';
+ my $result = &Apache::lonhtmlcommon::actionbox(
+ [&make_anchor($url,\%anchor_fields,&mt($linktext))]);
return $result;
}
@@ -662,8 +657,12 @@ sub delete {
my @files=&Apache::loncommon::get_env_multiple('form.selectfile');
my ($uname,$udom) = &get_name_dom($group);
if (&Apache::lonnet::is_locked($file_name,$udom,$uname) eq 'true') {
- $r->print(&mt('The file is locked and cannot be deleted.').' ');
- $r->print(&done('Back',$url));
+ $r->print(
+ '
'
+ .&mt('The file is locked and cannot be deleted.')
+ .'
'
+ .&done(undef,$url)
+ );
} else {
if (scalar(@files)) {
&open_form($r,$url);
@@ -684,18 +683,21 @@ sub delete_confirmed {
my $port_path = &get_port_path();
my $current_permissions = &Apache::lonnet::get_portfile_permissions($udom,
$uname);
+ my @msg;
foreach my $delete_file (@files) {
- $result=&Apache::lonnet::removeuserfile($uname,$udom,$port_path.
- $env{'form.currentpath'}.
- $delete_file);
+ $result =
+ &Apache::lonnet::removeuserfile(
+ $uname,$udom,$port_path.
+ $env{'form.currentpath'}.
+ $delete_file);
if ($result ne 'ok') {
- $r->print(''
- .&mt('An error occurred ([_1]) while trying to delete [_2].'
- ,$result,&display_file(undef, $delete_file))
- .'
');
- } else {
- $r->print(&mt('File: [_1] deleted.',
- &display_file(undef,$delete_file)));
+ push(@msg, &Apache::lonhtmlcommon::confirm_success(
+ &mt('An error occurred ([_1]) while trying to delete [_2].'
+ ,$result,&display_file(undef, $delete_file)),1));
+ } else {
+ push(@msg, &Apache::lonhtmlcommon::confirm_success(
+ &mt('File: [_1] deleted.'
+ ,&display_file(undef,$delete_file))));
my $file_name = $env{'form.currentpath'}.$delete_file;
$file_name = &prepend_group($file_name);
my %access_controls =
@@ -711,23 +713,24 @@ sub delete_confirmed {
&Apache::lonnet::modify_access_controls($file_name,\%changes,
$udom,$uname);
if ($outcome ne 'ok') {
- $r->print(' '.&mt("An error occurred ([_1]) while ".
- "trying to delete access controls for the file.",$outcome).
- '
');
+ push(@msg, &Apache::lonhtmlcommon::confirm_success(
+ &mt('An error occurred ([_1]) while '.
+ 'trying to delete access controls for the file.',$outcome),1));
} else {
if ($deloutcome eq 'ok') {
- $r->print(' '.&mt('Access controls also deleted for the file.').'
');
+ push(@msg, &mt('Access controls also deleted for the file.')); # FIXME: Does the user really need this message?
} else {
- $r->print(''.' '.
- &mt("An error occurred ([_1]) while ".
- "trying to delete access controls for the file.",$deloutcome).
- '
');
+ push(@msg, &Apache::lonhtmlcommon::confirm_success(
+ &mt('An error occurred ([_1]) while '.
+ 'trying to delete access controls for the file.'
+ ,$deloutcome),1));
}
}
}
}
}
}
+ $r->print(&Apache::loncommon::confirmwrapper(join(' ',@msg)));
$r->print(&done(undef,$url));
}
@@ -747,12 +750,15 @@ sub delete_dir_confirmed {
my $port_path = &get_port_path();
my $result=&Apache::lonnet::removeuserfile($uname,$udom,$port_path.
$directory_name);
-
+
if ($result ne 'ok') {
- $r->print(''
- .&mt('An error occurred (dir) ([_1]) while trying to delete [_2].'
- ,$result,$directory_name)
- .' ');
+ $r->print(
+ &Apache::loncommon::confirmwrapper(
+ &Apache::lonhtmlcommon::confirm_success(
+ &mt('An error occurred (dir) ([_1]) while trying to delete [_2].'
+ ,$result,$directory_name),1)));
+ $r->print(&done(undef,$url));
+ return;
} else {
# now remove from recent
&Apache::lonhtmlcommon::remove_recent($namespace,[$directory_name.'/']);
@@ -763,6 +769,10 @@ sub delete_dir_confirmed {
}
$env{'form.currentpath'} = $directory_name;
}
+ $r->print(
+ &Apache::loncommon::confirmwrapper(
+ &Apache::lonhtmlcommon::confirm_success(
+ &mt('Directory successfully deleted'))));
$r->print(&done(undef,$url));
}
@@ -772,7 +782,11 @@ sub rename {
my ($uname,$udom) = &get_name_dom($group);
$file_name = &prepend_group($file_name);
if (&Apache::lonnet::is_locked($file_name,$udom,$uname) eq 'true') {
- $r->print("The file is locked and cannot be renamed. ");
+ $r->print(
+ '
'
+ .&mt('The file is locked and cannot be renamed.')
+ .'
'
+ );
$r->print(&done(undef,$url));
} else {
&open_form($r,$url);
@@ -787,13 +801,32 @@ sub rename_confirmed {
my $filenewname=&Apache::lonnet::clean_filename($env{'form.filenewname'});
my ($uname,$udom) = &get_name_dom($group);
my $port_path = &get_port_path();
+
+ # Display warning in case of filename cleaning has changed the filename
+ if ($filenewname ne $env{'form.filenewname'}) {
+ $r->print(
+ '
'
+ .&mt('Invalid characters')
+ .' '
+ .&mt('The new filename was changed from [_1] to [_2].'
+ ,''.&display_file('',$env{'form.filenewname'}).''
+ ,''.&display_file('',$filenewname).'')
+ .'
'
+ );
+
+ }
+
+ # Filename empty?
if ($filenewname eq '') {
- $r->print(''.
- &mt("Error: no valid filename was provided to rename to.").
- ' ');
- $r->print(&done(undef,$url));
- return;
+ $r->print(
+ &Apache::loncommon::confirmwrapper(
+ &Apache::lonhtmlcommon::confirm_success(
+ &mt('Error: no valid filename was provided to rename to.'),1)));
+ $r->print(&done(undef,$url));
+ return;
}
+
+ # Rename the file
my $chg_access;
my $result=
&Apache::lonnet::renameuserfile($uname,$udom,
@@ -802,18 +835,20 @@ sub rename_confirmed {
if ($result eq 'ok') {
$chg_access = &access_for_renamed($filenewname,$group,$udom,$uname);
} else {
- $r->print(''.
- &mt('An error occurred ([_1]) while trying to rename [_2] to [_3].'
- ,$result,&display_file(),&display_file('',$filenewname))
- .' ');
+ $r->print(
+ &Apache::loncommon::confirmwrapper(
+ &Apache::lonhtmlcommon::confirm_success(
+ &mt('An error occurred ([_1]) while trying to rename [_2] to [_3].'
+ ,$result,&display_file(),&display_file('',$filenewname))
+ ,1)));
+ $r->print(&done(undef,$url));
return;
}
- if ($filenewname ne $env{'form.filenewname'}) {
- $r->print(&mt("The new file name was changed from: [_1] to [_2]",
- ''.&display_file('',$env{'form.filenewname'}).'',
- ''.&display_file('',$filenewname).''));
- }
$r->print($chg_access);
+ $r->print(
+ &Apache::loncommon::confirmwrapper(
+ &Apache::lonhtmlcommon::confirm_success(
+ &mt('File successfully renamed'))));
$r->print(&done(undef,$url));
}
@@ -868,7 +903,7 @@ sub access_for_renamed {
}
sub display_access {
- my ($r,$url,$group,$can_setacl,$port_path,$action) = @_;
+ my ($r,$url,$group,$can_setacl,$can_viewacl,$port_path,$action) = @_;
my ($uname,$udom) = &get_name_dom($group);
my $file_name = $env{'form.currentpath'}.$env{'form.access'};
$file_name = &prepend_group($file_name);
@@ -878,21 +913,29 @@ sub display_access {
my $aclcount = keys(%access_controls);
my ($header,$info);
if ($action eq 'chgaccess') {
- $header = '
'.&mt('Allowing others to retrieve file: [_1]',$port_path.$env{'form.currentpath'}.$env{'form.access'}).'
';
+ my $uhome = &Apache::lonnet::homeserver($uname,$udom);
+ my $prefix = &Apache::lonnet::url_prefix($r,$udom,$uhome,'web');
+ $header =
+ '
';
$info .= &mt('Access to this file by others can be set to be one or more of the following types: public, passphrase-protected or conditional.');
$info .= '
'.&mt('Public files are available to anyone without the need for login.');
$info .= '
'.&mt('Passphrase-protected files do not require log-in, but will require the viewer to enter the passphrase you set.');
$info .= '
'.&explain_conditionals();
$info .= '
'.
- &mt('A listing of files viewable without log-in is available at: ')."".&Apache::lonnet::absolute_url($ENV{'SERVER_NAME'})."/adm/$udom/$uname/aboutme/portfolio. ";
+ &mt('A listing of files viewable without log-in is available at: ')."$prefix/adm/$udom/$uname/aboutme/portfolio. ";
if ($group eq '') {
$info .= &mt("For logged in users a 'Display file listing' link will also appear (when there are viewable files) on your personal information page:");
} else {
$info .= &mt("For logged in users a 'Display file listing' link will also appear (when there are viewable files) on the course information page:");
}
- $info .= " ".&Apache::lonnet::absolute_url($ENV{'SERVER_NAME'})."/adm/$udom/$uname/aboutme ";
+ $info .= " $prefix/adm/$udom/$uname/aboutme ";
if ($group ne '') {
- $info .= &mt("Users with privileges to edit course contents may add a course information page to a course using the 'Course Info' button in DOCS").' ';
+ $info .= &mt("Users with course editing rights may add a 'Group Portfolio' item using the Course Editor (Collaboration tab), to provide access to viewable group portfolio files.").' ';
}
} else {
$header = '
'.&mt('Conditional access controls for file: [_1]',$port_path.$env{'form.currentpath'}.$env{'form.access'}).'
'.
@@ -911,20 +954,30 @@ sub display_access {
'cancel' => &mt('Return to directory'),
};
&close_form($r,$url,$button_text);
- } else {
+ } elsif ($can_viewacl) {
$r->print($header);
if ($aclcount) {
$r->print($info);
}
&view_access_settings($r,$url,$access_controls{$file_name},$aclcount);
+ } else {
+ $r->print($header);
+ $r->print(&mt('You do not have sufficient privileges to view access controls').' ');
}
+ my %anchor_fields = (
+ 'currentpath' => $env{'form.currentpath'}
+ );
+ $r->print(' '.&make_anchor($url, \%anchor_fields, &mt('Return to directory')));
+ return;
}
sub explain_conditionals {
return
- &mt('Conditional files are accessible to logged-in users with accounts in the LON-CAPA network, who satisfy the conditions you set.').' '."\n".
- &mt('The conditions can include affiliation with a particular course or community, or a user account in a specific domain.').' '."\n".
- &mt('Alternatively access can be granted to people with specific LON-CAPA usernames and domains.');
+ &mt('Conditional files are accessible to users who satisfy the conditions you set.').'
'.
+ '
'.&mt('Conditions can be IP-based, in which case no log-in is required').'
'.
+ '
'.&mt("Conditions can also be based on a user's status, in which case the user needs an account in the LON-CAPA network, and needs to be logged in.").' '."\n".
+ &mt('The status-based conditions can include affiliation with a particular course or community, or a user account in a specific domain.').' '."\n".
+ &mt('Alternatively access can be granted to people with specific LON-CAPA usernames and domains.').'
';
}
sub view_access_settings {
@@ -965,8 +1018,9 @@ sub build_access_summary {
domains => 'Conditional: domain-based',
users => 'Conditional: user-based',
course => 'Conditional: course/community-based',
+ userip => 'Conditional: IP-based',
);
- my @allscopes = ('public','guest','domains','users','course');
+ my @allscopes = ('public','guest','domains','users','course','userip');
foreach my $scope (@allscopes) {
if ((!(exists($todisplay{$scope}))) || (ref($todisplay{$scope}) ne 'HASH')) {
next;
@@ -1043,6 +1097,9 @@ sub build_access_summary {
} elsif ($scope eq 'users') {
my $curr_user_list = &sort_users($content->{'users'});
$r->print(&mt('Users: ').$curr_user_list);
+ } elsif ($scope eq 'userip') {
+ my $curr_ips_list = &sort_ips($content->{'userip'});
+ $r->print(&mt('IP(s):').' '.$curr_ips_list);
} else {
$r->print(' ');
}
@@ -1083,8 +1140,8 @@ sub update_access {
}
}
my $file_name = $env{'form.currentpath'}.$env{'form.selectfile'};
- $r->print('
'.&mt('Allowing others to retrieve file: [_1]',
- $port_path.$file_name).'
'."\n");
+ $r->print('
'.&mt('Allowing others to retrieve file: [_1]',
+ ''.$port_path.$file_name.'').'
'."\n");
$file_name = &prepend_group($file_name);
my ($uname,$udom) = &get_name_dom($group);
my ($errors,$outcome,$deloutcome,$new_values,$translation);
@@ -1151,7 +1208,7 @@ sub update_access {
my $totalnew = 0;
my $status = 'new';
my ($firstitem,$lastitem);
- my @types = ('course','domains','users');
+ my @types = ('course','domains','users','userip');
foreach my $newitem (@types) {
$allnew += $env{'form.new'.$newitem};
}
@@ -1159,24 +1216,30 @@ sub update_access {
my $now = time;
my $then = $now + (60*60*24*180); # six months approx.
&open_form($r,$url);
- my %showtypes = &Apache::lonlocal::texthash (
+ my %showtypes = (
course => 'course/community',
domains => 'domain',
users => 'user',
+ userip => 'IP',
);
foreach my $newitem (@types) {
- if ($env{'form.new'.$newitem} > 0) {
- $r->print(' '.&mt('Add new [_1]-based[_2] access control for portfolio file: [_3]',''.$showtypes{$newitem},'',''.$env{'form.currentpath'}.$env{'form.selectfile'}.'').'
'.&mt("Format for users' username:domain information:").' sparty:msu,illini:uiuc ... etc.
'.&dateboxes($num,$start,$end).'
');
}
+sub ips_row {
+ my ($r,$status,$item,$access_controls,$now,$then) = @_;
+ my ($num,$scope,$end,$start) = &set_identifiers($status,$item,$now,$then,
+ 'userip');
+ my $curr_ips_list;
+ if ($status eq 'old') {
+ my $content = $$access_controls{$item};
+ $curr_ips_list = &sort_ips($content->{'userip'});
+ }
+ $r->print('
'.&actionbox($status,$num,$scope).'
'.&mt('Format for IP controls').' '.
+ &mt('[_1] or [_2] or [_3] or [_4] or [_5]','35.8.*','35.8.3.[34-56]',
+ '*.msu.edu','35.8.3.34','somehostname.pa.msu.edu').' '.
+ &mt('Use a comma to separate different ranges.').''.
+ '
'.
+ '
'.&dateboxes($num,$start,$end).'
');
+}
+
sub additional_item {
my ($type) = @_;
my $showtype;
if ($type eq 'course') {
- $showtype = &mt('course/community');
+ $showtype = 'course/community';
} elsif ($type eq 'domains') {
- $showtype = &mt('domains');
+ $showtype = 'domain';
} elsif ($type eq 'users') {
- $showtype = &mt('users');
+ $showtype = 'user';
+ } elsif ($type eq 'userip') {
+ $showtype = 'IP';
}
- my $output = &mt('Add new [_1] condition(s)?',$showtype).' '.&mt('Number to add: ').'';
- return $output;
+ return
+ &mt('Add new '.$showtype.'-based condition(s)?')
+ .' '.&mt('Number to add: ')
+ .'';
}
sub actionbox {
@@ -1690,7 +1798,7 @@ sub actionbox {
my $output = '';
+ $output .= '';
return $output;
}
@@ -1949,10 +2057,14 @@ sub upload {
my $fname = &Apache::lonnet::clean_filename($env{'form.'.$formname.'.filename'});
my ($state,$msg);
if ($fname eq '') {
- my $msg = &mt('Invalid filename: [_1]; the name of the uploaded file did not contain any letters, '.
+ $r->print(
+ &Apache::loncommon::confirmwrapper(
+ &Apache::lonhtmlcommon::confirm_success(
+ &mt('Invalid filename: [_1]; the name of the uploaded file did not contain any letters, '.
'so after eliminating special characters there was nothing left.',
- ''.$env{'form.uploaddoc.filename'}.'');
- $r->print($msg.&done('Back',$url));
+ ''.$env{'form.uploaddoc.filename'}.''),1)));
+
+ $r->print(&done(undef,$url));
return;
}
my $disk_quota = &get_quota($group);
@@ -1969,7 +2081,7 @@ sub upload {
if ($state eq 'will_exceed_quota'
|| $state eq 'file_locked'
|| $state eq 'zero_bytes') {
- $r->print($msg.&done('Back',$url));
+ $r->print($msg.&done(undef,$url));
return;
}
@@ -2048,31 +2160,40 @@ function confirmOverwrite() {
}
// ]]>
+
$msg
-
+
+
END
} else {
- $r->print(''.&mt('An error occurred ([_1]) while trying to upload [_2].'
- ,$result,&display_file(undef,$fname)).' ');
- $r->print(&done('Back',$url));
+ $r->print(
+ &Apache::loncommon::confirmwrapper(
+ &Apache::lonhtmlcommon::confirm_success(
+ &mt('An error occurred ([_1]) while trying to upload [_2].'
+ ,$result,&display_file(undef,$fname)),1)));
+ $r->print(&done(undef,$url));
}
} elsif ($result !~ m|^/uploaded/|) {
- $r->print(''.&mt('An error occurred ([_1]) while trying to upload [_2].'
- ,$result,&display_file(undef,$fname)).' ');
- $r->print(&done('Back',$url));
+ $r->print(
+ &Apache::loncommon::confirmwrapper(
+ &Apache::lonhtmlcommon::confirm_success(
+ &mt('An error occurred ([_1]) while trying to upload [_2].'
+ ,$result,&display_file(undef,$fname)),1)));
+ $r->print(&done(undef,$url));
} else {
if (!&suppress_embed_prompt()) {
if ($mimetype eq 'text/html') {
@@ -2080,11 +2201,14 @@ END
&print_dependency_form($r,$url,\%allfiles,\%codebase,$result);
return;
} else {
- $r->print('
'.&mt('Completed upload of the file.').' '.
- &mt('No embedded items identified.').'
');
+ $r->print('
'.&mt('No embedded items identified.').'
');
}
}
}
+ $r->print(
+ &Apache::loncommon::confirmwrapper(
+ &Apache::lonhtmlcommon::confirm_success(
+ &mt('File successfully uploaded'))));
$r->print(&done(undef,$url));
}
return;
@@ -2151,10 +2275,13 @@ sub overwrite {
}
}
if ($fname eq '') {
- my $msg = &mt('Invalid filename: [_1]; the name of the uploaded file did not contain any letters, '.
+ $r->print(
+ &Apache::loncommon::confirmwrapper(
+ &Apache::lonhtmlcommon::confirm_success(
+ &mt('Invalid filename: [_1]; the name of the uploaded file did not contain any letters, '.
'so after eliminating special characters there was nothing left.',
- ''.$env{'form.filename'}.'');
- $r->print($msg.&done('Back',$url));
+ ''.$env{'form.filename'}.''),1)));
+ $r->print(&done(undef,$url));
return;
}
$env{'form.'.$formname.'.filename'} = $fname;
@@ -2165,9 +2292,11 @@ sub overwrite {
\%allfiles,\%codebase,undef,undef,undef,
undef,undef,undef,\$mimetype);
if ($result !~ m|^/uploaded/|) {
- $r->print(''.&mt('An error occurred ([_1]) while trying to overwrite [_2].'
- ,$result,&display_file(undef,$fname)).' ');
- $r->print(&after_overwrite(&mt('Back'),$url));
+ $r->print(
+ &Apache::loncommon::confirmwrapper(
+ &Apache::lonhtmlcommon::confirm_success(
+ &mt('An error occurred ([_1]) while trying to overwrite [_2].'
+ ,$result,&display_file(undef,$fname)),1)));
} else {
if ($mode eq 'parse') {
if ($mimetype eq 'text/html') {
@@ -2175,18 +2304,21 @@ sub overwrite {
&print_dependency_form($r,$url,\%allfiles,\%codebase,$result);
return;
} else {
- $r->print('
'
+ );
+ return;
}
sub lock_info {
@@ -2224,7 +2356,7 @@ sub lock_info {
$filetext = ''.$env{'form.lockinfo'}.
' (group: '.$group.')';
} else {
- $filetext = ''.$file_name.'';
+ $filetext = ''.$file_name.'';
}
my $title =''.&Apache::lonnet::gettitle($$array_item[0]).
@@ -2247,20 +2379,36 @@ sub lock_info {
}
}
}
- $r->print(&done(&mt('Back'),$url));
+ $r->print(&done(undef,$url));
return 'ok';
}
sub createdir {
my ($r,$url,$group)=@_;
my $newdir=&Apache::lonnet::clean_filename($env{'form.newdir'});
+ # Display warning in case of directory name cleaning has changed the directory name
+ if ($newdir ne $env{'form.newdir'}) {
+ $r->print(
+ '
'
+ .&mt('Invalid characters')
+ .' '
+ .&mt('The new directory name was changed from [_1] to [_2].'
+ ,''.$env{'form.newdir'}.''
+ ,''.$newdir.'')
+ .'
');
+ $r->print(&mt('Some of the data included with this request were invalid'));
+ $r->print(' '.$rtnlink);
+ return;
+}
+
sub handler {
# this handles file management
my $r = shift;
@@ -2486,7 +2695,7 @@ sub handler {
$url = $1.$2;
$caller = $2;
}
- my ($can_modify,$can_delete,$can_upload,$can_setacl);
+ my ($can_modify,$can_delete,$can_upload,$can_setacl,$can_viewacl);
if ($caller eq 'coursegrp_portfolio') {
# Needs to be in a course
if (! ($env{'request.course.fn'})) {
@@ -2530,6 +2739,7 @@ sub handler {
$can_delete = 1;
$can_upload = 1;
$can_setacl = 1;
+ $can_viewacl = 1;
} else {
if (&Apache::lonnet::allowed('agf',$env{'request.course.id'}.'/'.$group)) {
$can_setacl = 1;
@@ -2543,15 +2753,22 @@ sub handler {
if (&Apache::lonnet::allowed('dgf',$env{'request.course.id'}.'/'.$group)) {
$can_delete = 1;
}
+ if (&Apache::lonnet::allowed('rgf',$env{'request.course.id'}.'/'.$group)) {
+ $can_viewacl = 1;
+ }
}
} else {
($uname,$udom) = &get_name_dom();
$portfolio_root = &get_portfolio_root();
- $title = &mt('My Space');
+ $title = 'My Space';
$can_modify = 1;
$can_delete = 1;
$can_upload = 1;
- $can_setacl = 1;
+ if (&Apache::lonnet::usertools_access('','','portaccess',
+ undef,'tools')) {
+ $can_viewacl = 1;
+ $can_setacl = 1;
+ }
}
my $port_path = &get_port_path();
@@ -2561,16 +2778,19 @@ sub handler {
# Give the LON-CAPA page header
my $brcrum = [{href=>"/adm/portfolio",text=>"Portfolio Manager"}];
+ my $js = '';
+
if ($env{"form.mode"} eq 'selectfile'){
- $r->print(&Apache::loncommon::start_page($title,undef,
+ $r->print(&Apache::loncommon::start_page($title, $js,
{'only_body' => 1}));
} elsif ($env{'form.action'} eq 'rolepicker') {
- $r->print(&Apache::loncommon::start_page('New role-based condition',undef,
+ $r->print(&Apache::loncommon::start_page('New role-based condition', $js,
{'no_nav_bar' => 1, }));
} elsif ($caller eq 'coursegrp_portfolio') {
- $r->print(&Apache::loncommon::start_page($title));
+ $r->print(&Apache::loncommon::start_page($title, $js));
} else {
- $r->print(&Apache::loncommon::start_page($title,undef,
+ $r->print(&Apache::loncommon::start_page($title, $js,
{'bread_crumbs' => $brcrum}));
if (!&Apache::lonnet::usertools_access($uname,$udom,'portfolio')) {
$r->print('
'.&mt('No user portfolio available') .'
'.
@@ -2584,8 +2804,9 @@ sub handler {
}
$r->rflush();
# Check if access to portfolio is blocked by one or more blocking events in courses.
+ my $clientip = &Apache::lonnet::get_requestor_ip($r);
my ($blocked,$blocktext) =
- &Apache::loncommon::blocking_status('port',$uname,$udom);
+ &Apache::loncommon::blocking_status('port',$clientip,$uname,$udom);
if ($blocked) {
my $evade_block;
# If portfolio display is in a window popped up from a "Select Portfolio Files"
@@ -2620,15 +2841,34 @@ sub handler {
return OK;
}
}
+ if (($env{'form.currentpath'}) && ($env{'form.currentpath'} ne '/')) {
+ my $clean_currentpath = '/'.&Apache::loncommon::clean_path($env{'form.currentpath'}).'/';
+ unless ($env{'form.currentpath'} eq $clean_currentpath) {
+ &invalid_parms($r,$url);
+ $r->print(&Apache::loncommon::end_page());
+ return OK;
+ }
+ }
+ if ($env{'form.container'}) {
+ unless (&valid_container($uname,$udom,$group)) {
+ &invalid_parms($r,$url,$env{'form.currentpath'});
+ $r->print(&Apache::loncommon::end_page());
+ return OK;
+ }
+ }
if (($env{'form.storeupl'}) & (!$env{'form.uploaddoc.filename'})){
- $r->print('');
- $r->print(&mt('No file was selected to upload.').' ');
- $r->print(&mt('To upload a file, click Browse... and select a file, then click Upload.'));
- $r->print('');
+ $r->print(
+ '
'
+ .&mt('No file was selected to upload.')
+ .' '
+ .&mt('To upload a file, click [_1]Browse...[_2] and select a file, then click [_1]Upload[_2].'
+ ,'','')
+ .'
'
+ );
}
if ($env{'form.meta'}) {
&open_form($r,$url);
- $r->print(&mt('Edit the meta data').' ');
+ $r->print(&mt('Edit Metadata').' ');
&close_form($r,$url);
}
if ($env{'form.uploaddoc.filename'}) {
@@ -2662,8 +2902,8 @@ sub handler {
} elsif ($env{'form.action'} eq 'modify_orightml') {
if ($can_upload) {
my $result =
- &Apache::loncommon::modify_html_refs('portfolio',$port_path,$uname,$udom,$group,
- $portfolio_root,$group);
+ &Apache::loncommon::modify_html_refs('portfolio',$port_path,$uname,
+ $udom,$portfolio_root);
$r->print($result.
&done('Return to directory',$url));
} else {
@@ -2709,10 +2949,14 @@ sub handler {
}
} elsif ($env{'form.access'}) {
$env{'form.selectfile'} = $env{'form.access'};
- if (!defined($env{'form.action'})) {
+ if (!defined($env{'form.action'})) {
$env{'form.action'} = 'chgaccess';
}
- &display_access($r,$url,$group,$can_setacl,$port_path,$env{'form.action'});
+ if (($can_viewacl) || ($can_setacl)) {
+ &display_access($r,$url,$group,$can_setacl,$can_viewacl,$port_path,$env{'form.action'});
+ } else {
+ &missing_priv($r,$url,'viewacl');
+ }
} elsif (($env{'form.action'} eq 'chgaccess') ||
($env{'form.action'} eq 'chgconditions')) {
if ($can_setacl) {
@@ -2786,7 +3030,8 @@ sub handler {
&display_common($r,$url,$current_path,$is_empty,$dirlistref,
$can_upload,$group);
&display_directory($r,$url,$current_path,$is_empty,$dirlistref,$group,
- $can_upload,$can_modify,$can_delete,$can_setacl);
+ $can_upload,$can_modify,$can_delete,$can_setacl,
+ $can_viewacl,$caller);
}
$r->print(&Apache::loncommon::end_page());
return OK;