--- loncom/interface/portfolio.pm 2013/07/03 16:00:03 1.247 +++ loncom/interface/portfolio.pm 2018/09/14 21:01:02 1.254.2.3 @@ -1,7 +1,7 @@ # The LearningOnline Network # portfolio browser # -# $Id: portfolio.pm,v 1.247 2013/07/03 16:00:03 raeburn Exp $ +# $Id: portfolio.pm,v 1.254.2.3 2018/09/14 21:01:02 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -199,7 +199,8 @@ sub display_portfolio_usage { .$helpitem .'' .'
' - .&Apache::lonhtmlcommon::display_usage($current_disk_usage,$disk_quota) + .&Apache::lonhtmlcommon::display_usage($current_disk_usage, + $disk_quota,'portfolio') .'
'); } @@ -536,7 +537,7 @@ sub display_directory {


- +

'); @@ -912,7 +913,7 @@ sub display_access { } $info .= "
".&Apache::lonnet::absolute_url($ENV{'SERVER_NAME'})."/adm/$udom/$uname/aboutme
"; if ($group ne '') { - $info .= &mt("Users with privileges to edit course contents may add a course information page to a course using the 'Course Info' button in DOCS").'
'; + $info .= &mt("Users with course editing rights may add a 'Group Portfolio' item using the Course Editor (Collaboration tab), to provide access to viewable group portfolio files.").'
'; } } else { $header = '

'.&mt('Conditional access controls for file: [_1]',$port_path.$env{'form.currentpath'}.$env{'form.access'}).'

'. @@ -942,9 +943,11 @@ sub display_access { sub explain_conditionals { return - &mt('Conditional files are accessible to logged-in users with accounts in the LON-CAPA network, who satisfy the conditions you set.').'
'."\n". - &mt('The conditions can include affiliation with a particular course or community, or a user account in a specific domain.').'
'."\n". - &mt('Alternatively access can be granted to people with specific LON-CAPA usernames and domains.'); + &mt('Conditional files are accessible to users who satisfy the conditions you set.').'
'; } sub view_access_settings { @@ -985,8 +988,9 @@ sub build_access_summary { domains => 'Conditional: domain-based', users => 'Conditional: user-based', course => 'Conditional: course/community-based', + ip => 'Conditional: IP-based', ); - my @allscopes = ('public','guest','domains','users','course'); + my @allscopes = ('public','guest','domains','users','course','ip'); foreach my $scope (@allscopes) { if ((!(exists($todisplay{$scope}))) || (ref($todisplay{$scope}) ne 'HASH')) { next; @@ -1063,6 +1067,9 @@ sub build_access_summary { } elsif ($scope eq 'users') { my $curr_user_list = &sort_users($content->{'users'}); $r->print(&mt('Users: ').$curr_user_list); + } elsif ($scope eq 'ip') { + my $curr_ips_list = &sort_ips($content->{'ip'}); + $r->print(&mt('IP(s):').' '.$curr_ips_list); } else { $r->print(' '); } @@ -1171,7 +1178,7 @@ sub update_access { my $totalnew = 0; my $status = 'new'; my ($firstitem,$lastitem); - my @types = ('course','domains','users'); + my @types = ('course','domains','users','ip'); foreach my $newitem (@types) { $allnew += $env{'form.new'.$newitem}; } @@ -1179,24 +1186,30 @@ sub update_access { my $now = time; my $then = $now + (60*60*24*180); # six months approx. &open_form($r,$url); - my %showtypes = &Apache::lonlocal::texthash ( + my %showtypes = ( course => 'course/community', domains => 'domain', users => 'user', + ip => 'IP', ); foreach my $newitem (@types) { - if ($env{'form.new'.$newitem} > 0) { - $r->print('
'.&mt('Add new [_1]-based[_2] access control for portfolio file: [_3]',''.$showtypes{$newitem},'',''.$env{'form.currentpath'}.$env{'form.selectfile'}.'').'

'); - $firstitem = $totalnew; - $lastitem = $totalnew + $env{'form.new'.$newitem}; - $totalnew = $lastitem; - my @numbers; - for (my $i=$firstitem; $i<$lastitem; $i++) { - push(@numbers,$i); - } - &display_access_row($r,$status,$newitem,\@numbers, - $access_controls{$file_name},$now,$then); + next if ($env{'form.new'.$newitem} <= 0); + $r->print( + '

' + .&mt('Add new [_1]'.$showtypes{$newitem}.'-based[_2] access control for portfolio file: [_3]', + '','', + '' + .$env{'form.currentpath'}.$env{'form.selectfile'}.'') + .'

'); + $firstitem = $totalnew; + $lastitem = $totalnew + $env{'form.new'.$newitem}; + $totalnew = $lastitem; + my @numbers; + for (my $i=$firstitem; $i<$lastitem; $i++) { + push(@numbers,$i); } + &display_access_row($r,$status,$newitem,\@numbers, + $access_controls{$file_name},$now,$then); } &close_form($r,$url); } else { @@ -1281,6 +1294,13 @@ sub build_access_record { 'udom' => $udom }); } + } elsif ($scope eq 'ip') { + my $ipslist = $env{'form.ips_'.$num}; + $ipslist =~ s/\s+//sg; + my %ipshash = map { ($_,1) } (split(/,/,$ipslist)); + foreach my $ip (keys(%ipshash)) { + push(@{$record->{'ip'}},$ip); + } } return $record; } @@ -1306,6 +1326,13 @@ sub sort_users { return $curr_user_list; } +sub sort_ips { + my ($ips) = @_; + if (ref($ips) eq 'ARRAY') { + return join(",\n",sort(@{$ips})); + } +} + sub access_setting_table { my ($r,$url,$filename,$access_controls,$action) = @_; my ($public,$publictext); @@ -1315,6 +1342,7 @@ sub access_setting_table { my @courses = (); my @domains = (); my @users = (); + my @ips = (); my $now = time; my $then = $now + (60*60*24*180); # six months approx. my ($num,$scope,$publicnum,$guestnum); @@ -1337,6 +1365,8 @@ sub access_setting_table { push(@domains,$key); } elsif ($scope eq 'users') { push(@users,$key); + } elsif ($scope eq 'ip') { + push(@ips,$key); } } $acl_count{$scope} ++; @@ -1348,7 +1378,7 @@ sub access_setting_table { $guesttext,$access_controls,%conditionals); } else { &condition_setting($r,$access_controls,$now,$then,\%acl_count, - \@domains,\@users,\@courses); + \@domains,\@users,\@courses,\@ips); } $r->print(''); } @@ -1393,14 +1423,14 @@ sub standard_settings { $r->print(&Apache::loncommon::end_data_table_row()); $r->print(&Apache::loncommon::end_data_table()); $r->print(' '. - ''); + ''); my $numconditionals = 0; my $conditionstext; my %cond_status; - foreach my $scope ('domains','users','course') { + foreach my $scope ('domains','users','course','ip') { $numconditionals += $acl_count->{$scope}; if ($acl_count->{$scope} > 0) { - if ($conditionstext ne 'Active') { + if ($conditionstext ne 'Active') { foreach my $key (keys(%{$conditionals{$scope}})) { $conditionstext = &acl_status($start->{$key},$end->{$key},$now); if ($conditionstext eq 'Active') { @@ -1431,24 +1461,20 @@ sub standard_settings { &build_access_summary($r,$count,$chg,%conditionals); $r->print(&Apache::loncommon::end_data_table()); } else { - $r->print(&make_anchor($url,\%anchor_fields,&mt('Add conditional access')).' '.&mt('based on domain, username, or course/community affiliation.')); + $r->print(&make_anchor($url,\%anchor_fields,&mt('Add conditional access')).' '.&mt("based on domain, username, course/community affiliation or user's IP address.")); } } sub condition_setting { - my ($r,$access_controls,$now,$then,$acl_count,$domains,$users,$courses) = @_; + my ($r,$access_controls,$now,$then,$acl_count,$domains,$users,$courses,$ips) = @_; $r->print(''); &access_element($r,'domains',$acl_count,$domains,$access_controls,$now,$then); $r->print(' '); &access_element($r,'users',$acl_count,$users,$access_controls,$now,$then); - $r->print(''); - if ($acl_count->{course} > 0) { - $r->print(''); - } else { - $r->print(''); - } + $r->print(''); &access_element($r,'course',$acl_count,$courses,$access_controls,$now,$then); - $r->print(''); + $r->print(' '); + &access_element($r,'ip',$acl_count,$ips,$access_controls,$now,$then); $r->print(''); } @@ -1465,19 +1491,15 @@ sub acl_status { sub access_element { my ($r,$type,$acl_count,$items,$access_controls,$now,$then) = @_; - my %typetext = &Apache::lonlocal::texthash( + my %typetext = ( domains => 'Domain', users => 'User', - course => 'Course/Community' + course => 'Course/Community', + ip => 'IP', ); - $r->print('

'.&mt('[_1]-based conditional access: ',$typetext{$type})); + $r->print('

'.&mt($typetext{$type}.'-based conditional access:').' '); if ($$acl_count{$type}) { - $r->print($$acl_count{$type}.' '); - if ($$acl_count{$type} > 1) { - $r->print(&mt('conditions')); - } else { - $r->print(&mt('condition')); - } + $r->print(&mt('[quant,_1,condition]',$$acl_count{$type})); } else { $r->print(&mt('Off')); } @@ -1488,13 +1510,19 @@ sub access_element { sub display_access_row { my ($r,$status,$type,$items,$access_controls,$now,$then) = @_; - my $showtype; + my ($showtype, $infotype); if ($type eq 'course') { $showtype = &mt('Courses/Communities'); + $infotype = 'Course/Community'; } elsif ($type eq 'domains') { $showtype = &mt('Domains'); + $infotype = 'Domain'; } elsif ($type eq 'users') { $showtype = &mt('Users'); + $infotype = 'User'; + } elsif ($type eq 'ip') { + $showtype = &mt('IP-based'); + $infotype = 'IP'; } if (@{$items} > 0) { my @all_doms; @@ -1504,7 +1532,6 @@ sub display_access_row { $r->print(''.&mt('Action?').''.$showtype.''. &mt('Dates available').''); if ($type eq 'course' && $status eq 'old') { - $r->print(''.&mt('Allowed course/community affiliations'). ''); $colspan ++; @@ -1521,6 +1548,8 @@ sub display_access_row { $then); } elsif ($type eq 'users') { &users_row($r,$status,$key,$access_controls,$now,$then); + } elsif ($type eq 'ip') { + &ips_row($r,$status,$key,$access_controls,$now,$then); } $r->print(&Apache::loncommon::end_data_table_row()); } @@ -1532,8 +1561,12 @@ sub display_access_row { } $r->print(&Apache::loncommon::end_data_table()); } else { - $r->print(&mt('No [_1]-based conditions defined.',$showtype).'
'. - &additional_item($type)); + $r->print( + '

' + .&mt('No '.$infotype.'-based conditions defined') + .'

' + .&additional_item($type) + ); } return; } @@ -1541,6 +1574,7 @@ sub display_access_row { sub course_js { return qq| |; } @@ -1632,7 +1667,7 @@ sub course_row { } $r->print('
'.&mt('Add a roles-based condition'). ' {'domain'}','$content->{'number'}', '$showtype'".')" value="" />'); $newrole_id = $max_id; @@ -1693,18 +1728,39 @@ sub users_row { $r->print(''.&actionbox($status,$num,$scope).''.&mt("Format for users' username:domain information:").'
sparty:msu,illini:uiuc ... etc.
'.&dateboxes($num,$start,$end).''); } +sub ips_row { + my ($r,$status,$item,$access_controls,$now,$then) = @_; + my ($num,$scope,$end,$start) = &set_identifiers($status,$item,$now,$then, + 'ip'); + my $curr_ips_list; + if ($status eq 'old') { + my $content = $$access_controls{$item}; + $curr_ips_list = &sort_ips($content->{'ip'}); + } + $r->print(''.&actionbox($status,$num,$scope).''.&mt('Format for IP controls').'
'. + &mt('[_1] or [_2] or [_3] or [_4] or [_5]','35.8.*','35.8.3.[34-56]', + '*.msu.edu','35.8.3.34','somehostname.pa.msu.edu').'
'. + &mt('Use a comma to separate different ranges.').'
'. + ''. + ''.&dateboxes($num,$start,$end).''); +} + sub additional_item { my ($type) = @_; my $showtype; if ($type eq 'course') { - $showtype = &mt('course/community'); + $showtype = 'course/community'; } elsif ($type eq 'domains') { - $showtype = &mt('domains'); + $showtype = 'domain'; } elsif ($type eq 'users') { - $showtype = &mt('users'); + $showtype = 'user'; + } elsif ($type eq 'ip') { + $showtype = 'IP'; } - my $output = &mt('Add new [_1] condition(s)?',$showtype).' '.&mt('Number to add: ').''; - return $output; + return + &mt('Add new '.$showtype.'-based condition(s)?') + .' '.&mt('Number to add: ') + .''; } sub actionbox { @@ -1712,7 +1768,7 @@ sub actionbox { my $output = ''; + $output .= ''; return $output; } @@ -2389,7 +2445,7 @@ sub get_group_quota { if (%curr_groups) { my %group_info = &Apache::longroup::get_group_settings( $curr_groups{$group}); - $group_quota = $group_info{'quota'}; #expressed in Mb + $group_quota = $group_info{'quota'}; #expressed in MB if ($group_quota) { $group_quota = 1000 * $group_quota; #expressed in k } @@ -2511,8 +2567,8 @@ sub get_quota { } } else { $disk_quota = &Apache::loncommon::get_user_quota($env{'user.name'}, - $env{'user.domain'}); #expressed in Mb - $disk_quota = 1000 * $disk_quota; # convert from Mb to kb + $env{'user.domain'}); #expressed in MB + $disk_quota = 1024 * $disk_quota; # convert from MB to kB } return $disk_quota; } @@ -2542,6 +2598,45 @@ STATE return $state; } +sub valid_container { + my ($uname,$udom,$group) = @_; + my $container_prefix; + if ($group ne '') { + $container_prefix = "/uploaded/$udom/$uname/groups/$group/portfolio"; + } else { + $container_prefix = "/uploaded/$udom/$uname/portfolio"; + } + if ($env{'form.currentpath'}) { + $container_prefix .= $env{'form.currentpath'}; + } else { + $container_prefix .= '/'; + } + if ($env{'form.container'} =~ m{^\Q$container_prefix\E(.+)$}) { + my $filename = $1; + if ($filename eq &Apache::lonnet::clean_filename($filename)) { + return 1; + } + } + return; +} + +sub invalid_parms { + my ($r,$url,$currentpath) = @_; + my $escpath = &HTML::Entities::encode($currentpath,'&<>"'); + my $rtnlink = ''.&mt('Return to directory').''; + $r->print('

'.&mt('Action disallowed').'

'); + $r->print(&mt('Some of the data included with this request were invalid')); + $r->print('
'.$rtnlink); + return; +} + sub handler { # this handles file management my $r = shift; @@ -2615,7 +2710,7 @@ sub handler { } else { ($uname,$udom) = &get_name_dom(); $portfolio_root = &get_portfolio_root(); - $title = &mt('My Space'); + $title = 'My Space'; $can_modify = 1; $can_delete = 1; $can_upload = 1; @@ -2688,6 +2783,21 @@ sub handler { return OK; } } + if (($env{'form.currentpath'}) && ($env{'form.currentpath'} ne '/')) { + my $clean_currentpath = '/'.&Apache::loncommon::clean_path($env{'form.currentpath'}).'/'; + unless ($env{'form.currentpath'} eq $clean_currentpath) { + &invalid_parms($r,$url); + $r->print(&Apache::loncommon::end_page()); + return OK; + } + } + if ($env{'form.container'}) { + unless (&valid_container($uname,$udom,$group)) { + &invalid_parms($r,$url,$env{'form.currentpath'}); + $r->print(&Apache::loncommon::end_page()); + return OK; + } + } if (($env{'form.storeupl'}) & (!$env{'form.uploaddoc.filename'})){ $r->print( '

' @@ -2700,7 +2810,7 @@ sub handler { } if ($env{'form.meta'}) { &open_form($r,$url); - $r->print(&mt('Edit the meta data').'
'); + $r->print(&mt('Edit Metadata').'
'); &close_form($r,$url); } if ($env{'form.uploaddoc.filename'}) {