--- loncom/interface/lonuserutils.pm 2014/02/28 19:20:06 1.164
+++ loncom/interface/lonuserutils.pm 2019/05/06 18:25:58 1.198
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Utility functions for managing LON-CAPA user accounts
#
-# $Id: lonuserutils.pm,v 1.164 2014/02/28 19:20:06 bisitz Exp $
+# $Id: lonuserutils.pm,v 1.198 2019/05/06 18:25:58 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -30,12 +30,29 @@
package Apache::lonuserutils;
+=pod
+
+=head1 NAME
+
+Apache::lonuserutils.pm
+
+=head1 SYNOPSIS
+
+ Utilities for management of users and custom roles
+
+ Provides subroutines called by loncreateuser.pm
+
+=head1 OVERVIEW
+
+=cut
+
use strict;
use Apache::lonnet;
use Apache::loncommon();
use Apache::lonhtmlcommon;
use Apache::lonlocal;
use Apache::longroup;
+use HTML::Entities;
use LONCAPA qw(:DEFAULT :match);
###############################################################
@@ -421,7 +438,7 @@ sub javascript_validations {
} elsif ($context eq 'domain') {
$setsection_call = 'setCourse()';
$setsections_js = &dc_setcourse_js($param{'formname'},$mode,
- $context,$showcredits);
+ $context,$showcredits,$domain);
}
$finish = " var checkSec = $setsection_call\n".
" if (checkSec == 'ok') {\n".
@@ -450,6 +467,7 @@ sub javascript_validations {
if (($mode eq 'upload') && ($context eq 'domain')) {
$alert{'inststatus'} = &mt('The optional affiliation field was not specified');
}
+ &js_escape(\%alert);
my $function_name = <<"END";
$setsections_js
@@ -513,21 +531,26 @@ END
/* regexp here to check for non \d \. in credits */
END
} else {
+ my ($numrules,$intargjs) =
+ &passwd_validation_js('vf.elements[current.argfield].value',$domain);
$auth_checks .= (< 0) {
+$intargjs
+ }
}
END
}
@@ -623,6 +650,136 @@ END
$section_checks.$authheader;
return $result;
}
+
+sub passwd_validation_js {
+ my ($currpasswdval,$domain) = @_;
+ my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
+ my ($min,$max,@chars,$numrules,$intargjs,%alert);
+ $numrules = 0;
+ if (ref($passwdconf{'chars'}) eq 'ARRAY') {
+ if ($passwdconf{'min'} =~ /^\d+$/) {
+ $min = $passwdconf{'min'};
+ $numrules ++;
+ }
+ if ($passwdconf{'max'} =~ /^\d+$/) {
+ $max = $passwdconf{'max'};
+ $numrules ++;
+ }
+ @chars = @{$passwdconf{'chars'}};
+ if (@chars) {
+ $numrules ++;
+ }
+ } else {
+ $min = 7;
+ $numrules ++;
+ }
+ if (($min ne '') || ($max ne '') || (@chars > 0)) {
+ my $alertmsg = &mt('Initial password did not satisfy requirement(s):').'\n\n';
+ if ($min) {
+ $alert{'min'} = &mt('minimum [quant,_1,character]',$min).'\n';
+ }
+ if ($max) {
+ $alert{'max'} = &mt('maximum [quant,_1,character]',$max).'\n';
+ }
+ my (@charalerts,@charrules);
+ if (@chars) {
+ if (grep(/^uc$/,@chars)) {
+ push(@charalerts,&mt('contain at least one upper case letter'));
+ push(@charrules,'uc');
+ }
+ if (grep(/^lc$/,@chars)) {
+ push(@charalerts,&mt('contain at least one lower case letter'));
+ push(@charrules,'lc');
+ }
+ if (grep(/^num$/,@chars)) {
+ push(@charalerts,&mt('contain at least one number'));
+ push(@charrules,'num');
+ }
+ if (grep(/^spec$/,@chars)) {
+ push(@charalerts,&mt('contain at least one non-alphanumeric'));
+ push(@charrules,'spec');
+ }
+ }
+ $intargjs = qq| var rulesmsg = '';\n|.
+ qq| var currpwval = $currpasswdval;\n|;
+ if ($min) {
+ $intargjs .= qq|
+ if (currpwval.length < $min) {
+ rulesmsg += ' - $alert{min}';
+ }
+|;
+ }
+ if ($max) {
+ $intargjs .= qq|
+ if (currpwval.length > $max) {
+ rulesmsg += ' - $alert{max}';
+ }
+|;
+ }
+ if (@chars > 0) {
+ my $charrulestr = '"'.join('","',@charrules).'"';
+ my $charalertstr = '"'.join('","',@charalerts).'"';
+ $intargjs .= qq| var brokerules = new Array();\n|.
+ qq| var charrules = new Array($charrulestr);\n|.
+ qq| var charalerts = new Array($charalertstr);\n|;
+ my %rules;
+ map { $rules{$_} = 1; } @chars;
+ if ($rules{'uc'}) {
+ $intargjs .= qq|
+ var ucRegExp = /[A-Z]/;
+ if (!ucRegExp.test(currpwval)) {
+ brokerules.push('uc');
+ }
+|;
+ }
+ if ($rules{'lc'}) {
+ $intargjs .= qq|
+ var lcRegExp = /[a-z]/;
+ if (!lcRegExp.test(currpwval)) {
+ brokerules.push('lc');
+ }
+|;
+ }
+ if ($rules{'num'}) {
+ $intargjs .= qq|
+ var numRegExp = /[0-9]/;
+ if (!numRegExp.test(currpwval)) {
+ brokerules.push('num');
+ }
+|;
+ }
+ if ($rules{'spec'}) {
+ $intargjs .= q|
+ var specRegExp = /[!"#$%&'()*+,\-.\/:;<=>?@[\\\]^_`{\|}~]/;
+ if (!specRegExp.test(currpwval)) {
+ brokerules.push('spec');
+ }
+|;
+ }
+ $intargjs .= qq|
+ if (brokerules.length > 0) {
+ for (var i=0; i{'int'}) {
- my $warning = &mt('You may not specify an initial password for each user, as this is only available when new users use LON-CAPA internal authentication.').'\n'.
+ my $warning = &mt('You may not specify an initial password for each user, as this is only available when new users use LON-CAPA internal authentication.')."\n".
&mt('Your current role does not have rights to create users with that authentication type.');
+ &js_escape(\$warning);
$auth_update = <<"END";
// Currently the initial password field is only supported for internal auth
// (see bug 6368).
@@ -781,6 +939,7 @@ sub upload_manager_javascript_reverse_as
if (!$can_assign->{'int'}) {
my $warning = &mt('You may not specify an initial password, as this is only available when new users use LON-CAPA internal authentication.\n').
&mt('Your current role does not have rights to create users with that authentication type.');
+ &js_escape(\$warning);
$auth_update = <<"END";
// Currently the initial password field is only supported for internal auth
// (see bug 6368).
@@ -878,6 +1037,7 @@ sub print_upload_manager_footer {
my $krbform = &Apache::loncommon::authform_kerberos(%param);
my $intform = &Apache::loncommon::authform_internal(%param);
my $locform = &Apache::loncommon::authform_local(%param);
+ my $ltiform = &Apache::loncommon::authform_lti(%param);
my $date_table = &date_setting_table(undef,undef,$context,undef,
$formname,$permission,$crstype);
@@ -906,7 +1066,7 @@ sub print_upload_manager_footer {
&Apache::loncommon::help_open_topic('Auth_Options').
"
'."\n");
} elsif ($item eq 'status') {
my $showitem = $in{$item};
if (defined($ltstatus{$in{$item}})) {
@@ -3173,6 +3375,10 @@ sub bulkaction_javascript {
my $noaction = &mt("You need to select an action to take for the user(s) you have selected");
my $singconfirm = &mt(' for a single user?');
my $multconfirm = &mt(' for multiple users?');
+ &js_escape(\$alert);
+ &js_escape(\$noaction);
+ &js_escape(\$singconfirm);
+ &js_escape(\$multconfirm);
my $output = <<"ENDJS";
function verify_action (field) {
var numchecked = 0;
@@ -4045,7 +4251,7 @@ sub print_first_users_upload_form {
.&Apache::lonhtmlcommon::end_pick_box();
$str .= '
'
- .''
.'
';
@@ -4056,7 +4262,10 @@ sub print_first_users_upload_form {
# ================================================= Drop/Add from uploaded file
sub upfile_drop_add {
my ($r,$context,$permission,$showcredits) = @_;
- &Apache::loncommon::load_tmp_file($r);
+ my $datatoken = &Apache::loncommon::valid_datatoken($env{'form.datatoken'});
+ if ($datatoken ne '') {
+ &Apache::loncommon::load_tmp_file($r,$datatoken);
+ }
my @userdata=&Apache::loncommon::upfile_record_sep();
if($env{'form.noFirstLine'}){shift(@userdata);}
my @keyfields = split(/\,/,$env{'form.keyfields'});
@@ -4070,10 +4279,6 @@ sub upfile_drop_add {
$fields{$env{'form.f'.$i}}=$keyfields[$i];
}
}
- if ($env{'form.fullup'} ne 'yes') {
- $r->print(''."\n");
+ $r->print('
'.
+ &mt('There are no students with current/future access to the course.').
+ '
'."\n");
} elsif (ref($classlist) eq 'HASH') {
# Remove the students we just added from the list of students.
foreach my $line (@userdata) {
@@ -4701,9 +5087,7 @@ sub upfile_drop_add {
}
}
} # end of unless
- if ($env{'form.fullup'} ne 'yes') {
- $r->print('');
- }
+ return 'ok';
}
sub print_namespacing_alerts {
@@ -4750,11 +5134,12 @@ sub user_change_result {
my ($r,$userresult,$authresult,$roleresult,$idresult,$counts,$flushc,
$username,$userdomain,$userchg) = @_;
my $okresult = 0;
+ my @status;
if ($userresult ne 'ok') {
if ($userresult =~ /^error:(.+)$/) {
my $error = $1;
- $r->print(' '.
- &mt('[_1]: Unable to add/modify: [_2]',''.$username.':'.$userdomain.'',$error));
+ push(@status,
+ &mt('[_1]: Unable to add/modify: [_2]',''.$username.':'.$userdomain.'',$error));
}
} else {
$counts->{'user'} ++;
@@ -4763,8 +5148,8 @@ sub user_change_result {
if ($authresult ne 'ok') {
if ($authresult =~ /^error:(.+)$/) {
my $error = $1;
- $r->print(' '.
- &mt('[_1]: Unable to modify authentication: [_2]',''.$username.':'.$userdomain.'',$error));
+ push(@status,
+ &mt('[_1]: Unable to modify authentication: [_2]',''.$username.':'.$userdomain.'',$error));
}
} else {
$counts->{'auth'} ++;
@@ -4773,8 +5158,8 @@ sub user_change_result {
if ($roleresult ne 'ok') {
if ($roleresult =~ /^error:(.+)$/) {
my $error = $1;
- $r->print(' '.
- &mt('[_1]: Unable to add role: [_2]',''.$username.':'.$userdomain.'',$error));
+ push(@status,
+ &mt('[_1]: Unable to add role: [_2]',''.$username.':'.$userdomain.'',$error));
}
} else {
$counts->{'role'} ++;
@@ -4783,14 +5168,16 @@ sub user_change_result {
if ($okresult) {
$flushc++;
$userchg->{$username.':'.$userdomain}=1;
- $r->print('. ');
if ($flushc>15) {
$r->rflush;
$flushc=0;
}
}
if ($idresult) {
- $r->print($idresult);
+ push(@status,$idresult);
+ }
+ if (@status) {
+ $r->print('
'.join(' ',@status).'
');
}
return $flushc;
}
@@ -4861,7 +5248,7 @@ sub update_user_list {
foreach my $item (@changelist) {
my ($role,$uname,$udom,$cid,$sec,$scope,$result,$type,$locktype,
@sections,$scopestem,$singlesec,$showsecs,$warn_singlesec,
- $nothingtodo,$keepnosection,$credits);
+ $nothingtodo,$keepnosection,$credits,$instsec);
if ($choice eq 'drop') {
($uname,$udom,$sec) = split(/:/,$item,-1);
$role = 'st';
@@ -4874,8 +5261,9 @@ sub update_user_list {
$scope = $scopestem.'/'.$sec;
}
} elsif ($context eq 'course') {
- ($uname,$udom,$role,$sec,$type,$locktype,$credits) =
- split(/\:/,$item);
+ ($uname,$udom,$role,$sec,$type,$locktype,$credits,$instsec) =
+ split(/\:/,$item,8);
+ $instsec = &unescape($instsec);
$cid = $env{'request.course.id'};
$scopestem = '/'.$cid;
$scopestem =~s/\_/\//g;
@@ -4894,8 +5282,9 @@ sub update_user_list {
} elsif ($setting eq 'author') {
($uname,$udom,$role,$scope) = split(/\:/,$item);
} elsif ($setting eq 'course') {
- ($uname,$udom,$role,$cid,$sec,$type,$locktype,$credits) =
- split(/\:/,$item);
+ ($uname,$udom,$role,$cid,$sec,$type,$locktype,$credits,$instsec) =
+ split(/\:/,$item,9);
+ $instsec = &unescape($instsec);
$scope = '/'.$cid;
$scope =~s/\_/\//g;
if ($sec ne '') {
@@ -4917,7 +5306,7 @@ sub update_user_list {
$end = $now;
if ($role eq 'st') {
$result =
- &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits);
+ &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits,$instsec);
} else {
$result =
&Apache::lonnet::revokerole($udom,$uname,$scope,$role,
@@ -4925,7 +5314,7 @@ sub update_user_list {
}
} elsif ($choice eq 'delete') {
if ($role eq 'st') {
- &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$now,$start,$type,$locktype,$cid,'',$context,$credits);
+ &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$now,$start,$type,$locktype,$cid,'',$context,$credits,$instsec);
}
$result =
&Apache::lonnet::assignrole($udom,$uname,$scope,$role,$now,
@@ -4938,7 +5327,7 @@ sub update_user_list {
}
if ($choice eq 'reenable') {
if ($role eq 'st') {
- $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits);
+ $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits,$instsec);
} else {
$result =
&Apache::lonnet::assignrole($udom,$uname,$scope,$role,$end,
@@ -4946,14 +5335,14 @@ sub update_user_list {
}
} elsif ($choice eq 'activate') {
if ($role eq 'st') {
- $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits);
+ $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits,$instsec);
} else {
$result = &Apache::lonnet::assignrole($udom,$uname,$scope,$role,$end,
$now,'','',$context);
}
} elsif ($choice eq 'chgdates') {
if ($role eq 'st') {
- $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits);
+ $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits,$instsec);
} else {
$result = &Apache::lonnet::assignrole($udom,$uname,$scope,$role,$end,
$start,'','',$context);
@@ -5023,7 +5412,7 @@ sub update_user_list {
} else {
if ($role eq 'st') {
$result =
- &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,undef,$end,$start,$type,$locktype,$cid,'',$context,$credits);
+ &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,undef,$end,$start,$type,$locktype,$cid,'',$context,$credits,$instsec);
} else {
my $newscope = $scopestem;
$result = &Apache::lonnet::assignrole($udom,$uname,$newscope,$role,$end,$start,'','',$context);
@@ -5037,7 +5426,7 @@ sub update_user_list {
foreach my $newsec (@newsecs) {
if (!grep(/^\Q$newsec\E$/,@retained)) {
if ($role eq 'st') {
- $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$newsec,$end,$start,$type,$locktype,$cid,'',$context,$credits);
+ $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$newsec,$end,$start,$type,$locktype,$cid,'',$context,$credits,$instsec);
if (@newsecs > 1) {
my $showsingle;
if ($newsec eq '') {
@@ -5215,18 +5604,25 @@ sub active_student_roles {
sub section_check_js {
my $groupslist= &get_groupslist();
+ my %js_lt = &Apache::lonlocal::texthash(
+ mayn => 'may not be used as the name for a section, as it is a reserved word.',
+ plch => 'Please choose a different section name.',
+ mnot => 'may not be used as a section name, as it is the name of a course group.',
+ secn => 'Section names and group names must be distinct. Please choose a different section name.',
+ );
+ &js_escape(\%js_lt);
return <<"END";
function validate(caller) {
var groups = new Array($groupslist);
var secname = caller.value;
if ((secname == 'all') || (secname == 'none')) {
- alert("'"+secname+"' may not be used as the name for a section, as it is a reserved word.\\nPlease choose a different section name.");
+ alert("'"+secname+"' $js_lt{'mayn'}\\n$js_lt{'plch'}");
return 'error';
}
if (secname != '') {
for (var k=0; k'.$authformloc.''.
&Apache::loncommon::end_data_table_row()."\n";
}
+ if ($can_assign{'lti'}) {
+ $response .= &Apache::loncommon::start_data_table_row().
+ '
'.$authformlti.'
'.
+ &Apache::loncommon::end_data_table_row()."\n";
+ }
$response .= &Apache::loncommon::end_data_table();
}
return $response;
}
sub course_sections {
- my ($sections_count,$role,$current_sec) = @_;
+ my ($sections_count,$role,$current_sec,$disabled) = @_;
my $output = '';
- my @sections = (sort {$a <=> $b} keys %{$sections_count});
+ my @sections = (sort {$a <=> $b} keys(%{$sections_count}));
my $numsec = scalar(@sections);
my $is_selected = ' selected="selected"';
if ($numsec <= 1) {
- $output = '