkuri});
301: }
302: }
303: if ($link_info{'checklaunch'}) {
304: $newlauncher = 1;
305: }
306: }
307: my $currdeeplinklogin = $env{'request.deeplink.login'};
308: my $deeplink;
309: if ($symb =~ /\.(page|sequence)$/) {
310: my $mapname = &Apache::lonnet::deversion((&Apache::lonnet::decode_symb($symb))[2]);
311: my $navmap = Apache::lonnavmaps::navmap->new();
312: if (ref($navmap)) {
313: $deeplink = $navmap->get_mapparam(undef,$mapname,'0.deeplink');
314: }
315: } else {
316: $deeplink = &Apache::lonnet::EXT('resource.0.deeplink',$symb);
317: }
318: if ($deeplink ne '') {
319: my $disallow;
320: my ($state,$others,$listed,$scope,$protect,$display,$target) = split(/,/,$deeplink);
321: if (($protect ne 'none') && ($protect ne '')) {
322: my ($acctype,$item) = split(/:/,$protect);
323: if ($acctype =~ /lti(c|d)$/) {
324: my $ltitype = $1;
325: if ($linkprotector) {
326: unless ($linkprotector.':'.$linkproturi eq $item.$ltitype.':'.$linkuri) {
327: $disallow = 1;
328: }
329: } else {
330: $disallow = 1;
331: }
332: } elsif ($acctype eq 'key') {
333: if ($linkkey ne '') {
334: unless ($linkkey eq $item) {
335: $disallow = 1;
336: }
337: } else {
338: $disallow = 1;
339: }
340: }
341: }
342: if ($disallow) {
343: if ($currdeeplinklogin eq $linkuri) {
344: &Apache::lonnet::delenv('request.deeplink.login');
345: }
346: } else {
347: unless ($currdeeplinklogin eq $linkuri) {
348: if (($linkprotector) || ($linkkey ne '')) {
349: if ($linkprotector) {
350: &Apache::lonnet::appenv({'request.linkprot' => $linkprotector.':'.$linkproturi});
351: } elsif ($env{'request.linkprot'}) {
352: &Apache::lonnet::delenv({'request.linkprot'});
353: }
354: if ($linkkey ne '') {
355: &Apache::lonnet::appenv({'request.linkkey' => $linkkey});
356: } elsif ($env{'request.linkkey'} ne '') {
357: &Apache::lonnet::delenv({'request.linkkey'});
358: }
359: $newlauncher = 1;
360: }
361: }
362: &Apache::lonnet::appenv({'request.deeplink.login' => $linkuri});
363: if ($target ne '') {
364: &Apache::lonnet::appenv({'request.deeplink.target' => $target});
365: }
366: }
367: } else {
368: if ($linkprotector) {
369: &Apache::lonnet::appenv({'request.linkprot' => $linkprotector.':'.$linkproturi});
370: } elsif ($env{'request.linkprot'}) {
371: &Apache::lonnet::delenv({'request.linkprot'});
372: }
373: if ($linkkey ne '') {
374: &Apache::lonnet::appenv({'request.linkkey' => $linkkey});
375: } else {
376: &Apache::lonnet::delenv({'request.linkkey'});
377: }
378: &Apache::lonnet::appenv({'request.deeplink.login' => $linkuri});
379: }
380: return $newlauncher;
381: }
382:
383: sub do_redirect {
384: my ($r,$destination) = @_;
385: my $windowname = 'loncapaclient';
386: if ($env{'request.lti.login'}) {
387: $windowname .= 'lti';
388: }
389: my $header = '<meta HTTP-EQUIV="Refresh" CONTENT="0; url='.$destination.'" />';
390: my $args = {'bread_crumbs' => [{'href' => '','text' => 'Role initialization'},],};
391: &Apache::loncommon::content_type($r,'text/html');
392: $r->send_http_header;
393: $r->print(&Apache::loncommon::start_page('Valid link',$header,$args).
394: &Apache::lonhtmlcommon::scripttag('self.name="'.$windowname.'";').
395: '<h1>'.&mt('Welcome').'</h1>'.
396: '<p>'.&mt('Welcome to the Learning[_1]Online[_2] Network with CAPA. Please wait while your session is being set up.','<i>','</i>').'</p><p>'.
397: '<a href="'.$destination.'">'.&mt('Continue').'</a></p>'.
398: &Apache::loncommon::end_page());
399: return;
400: }
401:
402: sub show_roles {
403: my ($r,$crsenv,$possroles,$hassection,$hascustom) = @_;
404: &Apache::loncommon::content_type($r,'text/html');
405: $r->send_http_header;
406: my ($crsdesc,$crstype,$cdom,$cnum,$header,$title,$preamble,$datatable,$js,$args);
407: if (ref($crsenv) eq 'HASH') {
408: $crsdesc = $crsenv->{'description'};
409: $crstype = $crsenv->{'type'};
410: $cdom = $crsenv->{'domain'};
411: $cnum = $crsenv->{'num'};
412: }
413: if ($crstype eq '') {
414: $crstype = 'Course';
415: }
416: my $lc_crstype = lc($crstype);
417: if ($crsdesc ne '') {
418: $header = &mt("The page you requested belongs to the following $lc_crstype: [_1]",
419: '<i>'.$crsdesc.'</i>');
420: }
421: if (ref($possroles) eq 'HASH') {
422: if (keys(%{$possroles}) > 0) {
423: $args = {'bread_crumbs' => [{'href' => '','text' => "Choose role in $lc_crstype"},],};
424: $title = 'Choose a role'; #Do not localize.
425: if ($crstype eq 'Community') {
426: $preamble = &mt('You have the following active roles in this community:');
427: } else {
428: $preamble = &mt('You have the following active roles in this course:');
429: }
430: $datatable = '<form name="" action="/adm/roles">'.
431: '<input type="hidden" name="newrole" value="" />'."\n".
432: '<input type="hidden" name="selectrole" value="1" />'."\n".
433: '<input type="hidden" name="destinationurl" value="'.$r->uri.'" />'."\n";
434: if ($env{'form.ttoken'}) {
435: $datatable .= '<input type="hidden" name="ttoken" value="'.$env{'form.ttoken'}.'" />'."\n";
436: }
437: $datatable .= &Apache::loncommon::start_data_table().
438: &Apache::loncommon::start_data_table_header_row().
439: '<th></th><th>'.&mt('User role').'</th>';
440: if ($hassection) {
441: $datatable .= '<th>'.&mt('Section').'</th>';
442: }
443: if ($hascustom) {
444: $datatable .= '<th>'.&mt('Information').'</th>';
445: }
446: $datatable .= &Apache::loncommon::end_data_table_header_row();
447: my @available = sort(keys(%{$possroles}));
448: foreach my $role ('ad','in','ta','ep','st','cr') {
449: foreach my $key (@available) {
450: if ($key =~ m{^$role($|/)}) {
451: my $trolecode = "$key./$cdom/$cnum";
452: my $rolename = &Apache::lonnet::plaintext($key,$crstype,$cdom.'_'.$cnum);
453: my $sec = $possroles->{$key};
454: if ($sec ne '') {
455: $trolecode .= '/'.$sec;
456: }
457: my $buttonname=$trolecode;
458: $buttonname=~s/\W//g;
459: $datatable .= &Apache::loncommon::start_data_table_row().
460: '<td><input name="'.$buttonname.'" type="button" value="'.
461: &mt('Select').'" onclick="javascript:enterrole(this.form,'.
462: "'$trolecode','$buttonname'".');" /></td>';
463: if ($key =~ /^cr\//) {
464: my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$key);
465: $datatable .= '<td><span class="LC_nobreak">'.$rolename.'</span></td>';
466: if ($hassection) {
467: $datatable .= '<td>'.$sec.'</td>';
468: }
469: $datatable.= '<td><span class="LC_fontsize_small LC_cusr_emph">'.
470: &mt('Custom role defined by [_1]',$rauthor.':'.$rdomain).
471: '</td>';
472: } else {
473: if ($hassection) {
474: $datatable .= '<td>'.$rolename.'</td>';
475: if ($hascustom) {
476: $datatable .= '<td colspan="2">'.$sec.'</td>';
477: } else {
478: $datatable .= '<td>'.$sec.'</td>';
479: }
480: } elsif ($hascustom) {
481: $datatable .= '<td colspan="2">'.$rolename.'</td>';
482: } else {
483: $datatable .= '<td>'.$rolename.'</td>';
484: }
485: }
486: $datatable .= &Apache::loncommon::end_data_table_row();
487: }
488: }
489: }
490: $datatable .= &Apache::loncommon::end_data_table().
491: '</form>';
492: my $standby = &mt('Role selected. Please stand by.');
493: $js = <<"ENDJS";
494: <script type="text/javascript">
495: // <![CDATA[
496:
497: active=true;
498:
499: function enterrole (thisform,rolecode,buttonname) {
500: if (active) {
501: active=false;
502: document.title='$standby';
503: window.status='$standby';
504: thisform.newrole.value=rolecode;
505: thisform.submit();
506: } else {
507: alert('$standby');
508: }
509: }
510:
511: // ]]>
512: </script>
513: ENDJS
514: } else {
515: $title = 'No active role';
516: $preamble = &mt("You have no active roles in this $lc_crstype so the page is currently unavailable to you.");
517: $args = {'bread_crumbs' => [{'href' => '','text' => 'Role status'},],};
518: }
519: }
520: &Apache::loncommon::content_type($r,'text/html');
521: $r->send_http_header;
522: $r->print(&Apache::loncommon::start_page($title,$js,$args).
523: '<h3>'.$header.'</h3>'.
524: '<div>'.$preamble.'</div>'.
525: $datatable.
526: &Apache::loncommon::end_page());
527: return;
528: }
529:
530: sub generic_error {
531: my ($r) = @_;
532: my $continuelink;
533: unless ($env{'request.lti.login'}) {
534: my $linktext;
535: if ($env{'user.adv'}) {
536: $linktext = &mt('Continue to your roles page');
537: } else {
538: $linktext = &mt('Continue to your courses page');
539: }
540: $continuelink='<a href="/adm/roles">'.$linktext.'</a>';
541: }
542: my $msg = &mt('The page you requested does not exist.');
543: &Apache::loncommon::content_type($r,'text/html');
544: $r->send_http_header;
545: my $args = {'bread_crumbs' => [{'href' => '','text' => 'Link status'},],};
546: $r->print(&Apache::loncommon::start_page('Invalid URL',undef,$args).
547: '<div class="LC_error">'.$msg.'</div>'.
548: '<p>'.$continuelink.'</p>'.
549: &Apache::loncommon::end_page());
550: return;
551: }
552:
553: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lontiny.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / interface