--- loncom/interface/lonuserutils.pm 2010/07/09 14:40:20 1.120
+++ loncom/interface/lonuserutils.pm 2010/11/14 20:34:47 1.132
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Utility functions for managing LON-CAPA user accounts
#
-# $Id: lonuserutils.pm,v 1.120 2010/07/09 14:40:20 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.132 2010/11/14 20:34:47 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -47,7 +47,8 @@ sub modifystudent {
# this one. If $csec is defined, drop them from all other sections of
# this course and add them to section $csec
my ($cnum,$cdom) = &get_course_identity($courseid);
- my %roles = &Apache::lonnet::dump('roles',$udom,$unam);
+ my $extra = &Apache::lonnet::freeze_escape({'skipcheck' => 1});
+ my %roles = &Apache::lonnet::dump('roles',$udom,$unam,'.',undef,$extra);
my ($tmp) = keys(%roles);
# Bail out if we were unable to get the students roles
return "$1" if ($tmp =~ /^(con_lost|error|no_such_host)/i);
@@ -295,7 +296,8 @@ sub hidden_input {
}
sub print_upload_manager_header {
- my ($r,$datatoken,$distotal,$krbdefdom,$context,$permission,$crstype)=@_;
+ my ($r,$datatoken,$distotal,$krbdefdom,$context,$permission,$crstype,
+ $can_assign)=@_;
my $javascript;
#
if (! exists($env{'form.upfile_associate'})) {
@@ -309,9 +311,9 @@ sub print_upload_manager_header {
}
}
if ($env{'form.upfile_associate'} eq 'reverse') {
- $javascript=&upload_manager_javascript_reverse_associate();
+ $javascript=&upload_manager_javascript_reverse_associate($can_assign);
} else {
- $javascript=&upload_manager_javascript_forward_associate();
+ $javascript=&upload_manager_javascript_forward_associate($can_assign);
}
#
# Deal with restored settings
@@ -532,6 +534,7 @@ END
if (message!='') {
message+='\\n';
}
+ message+='$alert{'section'}';
}
if (foundemail==0) {
if (message!='') {
@@ -585,6 +588,46 @@ END
###############################################################
###############################################################
sub upload_manager_javascript_forward_associate {
+ my ($can_assign) = @_;
+ my ($auth_update,$numbuttons,$argreset);
+ if (ref($can_assign) eq 'HASH') {
+ if ($can_assign->{'krb4'} || $can_assign->{'krb5'}) {
+ $argreset .= " vf.krbarg.value='';\n";
+ $numbuttons ++ ;
+ }
+ if ($can_assign->{'int'}) {
+ $argreset .= " vf.intarg.value='';\n";
+ $numbuttons ++;
+ }
+ if ($can_assign->{'loc'}) {
+ $argreset .= " vf.locarg.value='';\n";
+ $numbuttons ++;
+ }
+ if (!$can_assign->{'int'}) {
+ my $warning = &mt('You may not specify an initial password for each user, as this is only available when new users use LON-CAPA internal authentication.\n').
+ &mt('Your current role does not have rights to create users with that authentication type.');
+ $auth_update = <<"END";
+ // Currently the initial password field is only supported for internal auth
+ // (see bug 6368).
+ if (nw==9) {
+ eval('vf.f'+tf+'.selectedIndex=0;')
+ alert('$warning');
+ }
+END
+ } elsif ($numbuttons > 1) {
+ $auth_update = <<"END";
+ // If we set the password, make the password form below correspond to
+ // the new value.
+ if (nw==9) {
+ changed_radio('int',document.studentform);
+ set_auth_radio_buttons('int',document.studentform);
+$argreset
+ }
+
+END
+ }
+ }
+
return(<<ENDPICK);
function verify(vf,sec_caller) {
var founduname=0;
@@ -661,15 +704,7 @@ function flip(vf,tf) {
}
}
}
- // If we set the password, make the password form below correspond to
- // the new value.
- if (nw==9) {
- changed_radio('int',document.studentform);
- set_auth_radio_buttons('int',document.studentform);
- vf.intarg.value='';
- vf.krbarg.value='';
- vf.locarg.value='';
- }
+ $auth_update
}
function clearpwd(vf) {
@@ -687,6 +722,45 @@ ENDPICK
###############################################################
###############################################################
sub upload_manager_javascript_reverse_associate {
+ my ($can_assign) = @_;
+ my ($auth_update,$numbuttons,$argreset);
+ if (ref($can_assign) eq 'HASH') {
+ if ($can_assign->{'krb4'} || $can_assign->{'krb5'}) {
+ $argreset .= " vf.krbarg.value='';\n";
+ $numbuttons ++ ;
+ }
+ if ($can_assign->{'int'}) {
+ $argreset .= " vf.intarg.value='';\n";
+ $numbuttons ++;
+ }
+ if ($can_assign->{'loc'}) {
+ $argreset .= " vf.locarg.value='';\n";
+ $numbuttons ++;
+ }
+ if (!$can_assign->{'int'}) {
+ my $warning = &mt('You may not specify an initial password, as this is only available when new users use LON-CAPA internal authentication.\n').
+ &mt('Your current role does not have rights to create users with that authentication type.');
+ $auth_update = <<"END";
+ // Currently the initial password field is only supported for internal auth
+ // (see bug 6368).
+ if (tf==8 && nw!=0) {
+ eval('vf.f'+tf+'.selectedIndex=0;')
+ alert('$warning');
+ }
+END
+ } elsif ($numbuttons > 1) {
+ $auth_update = <<"END";
+ // initial password specified, pick internal authentication
+ if (tf==8 && nw!=0) {
+ changed_radio('int',document.studentform);
+ set_auth_radio_buttons('int',document.studentform);
+$argreset
+ }
+
+END
+ }
+ }
+
return(<<ENDPICK);
function verify(vf,sec_caller) {
var founduname=0;
@@ -694,6 +768,7 @@ function verify(vf,sec_caller) {
var foundname=0;
var foundid=0;
var foundsec=0;
+ var foundemail=0;
var foundrole=0;
var founddomain=0;
var foundinststatus=0;
@@ -705,11 +780,12 @@ function verify(vf,sec_caller) {
if (i==6 && tw!=0) { foundid=1; }
if (i==7 && tw!=0) { foundsec=1; }
if (i==8 && tw!=0) { foundpwd=1; }
- if (i==9 && tw!=0) { foundrole=1; }
- if (i==10 && tw!=0) { founddomain=1; }
- if (i==13 && tw!=0) { foundinstatus=1; }
+ if (i==9 && tw!=0) { foundemail=1; }
+ if (i==10 && tw!=0) { foundrole=1; }
+ if (i==11 && tw!=0) { founddomain=1; }
+ if (i==12 && tw!=0) { foundinstatus=1; }
}
- verify_message(vf,founduname,foundpwd,foundname,foundid,foundsec,foundrole,founddomain,foundinststatus);
+ verify_message(vf,founduname,foundpwd,foundname,foundid,foundsec,foundemail,foundrole,founddomain,foundinststatus);
}
function flip(vf,tf) {
@@ -726,14 +802,7 @@ function flip(vf,tf) {
if ((tf>=2) && (tf<=5) && (nw!=0)) {
eval('vf.f1.selectedIndex=0;')
}
- // intial password specified, pick internal authentication
- if (tf==8 && nw!=0) {
- changed_radio('int',document.studentform);
- set_auth_radio_buttons('int',document.studentform);
- vf.krbarg.value='';
- vf.intarg.value='';
- vf.locarg.value='';
- }
+ $auth_update
}
function clearpwd(vf) {
@@ -978,8 +1047,9 @@ sub print_upload_manager_form {
my ($krbdef,$krbdefdom) =
&Apache::loncommon::get_kerberos_defaults($defdom);
#
+ my ($authnum,%can_assign) = &Apache::loncommon::get_assignable_auth($defdom);
&print_upload_manager_header($r,$datatoken,$distotal,$krbdefdom,$context,
- $permission,$crstype);
+ $permission,$crstype,\%can_assign);
my $i;
my $keyfields;
if ($total>=0) {
@@ -3922,15 +3992,21 @@ sub upfile_drop_add {
$r->print($groupwarn.'<br />');
}
}
- my (%curr_rules,%got_rules,%alerts);
+ my (%curr_rules,%got_rules,%alerts,%cancreate);
my %customroles = &my_custom_roles($crstype);
my @permitted_roles =
- &roles_on_upload($context,$setting,$crstype,%customroles);
+ &roles_on_upload($context,$setting,$crstype,%customroles);
+ my %longtypes = &Apache::lonlocal::texthash(
+ official => 'Institutional',
+ unofficial => 'Non-institutional',
+ );
+ map { $cancreate{$_} = &can_create_user($domain,$context,$_); } keys(%longtypes);
# Get new users list
foreach my $line (@userdata) {
my @secs;
my %entries=&Apache::loncommon::record_sep($line);
# Determine user name
+ $entries{$fields{'username'}} =~ s/^\s+|\s+$//g;
unless (($entries{$fields{'username'}} eq '') ||
(!defined($entries{$fields{'username'}}))) {
my ($fname, $mname, $lname,$gen) = ('','','','');
@@ -3951,13 +4027,20 @@ sub upfile_drop_add {
$gen=$entries{$fields{'gen'}};
}
}
+
if ($entries{$fields{'username'}}
ne &LONCAPA::clean_username($entries{$fields{'username'}})) {
+ my $nowhitespace;
+ if ($entries{$fields{'username'}} =~ /\s/) {
+ $nowhitespace = ' - '.&mt('usernames may not contain spaces.');
+ }
$r->print('<br />'.
&mt('[_1]: Unacceptable username for user [_2] [_3] [_4] [_5]',
- '<b>'.$entries{$fields{'username'}}.'</b>',$fname,$mname,$lname,$gen));
+ '<b>'.$entries{$fields{'username'}}.'</b>',$fname,$mname,$lname,$gen).
+ $nowhitespace);
next;
} else {
+ $entries{$fields{'domain'}} =~ s/^\s+|\s+$//g;
if ($entries{$fields{'domain'}}
ne &LONCAPA::clean_domain($entries{$fields{'domain'}})) {
$r->print('<br />'. '<b>'.$entries{$fields{'domain'}}.
@@ -4016,6 +4099,7 @@ sub upfile_drop_add {
# determine email address
my $email='';
if (defined($fields{'email'})) {
+ $entries{$fields{'email'}} =~ s/^\s+|\s+$//g;
if (defined($entries{$fields{'email'}})) {
$email=$entries{$fields{'email'}};
unless ($email=~/^[^\@]+\@[^\@]+$/) { $email=''; }
@@ -4062,7 +4146,7 @@ sub upfile_drop_add {
$role = $defaultrole;
}
# Clean up whitespace
- foreach (\$id,\$fname,\$mname,\$lname,\$gen) {
+ foreach (\$id,\$fname,\$mname,\$lname,\$gen,\$inststatus) {
$$_ =~ s/(\s+$|^\s+)//g;
}
# check against rules
@@ -4071,9 +4155,16 @@ sub upfile_drop_add {
my (%rulematch,%inst_results,%idinst_results);
my $uhome=&Apache::lonnet::homeserver($username,$userdomain);
if ($uhome eq 'no_host') {
- next if ($userdomain ne $domain);
+ if ($userdomain ne $domain) {
+ $r->print('<br />'.
+ &mt('[_1]: The domain specified ([_2]) is different to that of the course.',
+ '<b>'.$username.'</b>',$userdomain).'<br />'.
+ &mt('The user does not already exist, and you may not create a new user in a different domain.'));
+ next;
+ }
$checkid = 1;
$newuser = 1;
+ my $user = $username.':'.$domain;
my $checkhash;
my $checks = { 'username' => 1 };
$checkhash->{$username.':'.$domain} = { 'newuser' => 1, };
@@ -4082,9 +4173,26 @@ sub upfile_drop_add {
\%got_rules);
if (ref($alerts{'username'}) eq 'HASH') {
if (ref($alerts{'username'}{$domain}) eq 'HASH') {
- next if ($alerts{'username'}{$domain}{$username});
+ if ($alerts{'username'}{$domain}{$username}) {
+ $r->print('<br />'.
+ &mt('[_1]: matches the username format at your institution, but is not known to your directory service.','<b>'.$username.'</b>').'<br />'.
+ &mt('Consequently, the user was not created.'));
+ next;
+ }
}
}
+ my $usertype = 'unofficial';
+ if (ref($rulematch{$user}) eq 'HASH') {
+ if ($rulematch{$user}{'username'}) {
+ $usertype = 'official';
+ }
+ }
+ unless ($cancreate{$usertype}) {
+ my $showtype = $longtypes{$usertype};
+ $r->print('<br />'.
+ &mt("[_1]: The user does not exist, and you are not permitted to create users of type: $showtype.",'<b>'.$username.'</b>'));
+ next;
+ }
} else {
if ($context eq 'course' || $context eq 'author') {
if ($userdomain eq $domain ) {
@@ -4135,7 +4243,12 @@ sub upfile_drop_add {
\%got_rules);
if (ref($alerts{'id'}) eq 'HASH') {
if (ref($alerts{'id'}{$userdomain}) eq 'HASH') {
- next if ($alerts{'id'}{$userdomain}{$id});
+ if ($alerts{'id'}{$userdomain}{$id}) {
+ $r->print(&mt('[_1]: has a student/employee ID matching the format at your institution, but the ID is found by your directory service.',
+ '<b>'.$username.'</b>').'<br />'.
+ &mt('Consequently, the user was not created.'));
+ next;
+ }
}
}
}
@@ -4230,7 +4343,7 @@ sub upfile_drop_add {
}
} # end of foreach (@userdata)
# Flush the course logs so reverse user roles immediately updated
- &Apache::lonnet::flushcourselogs();
+ $r->register_cleanup(\&Apache::lonnet::flushcourselogs);
$r->print("</p>\n<p>\n".&mt('Processed [quant,_1,user].',$counts{'user'}).
"</p>\n");
if ($counts{'role'} > 0) {
@@ -4686,12 +4799,12 @@ sub update_user_list {
}
} elsif ($choice eq 'chgdates') {
$r->print(&mt("$result_text{'ok'}{$choice} role of '[_1]' in [_2] for '[_3]' - [_4]",$plrole,$extent,
- '<i>'.&Apache::loncommon::plainname($uname.':'.$udom).'</i>',
+ '<i>'.&Apache::loncommon::plainname($uname,$udom).'</i>',
$dates).'<br />');
$count ++;
} else {
$r->print(&mt("$result_text{'ok'}{$choice} role of '[_1]' in [_2] for '[_3]'.",$plrole,$extent,
- '<i>'.&Apache::loncommon::plainname($uname.':'.$udom).'</i>').
+ '<i>'.&Apache::loncommon::plainname($uname,$udom).'</i>').
'<br />');
$count ++;
}
@@ -4699,7 +4812,7 @@ sub update_user_list {
$r->print(
&mt("Error $result_text{'error'}{$choice} [_1] in [_2] for '[_3]': [_4].",
$plrole,$extent,
- '<i>'.&Apache::loncommon::plainname($uname.':'.$udom).'</i>',
+ '<i>'.&Apache::loncommon::plainname($uname,$udom).'</i>',
$result).'<br />');
}
}
@@ -4722,7 +4835,7 @@ sub update_user_list {
$r->print('<p>'.&mt('Re-enabling will re-activate data for the role.').'</p>');
}
# Flush the course logs so reverse user roles immediately updated
- &Apache::lonnet::flushcourselogs();
+ $r->register_cleanup(\&Apache::lonnet::flushcourselogs);
}
if ($env{'form.makedatesdefault'}) {
if ($choice eq 'chgdates' || $choice eq 'reenable' || $choice eq 'activate') {
@@ -4937,7 +5050,7 @@ sub setsections_javascript {
accr => 'A course coordinator role will be added with access to all sections.',
acor => 'A coordinator role will be added with access to all sections',
inea => 'In each course, each user may only have one student role at a time.',
- inec => 'In each community, each user may only have one member role at a time.',
+ inco => 'In each community, each user may only have one member role at a time.',
youh => 'You had selected ',
secs => 'sections.',
plmo => 'Please modify your selections so they include no more than one section.',