--- loncom/interface/portfolio.pm 2006/06/22 20:09:51 1.119 +++ loncom/interface/portfolio.pm 2006/06/29 18:02:58 1.121.2.4 @@ -1,3 +1,8 @@ +# The LearningOnline Network +# portfolio browser +# +# $Id: portfolio.pm,v 1.121.2.4 2006/06/29 18:02:58 albertel Exp $ +# # Copyright Michigan State University Board of Trustees # # This file is part of the LearningOnline Network with CAPA (LON-CAPA). @@ -49,29 +54,32 @@ sub make_anchor { } my $dirptr=16384; sub display_common { - my ($r,$url,$current_path,$is_empty,$dir_list,$group)=@_; - my $groupitem; + my ($r,$url,$current_path,$is_empty,$dir_list,$group,$can_upload)=@_; my $namespace = &get_namespace($group); my $port_path = &get_port_path($group); - if (defined($group)) { - $groupitem = ''; - } - my $iconpath= $r->dir_config('lonIconsURL') . "/"; - my %text=&Apache::lonlocal::texthash('upload' => 'Upload', + if ($can_upload) { + my $groupitem; + if (defined($group)) { + $groupitem = ''; + } + my $iconpath= $r->dir_config('lonIconsURL') . "/"; + my %text=&Apache::lonlocal::texthash( + 'upload' => 'Upload', 'upload_label' => 'Upload file to current directory:', 'createdir' => 'Create Subdirectory', 'createdir_label' => 'Create subdirectory in current directory:'); - my $escuri = &HTML::Entities::encode($r->uri,'&<>"'); - $r->print(<<"TABLE"); + my $escuri = &HTML::Entities::encode($r->uri,'&<>"'); + $r->print(<<"TABLE"); -
$text{'upload_label'} $groupitem +
+ $groupitem @@ -98,6 +106,7 @@ sub display_common {
TABLE + } my @tree = split (/\//,$current_path); $r->print(''.&make_anchor($url,$port_path,'/',$env{"form.mode"},$env{"form.fieldname"},$env{"form.continue"},$group).'/'); if (@tree > 1){ @@ -119,7 +128,8 @@ TABLE $r->print(""); } sub display_directory { - my ($r,$url,$current_path,$is_empty,$dir_list,$group)=@_; + my ($r,$url,$current_path,$is_empty,$dir_list,$group,$can_upload, + $can_modify,$can_delete,$can_setacl)=@_; my $iconpath= $r->dir_config('lonIconsURL') . "/"; my ($groupitem,$groupecho); my $display_out; @@ -127,10 +137,15 @@ sub display_directory { my $checked_files; my $port_path = &get_port_path($group); my ($uname,$udom) = &get_name_dom($group); - if (defined($group)) { + my $access_admin_text = &mt('View Status'); + if ($can_setacl) { + $access_admin_text = &mt('View/Change Status'); + } + if ((defined($group)) && (defined($env{'request.course.id'}))) { $groupitem = ''; $groupecho = '&group='.$group; } + my $current_permissions = &Apache::lonnet::get_portfile_permissions($udom, $uname); my %locked_files = &Apache::lonnet::get_marked_as_readonly_hash( @@ -142,7 +157,7 @@ sub display_directory { $checked_files =&Apache::lonnet::files_in_path($uname,$env{'form.currentpath'}); $select_mode = 'true'; } - if ($is_empty && ($current_path ne '/')) { + if ($is_empty && ($current_path ne '/') && $can_delete) { $display_out = '
'.$groupitem. ''. ''. @@ -209,7 +224,7 @@ sub display_directory { } my $fullpath = $current_path.$filename; $fullpath = &prepend_group($fullpath,$group); - if ($select_mode eq 'true'){ + if ($select_mode eq 'true') { $line='Locked'; $css_class= 'LC_browser_file_locked'; } else { - my $cat=''.&mt('Catalog Information').
-			    ''; - $line.=' - Rename - '.$cat.' - '; - } - $r->print(''); - $r->print($line); - } - my $curr_access; - my $pub_access = 0; - my $guest_access = 0; - my $cond_access = 0; - foreach my $key (sort(keys(%{$access_controls{$fullpath}}))) { - my ($num,$scope,$end,$start) = &unpack_acc_key($key); - if (($now > $start) && (!$end || $end > $now)) { - if ($scope eq 'public') { - $pub_access = 1; - } elsif ($scope eq 'guest') { - $guest_access = 1; + if (!$can_modify) { + $line .= ''; } else { - $cond_access = 1; + $line .= ''; } + if ($can_delete) { + $line .= ''; + } + if ($can_modify) { + my $cat=''.&mt('Catalog Information').
+                            ''; + $line .= 'Rename'; + $line .= ''.$cat.''; + } + $line .= ''; } } - if (!$pub_access && !$guest_access && !$cond_access) { - $curr_access = &mt('Private'); - } else { - my @allaccesses; - if ($pub_access) { - push(@allaccesses,&mt('Public')); - } - if ($guest_access) { - push(@allaccesses,&mt('Password-protected')); - } - if ($cond_access) { - push(@allaccesses,&mt('Conditional')); - } - $curr_access = join('+ ',@allaccesses); - } - $r->print(''); - $r->print(''. - $filename.''); - $r->print(''.$size.''); - $r->print(''.&Apache::lonlocal::locallocaltime($mtime).''); - $r->print(''.&mt($curr_access).'   '. - ''.&mt('View/Change').''); - $r->print(''); + $r->print(''); + $r->print($line); + my $curr_access; + if ($select_mode ne 'true') { + my $pub_access = 0; + my $guest_access = 0; + my $cond_access = 0; + foreach my $key (sort(keys(%{$access_controls{$fullpath}}))) { + my ($num,$scope,$end,$start) = &unpack_acc_key($key); + if (($now > $start) && (!$end || $end > $now)) { + if ($scope eq 'public') { + $pub_access = 1; + } elsif ($scope eq 'guest') { + $guest_access = 1; + } else { + $cond_access = 1; + } + } + } + if (!$pub_access && !$guest_access && !$cond_access) { + $curr_access = &mt('Private'); + } else { + my @allaccesses; + if ($pub_access) { + push(@allaccesses,&mt('Public')); + } + if ($guest_access) { + push(@allaccesses,&mt('Passphrase-protected')); + } + if ($cond_access) { + push(@allaccesses,&mt('Conditional')); + } + $curr_access = join('+ ',@allaccesses); + } + } + $r->print(''); + $r->print(''. + $filename.''); + $r->print(''.$size.''); + $r->print(''.&Apache::lonlocal::locallocaltime($mtime).''); + if ($select_mode ne 'true') { + $r->print(''. + &mt($curr_access).'   '); + $r->print(''.$access_admin_text.''); + } + $r->print(''.$/); } } } @@ -284,11 +313,15 @@ sub display_directory {
'); } else { - $r->print(' + $r->print(''); + if ($can_delete) { + $r->print(' - '); + ' + ); + } } } @@ -493,24 +526,182 @@ sub rename_confirmed { } sub display_access { - my ($r,$url,$group) = @_; + my ($r,$url,$group,$can_setacl) = @_; my ($uname,$udom) = &get_name_dom($group); my $file_name = $env{'form.currentpath'}.$env{'form.access'}; $file_name = &prepend_group($file_name,$group); my $current_permissions = &Apache::lonnet::get_portfile_permissions($udom, $uname); my %access_controls = &Apache::lonnet::get_access_controls($current_permissions,$group,$file_name); - &open_form($r,$url); - $r->print('

'.&mt('Allowing others to retrieve portfolio file: [_1]',$env{'form.currentpath'}.$env{'form.access'}).'

'."\n"); - $r->print(&mt('Access to this file by others can be set to be one or more of the following types: public, password-protected or conditional.').'
'); - &access_setting_table($r,$access_controls{$file_name}); - my $button_text = { + my $aclcount = keys(%access_controls); + my $header = '

'.&mt('Allowing others to retrieve portfolio file: [_1]',$env{'form.currentpath'}.$env{'form.access'}).'

'; + my $info .= + &mt('Access to this file by others can be set to be one or more of the following types: public, passphrase-protected or conditional.'). + '
'; + if ($can_setacl) { + &open_form($r,$url); + $r->print($header.$info); + &access_setting_table($r,$access_controls{$file_name}); + my $button_text = { 'continue' => &mt('Proceed'), 'cancel' => &mt('Back to directory listing'), }; - &close_form($r,$url,$group,$button_text); + &close_form($r,$url,$group,$button_text); + } else { + $r->print($header); + if ($aclcount) { + $r->print($info); + } + &view_access_settings($r,$url,$group,$access_controls{$file_name}, + $aclcount); + } +} + +sub view_access_settings { + my ($r,$url,$group,$access_controls,$aclcount) = @_; + my ($showstart,$showend); + my %todisplay; + foreach my $key (sort(keys(%{$access_controls}))) { + my ($num,$scope,$end,$start) = &unpack_acc_key($key); + $todisplay{$scope}{$key} = $$access_controls{$key}; + } + if ($aclcount) { + $r->print(&mt('

Current access controls defined for this file:

')); + $r->print(&Apache::loncommon::start_data_table()); + $r->print(&Apache::loncommon::start_data_table_header_row()); + $r->print(''.&mt('Access control').''.&mt('Dates available'). + ''.&mt('Additional information').''); + $r->print(&Apache::loncommon::end_data_table_header_row()); + my $count = 1; + my $chg = 'none'; + &build_access_summary($r,$count,$chg,%todisplay); + $r->print(&Apache::loncommon::end_data_table()); + } else { + $r->print(&mt('No access control settings currently exist for this file.
' )); + } + my $group_arg; + if ($group) { + $group_arg = '&group='.$group; + } + $r->print('
'.&mt('Return to directory listing').''); + return; } +sub build_access_summary { + my ($r,$count,$chg,%todisplay) = @_; + my ($showstart,$showend); + my %scope_desc = ( + public => 'Public', + guest => 'Passphrase-protected', + domains => 'Conditional: domain-based', + users => 'Conditional: user-based', + course => 'Conditional: course-based', + group => 'Conditional: group-based', + ); + my @allscopes = ('public','guest','domains','users','course','group'); + foreach my $scope (@allscopes) { + if ((!(exists($todisplay{$scope}))) || (ref($todisplay{$scope}) ne 'HASH')) { + next; + } + foreach my $key (sort(keys(%{$todisplay{$scope}}))) { + if ($count) { + $r->print(&Apache::loncommon::start_data_table_row()); + } + my ($num,$scope,$end,$start) = &unpack_acc_key($key); + my $content = $todisplay{$scope}{$key}; + if ($chg eq 'delete') { + $showstart = &mt('Deleted'); + $showend = $showstart; + } else { + $showstart = localtime($start); + if ($end == 0) { + $showend = &mt('No end date'); + } else { + $showend = localtime($end); + } + } + $r->print(''.&mt($scope_desc{$scope})); + if (($scope eq 'course') || ($scope eq 'group')) { + if ($chg ne 'delete') { + my $cid = $content->{'domain'}.'_'.$content->{'number'}; + my %course_description = &Apache::lonnet::coursedescription($cid); + $r->print('
('.$course_description{'description'}.')'); + } + } + $r->print(''.&mt('Start: ').$showstart. + '
'.&mt('End: ').$showend.''); + if ($chg ne 'delete') { + if ($scope eq 'guest') { + $r->print(&mt('Passphrase').': '.$content->{'password'}); + } elsif ($scope eq 'course' || $scope eq 'group') { + $r->print(''); + $r->print(''); + if ($scope eq 'course') { + $r->print(''); + } else { + $r->print(''); + } + $r->print(''); + foreach my $id (sort(keys(%{$content->{'roles'}}))) { + $r->print(''); + foreach my $item ('role','access','section','group') { + $r->print(''); + } + $r->print("
'.&mt('Roles').''. + &mt('Access').''. + &mt('Sections').''.&mt('Groups').''.&mt('Teams').'
'); + if ($item eq 'role') { + my $ucscope = $scope; + $ucscope =~ s/^(\w)/uc($1)/e; + my $role_output; + foreach my $role (@{$content->{'roles'}{$id}{$item}}) { + if ($role eq 'all') { + $role_output .= $role.','; + } elsif ($role =~ /^cr/) { + $role_output .= (split('/',$role))[3].','; + } else { + $role_output .= &Apache::lonnet::plaintext($role,$ucscope).','; + } + } + $role_output =~ s/,$//; + $r->print($role_output); + } else { + $r->print(join(',',@{$content->{'roles'}{$id}{$item}})); + } + $r->print('
"); + } + $r->print(""); + } elsif ($scope eq 'domains') { + $r->print(&mt('Domains: ').join(',',@{$content->{'dom'}})); + } elsif ($scope eq 'users') { + my $curr_user_list = &sort_users($content->{'users'}); + $r->print(&mt('Users: ').$curr_user_list); + } else { + $r->print(' '); + } + } else { + $r->print(' '); + } + $r->print(''); + $r->print(&Apache::loncommon::end_data_table_row()); + $count ++; + } + } +} + + sub update_access { my ($r,$url,$group) = @_; my $totalprocessed = 0; @@ -577,93 +768,16 @@ sub update_access { $r->print(''.&mt($title{$chg}). '.'); my $count = 0; + my %todisplay; foreach my $key (sort(keys(%{$$changes{$chg}}))) { - if ($count) { - $r->print(&Apache::loncommon::start_data_table_row()); - } - my ($num,$scope,$end,$start) = &unpack_acc_key($key); + my ($num,$scope,$end,$start) = &unpack_acc_key($key); my $newkey = $key; if ($chg eq 'activate') { $newkey =~ s/^(\d+)/$$translation{$1}/; } - my $content = $$updated_controls{$newkey}; - if ($chg eq 'delete') { - $showstart = &mt('Deleted'); - $showend = $showstart; - } else { - $showstart = localtime($start); - if ($end == 0) { - $showend = &mt('No end date'); - } else { - $showend = localtime($end); - } - } - $r->print(''.&mt($scope)); - if (($scope eq 'course') || ($scope eq 'group')) { - if ($chg ne 'delete') { - my $cid = $content->{'domain'}.'_'.$content->{'number'}; - my %course_description = &Apache::lonnet::coursedescription($cid); - $r->print('
('.$course_description{'description'}.')'); - } - } - $r->print(''.&mt('Start: ').$showstart. - '
'.&mt('End: ').$showend.''); - if ($chg ne 'delete') { - if ($scope eq 'guest') { - $r->print(&mt('Password').': '.$content->{'password'}); - } elsif ($scope eq 'course' || $scope eq 'group') { - $r->print(''); - $r->print(''); - if ($scope eq 'course') { - $r->print(''); - } else { - $r->print(''); - } - $r->print(''); - foreach my $id (sort(keys(%{$content->{'roles'}}))) { - $r->print(''); - foreach my $item ('role','access','section','group') { - $r->print(''); - } - } - $r->print(&Apache::loncommon::end_data_table_row()); - $r->print(&Apache::loncommon::end_data_table()); - } elsif ($scope eq 'domains') { - $r->print(&mt('Domains: ').join(',',@{$content->{'dom'}})); - } elsif ($scope eq 'users') { - my $curr_user_list = &sort_users($content->{'users'}); - $r->print(&mt('Users: ').$curr_user_list); - } else { - $r->print(' '); - } - } else { - $r->print(' '); - } - $r->print(''); - $r->print(&Apache::loncommon::end_data_table_row()); - $count ++; + $todisplay{$scope}{$newkey} = $$updated_controls{$newkey}; } + &build_access_summary($r,$count,$chg,%todisplay); } } $r->print(&Apache::loncommon::end_data_table()); @@ -705,8 +819,12 @@ sub update_access { } &close_form($r,$url,$group); } else { + my $group_arg; + if ($group) { + $group_arg = '&group='.$group; + } $r->print('
'. + '&currentpath='.$env{'form.currentpath'}.$group_arg.'">'. &mt('Display all access settings for this file').''); } return; @@ -857,11 +975,11 @@ sub access_setting_table { $r->print(&Apache::loncommon::end_data_table_row()); $r->print(&Apache::loncommon::end_data_table()); $r->print(''); + ''); $r->print(&Apache::loncommon::end_data_table_header_row()); $r->print(&Apache::loncommon::start_data_table_row()); my $passwd; @@ -877,24 +995,25 @@ sub access_setting_table { $passwd.'" />'); $r->print(&Apache::loncommon::end_data_table_row()); $r->print(&Apache::loncommon::end_data_table()); - $r->print(''); - if (@courses > 0 || @groups > 0) { - $r->print(''); - if (@courses > 0 || @groups > 0) { - $r->print(''); + #if (@courses > 0 || @groups > 0) { + # $r->print(''); + #if (@courses > 0 || @groups > 0) { + # $r->print('
'.&mt('Roles').''. - &mt('Access').''. - &mt('Sections').''.&mt('Groups').''.&mt('Teams').'
'); - if ($item eq 'role') { - my $ucscope = $scope; - $ucscope =~ s/^(\w)/uc($1)/; - my $role_output; - foreach my $role (@{$content->{'roles'}{$id}{$item}}) { - if ($role eq 'all') { - $role_output .= $role.','; - } elsif ($role =~ /^cr/) { - $role_output .= (split('/',$role))[3].','; - } else { - $role_output .= &Apache::lonnet::plaintext($role,$ucscope).','; - } - } - $role_output =~ s/,$//; - $r->print($role_output); - } else { - $r->print(join(',',@{$content->{'roles'}{$id}{$item}})); - } - $r->print(' '); - $r->print('

'.&mt('Password-protected access:').' '.$guesttext.'

'); + $r->print('

'.&mt('Passphrase-protected access:').' '.$guesttext.'

'); $r->print(&Apache::loncommon::start_data_table()); $r->print(&Apache::loncommon::start_data_table_header_row()); $r->print('
'.&mt('Action').''.&mt('Dates available'). - ''. &mt('Password').''. &mt('Passphrase').'
 
'); - &access_element($r,'domains',\%acl_count,\@domains,$access_controls,$now,$then); - $r->print(' '); - &access_element($r,'users',\%acl_count,\@users,$access_controls,$now,$then); - $r->print('
'); - } else { - $r->print(''); - } - &access_element($r,'course',\%acl_count,\@courses,$access_controls,$now,$then); - $r->print('
 
'); - } else { - $r->print(' '); - } - &access_element($r,'group',\%acl_count,\@groups,$access_controls,$now,$then); + + #$r->print('
 
'); + #&access_element($r,'domains',\%acl_count,\@domains,$access_controls,$now,$then); + #$r->print(' '); + #&access_element($r,'users',\%acl_count,\@users,$access_controls,$now,$then); + #$r->print('
'); + #} else { + # $r->print(''); + #} + #&access_element($r,'course',\%acl_count,\@courses,$access_controls,$now,$then); + #$r->print('
 
'); + #} else { + # $r->print(' '); + #} + #&access_element($r,'group',\%acl_count,\@groups,$access_controls,$now,$then); $r->print('
'); } @@ -1032,6 +1151,8 @@ sub course_row { if ($type eq 'group') { $crsgrptext = 'Teams'; } + my $uctype = $type; + $uctype =~ s/^(\w)/uc($1)/e; my ($num,$scope,$end,$start) = &set_identifiers($status,$item,$now,$then, $type); $r->print(''.$js.&actionbox($status,$num,$scope).''); @@ -1040,8 +1161,6 @@ sub course_row { my %course_description = &Apache::lonnet::coursedescription($cid); $r->print(''.$course_description{'description'}.''); } elsif ($status eq 'new') { - my $uctype = $type; - $uctype =~ s/^(\w)/uc($1)/e; $r->print(''.&Apache::loncommon::selectcourse_link('portform','crsnum_'.$num,'crsdom_'.$num,'description_'.$num,undef,undef,$uctype).'  '); } $r->print(''.&dateboxes($num,$start,$end).''); @@ -1059,7 +1178,7 @@ sub course_row { my $role_selects = &role_selectors($num,$role_id,$status,$type,$content,'display'); $r->print('
'.$role_selects.''); } - $r->print('
'.&mt('Add a roles-based condition').' {'domain'}','$content->{'number'}','Course'".')" value="'.$max_id.'" />'); + $r->print('
'.&mt('Add a roles-based condition').' {'domain'}','$content->{'number'}','$uctype'".')" value="'.$max_id.'" />'); } elsif ($status eq 'new') { my $role_id = 1; my $role_selects = &role_selectors($num,$role_id,$status,$type,undef,'display'); @@ -1185,8 +1304,10 @@ sub role_selectors { $cdom = $env{'form.cdom'}; $cnum = $env{'form.cnum'}; } + my $uctype = $type; + $uctype =~ s/^(\w)/uc($1)/e; my ($sections,$groups,$allroles,$rolehash,$accesshash) = - &Apache::loncommon::get_secgrprole_info($cdom,$cnum,1,$type); + &Apache::loncommon::get_secgrprole_info($cdom,$cnum,1,$uctype); if (!@{$sections}) { @{$sections} = ('none'); } else { @@ -1244,6 +1365,10 @@ sub role_options_window { my $cnum = $env{'form.cnum'}; my $type = $env{'form.type'}; my $addindex = $env{'form.setroles'}; + my $grouptitle = 'Groups'; + if ($type eq 'Group') { + $grouptitle = 'Teams'; + } my $role_selects = &role_selectors(1,1,'new',$type,undef,'rolepicker'); $r->print(<<"END_SCRIPT"); END_SCRIPT $r->print(&mt('Select roles, course status, section(s) and group(s) for users who will be able to access the portfolio file.')); - $r->print('
'.$role_selects.'
'.&mt('Roles').''.&mt('[_1] status',$type).''.&mt('Sections').''.&mt('Groups').'

'); + $r->print(''.$role_selects.'
'.&mt('Roles').''.&mt('[_1] status',$type).''.&mt('Sections').''.&mt($grouptitle).'

'); return; } @@ -1322,6 +1447,14 @@ sub upload { my $fname=$env{'form.uploaddoc.filename'}; my $filesize = (length($env{'form.uploaddoc'})) / 1000; #express in k (1024?) my $disk_quota = 20000; # expressed in k + if (defined($group)) { + my $grp_quota = &get_group_quota($group); # quota expressed in k + if ($grp_quota ne '') { + $disk_quota = $grp_quota; + } else { + $disk_quota = 0; + } + } $fname=&Apache::lonnet::clean_filename($fname); my $portfolio_root=&get_portfolio_root($group); @@ -1373,6 +1506,7 @@ sub upload { } } } + sub lock_info { my ($r,$url,$group) = @_; my ($uname,$udom) = &get_name_dom($group); @@ -1455,6 +1589,23 @@ sub get_portfolio_root { return (&Apache::loncommon::propath($udom,$uname).$path); } +sub get_group_quota { + my ($group) = @_; + my $group_quota; + my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + my %curr_groups = &Apache::longroup::coursegroups($cdom,$cnum,$group); + if (%curr_groups) { + my %group_info = &Apache::longroup::get_group_settings( + $curr_groups{$group}); + $group_quota = $group_info{'quota'}; #expressed in Mb + if ($group_quota) { + $group_quota = 1000 * $group_quota; #expressed in k + } + } + return $group_quota; +} + sub get_dir_list { my ($portfolio_root,$group) = @_; my ($uname,$udom) = &get_name_dom($group); @@ -1478,7 +1629,7 @@ sub get_name_dom { sub prepend_group { my ($filename,$group) = @_; if (defined($group)) { - $filename = $group.'/'.$filename; + $filename = $group.$filename; } return $filename; } @@ -1504,6 +1655,37 @@ sub get_port_path { return $port_path; } +sub missing_priv { + my ($r,$url,$priv,$group) = @_; + my $longtext = { + upload => 'upload files', + delete => 'delete files', + rename => 'rename files', + setacl => 'set access controls for files', + }; + my $escpath = &HTML::Entities::encode($env{'form.currentpath'},'&<>"'); + my $rtnlink = 'print(&mt('in this portfolio.')); + } + $rtnlink .= '">'.&mt('Return to directory listing page').''; + $r->print('
'.$rtnlink); + $r->print(&Apache::loncommon::end_page()); + return; +} + sub handler { # this handles file management my $r = shift; @@ -1516,6 +1698,7 @@ sub handler { $url = $1.$2; $caller = $2; } + my ($can_modify,$can_delete,$can_upload,$can_setacl); if ($caller eq 'coursegrp_portfolio') { # Needs to be in a course if (! ($env{'request.course.fn'})) { @@ -1551,10 +1734,33 @@ sub handler { $earlyout = 1; } if ($earlyout) { return OK; } + if (&Apache::lonnet::allowed('mdg',$env{'request.course.id'})) { + $can_modify = 1; + $can_delete = 1; + $can_upload = 1; + $can_setacl = 1; + } else { + if (&Apache::lonnet::allowed('agf',$env{'request.course.id'}.'/'.$group)) { + $can_setacl = 1; + } + if (&Apache::lonnet::allowed('ugf',$env{'request.course.id'}.'/'.$group)) { + $can_upload = 1; + } + if (&Apache::lonnet::allowed('mgf',$env{'request.course.id'}.'/'.$group)) { + $can_modify = 1; + } + if (&Apache::lonnet::allowed('dgf',$env{'request.course.id'}.'/'.$group)) { + $can_delete = 1; + } + } } else { ($uname,$udom) = &get_name_dom(); $portfolio_root = &get_portfolio_root(); $title = &mt('Portfolio Manager'); + $can_modify = 1; + $can_delete = 1; + $can_upload = 1; + $can_setacl = 1; } &Apache::loncommon::no_cache($r); @@ -1588,31 +1794,71 @@ sub handler { } if ($env{'form.uploaddoc.filename'}) { - &upload($r,$url,$group); + if ($can_upload) { + &upload($r,$url,$group); + } else { + &missing_priv($r,$url,'upload',$group), + } } elsif ($env{'form.action'} eq 'delete' && $env{'form.confirmed'}) { - &delete_confirmed($r,$url,$group); + if ($can_delete) { + &delete_confirmed($r,$url,$group); + } else { + &missing_priv($r,$url,'delete',$group); + } } elsif ($env{'form.action'} eq 'delete') { - &delete($r,$url,$group); + if ($can_delete) { + &delete($r,$url,$group); + } else { + &missing_priv($r,$url,'delete',$group); + } } elsif ($env{'form.action'} eq 'deletedir' && $env{'form.confirmed'}) { - &delete_dir_confirmed($r,$url,$group); - } elsif ($env{'form.action'} eq 'deletedir'){ - &delete_dir($r,$url,$group); + if ($can_delete) { + &delete_dir_confirmed($r,$url,$group); + } else { + &missing_priv($r,$url,'delete',$group); + } + } elsif ($env{'form.action'} eq 'deletedir') { + if ($can_delete) { + &delete_dir($r,$url,$group); + } else { + &missing_priv($r,$url,'delete',$group); + } } elsif ($env{'form.action'} eq 'rename' && $env{'form.confirmed'}) { - &rename_confirmed($r,$url,$group); + if ($can_modify) { + &rename_confirmed($r,$url,$group); + } else { + &missing_priv($r,$url,'rename',$group); + } } elsif ($env{'form.rename'}) { $env{'form.selectfile'} = $env{'form.rename'}; $env{'form.action'} = 'rename'; - &rename($r,$url,$group); + if ($can_modify) { + &rename($r,$url,$group); + } else { + &missing_priv($r,$url,'rename',$group); + } } elsif ($env{'form.access'}) { $env{'form.selectfile'} = $env{'form.access'}; $env{'form.action'} = 'chgaccess'; - &display_access($r,$url,$group); + &display_access($r,$url,$group,$can_setacl); } elsif ($env{'form.action'} eq 'chgaccess') { - &update_access($r,$url,$group); + if ($can_setacl) { + &update_access($r,$url,$group); + } else { + &missing_priv($r,$url,'setacl',$group); + } } elsif ($env{'form.action'} eq 'rolepicker') { - &role_options_window($r); + if ($can_setacl) { + &role_options_window($r); + } else { + &missing_priv($r,$url,'setacl',$group); + } } elsif ($env{'form.createdir'}) { - &createdir($r,$url,$group); + if ($can_upload) { + &createdir($r,$url,$group); + } else { + &missing_priv($r,$url,'upload',$group); + } } elsif ($env{'form.lockinfo'}) { &lock_info($r,$url,$group); } else { @@ -1641,11 +1887,14 @@ sub handler { } # need to know if directory is empty so it can be removed if desired my $is_empty=(@dir_list == 2); - &display_common($r,$url,$current_path,$is_empty,\@dir_list,$group); - &display_directory($r,$url,$current_path,$is_empty,\@dir_list,$group); + &display_common($r,$url,$current_path,$is_empty,\@dir_list,$group, + $can_upload); + &display_directory($r,$url,$current_path,$is_empty,\@dir_list,$group, + $can_upload,$can_modify,$can_delete,$can_setacl); $r->print(&Apache::loncommon::end_page()); } return OK; } + 1; __END__