--- loncom/interface/portfolio.pm 2019/08/07 16:08:04 1.260 +++ loncom/interface/portfolio.pm 2023/12/28 15:57:27 1.267 @@ -1,7 +1,7 @@ # The LearningOnline Network # portfolio browser # -# $Id: portfolio.pm,v 1.260 2019/08/07 16:08:04 raeburn Exp $ +# $Id: portfolio.pm,v 1.267 2023/12/28 15:57:27 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -122,7 +122,7 @@ END .''.$lt{'upload_label'}.'' .$groupitem .'' - .'' + .'' .'' .'' .'' @@ -267,13 +267,16 @@ sub display_directory_line { sub display_directory { my ($r,$url,$current_path,$is_empty,$dir_list,$group,$can_upload, - $can_modify,$can_delete,$can_setacl)=@_; + $can_modify,$can_delete,$can_setacl,$can_viewacl)=@_; my $iconpath= $r->dir_config('lonIconsURL') . "/"; my $select_mode; my $checked_files; my $port_path = &get_port_path(); my ($uname,$udom) = &get_name_dom($group); - my $access_admin_text = &mt('View Status'); + my $access_admin_text; + if ($can_viewacl) { + $access_admin_text = &mt('View Status'); + } if ($can_setacl) { $access_admin_text = &mt('View/Change Status'); } @@ -514,7 +517,7 @@ sub display_directory { } } &display_directory_line($r,$select_mode, $filename, $mtime, $size, $css_class, $line, - \%access_controls, $curr_access,$now, $version_flag, $href_location, + \%access_controls, $curr_access, $now, $version_flag, $href_location, $url, $current_path, $access_admin_text); if ($show_versions) { foreach my $dir_line (@{ $versioned{$fullpath} }) { @@ -887,7 +890,7 @@ sub access_for_renamed { } sub display_access { - my ($r,$url,$group,$can_setacl,$port_path,$action) = @_; + my ($r,$url,$group,$can_setacl,$can_viewacl,$port_path,$action) = @_; my ($uname,$udom) = &get_name_dom($group); my $file_name = $env{'form.currentpath'}.$env{'form.access'}; $file_name = &prepend_group($file_name); @@ -897,6 +900,8 @@ sub display_access { my $aclcount = keys(%access_controls); my ($header,$info); if ($action eq 'chgaccess') { + my $uhome = &Apache::lonnet::homeserver($uname,$udom); + my $prefix = &Apache::lonnet::url_prefix($r,$udom,$uhome,'web'); $header = '

' .&mt('Allowing others to retrieve file: [_1]' @@ -909,13 +914,13 @@ sub display_access { $info .= '
  • '.&mt('Passphrase-protected files do not require log-in, but will require the viewer to enter the passphrase you set.'); $info .= '
  • '.&explain_conditionals(); $info .= '
    • '. - &mt('A listing of files viewable without log-in is available at: ')."".&Apache::lonnet::absolute_url($ENV{'SERVER_NAME'})."/adm/$udom/$uname/aboutme/portfolio.
    "; + &mt('A listing of files viewable without log-in is available at: ')."$prefix/adm/$udom/$uname/aboutme/portfolio.
    "; if ($group eq '') { $info .= &mt("For logged in users a 'Display file listing' link will also appear (when there are viewable files) on your personal information page:"); } else { $info .= &mt("For logged in users a 'Display file listing' link will also appear (when there are viewable files) on the course information page:"); } - $info .= "
    ".&Apache::lonnet::absolute_url($ENV{'SERVER_NAME'})."/adm/$udom/$uname/aboutme
    "; + $info .= "
    $prefix/adm/$udom/$uname/aboutme
    "; if ($group ne '') { $info .= &mt("Users with course editing rights may add a 'Group Portfolio' item using the Course Editor (Collaboration tab), to provide access to viewable group portfolio files.").'
    '; } @@ -936,13 +941,21 @@ sub display_access { 'cancel' => &mt('Return to directory'), }; &close_form($r,$url,$button_text); - } else { + } elsif ($can_viewacl) { $r->print($header); if ($aclcount) { $r->print($info); } &view_access_settings($r,$url,$access_controls{$file_name},$aclcount); + } else { + $r->print($header); + $r->print(&mt('You do not have sufficient privileges to view access controls').'
    '); } + my %anchor_fields = ( + 'currentpath' => $env{'form.currentpath'} + ); + $r->print('
    '.&make_anchor($url, \%anchor_fields, &mt('Return to directory'))); + return; } sub explain_conditionals { @@ -2513,6 +2526,7 @@ sub missing_priv { delete => 'delete files', rename => 'rename files', setacl => 'set access controls for files', + viewacl => 'view access controls for files', ); my $escpath = &HTML::Entities::encode($env{'form.currentpath'},'&<>"'); my $rtnlink = '"$ucgpterm: $grp_desc", - title=>"Go to group's home page"}, + text=>&mt('Group').": $grp_desc", + title=>&mt("Go to group's home page"), + no_mt=>1}, {href=>"/adm/coursegrp_portfolio?".&group_args(), text=>"Group Portfolio", title=>"Display group portfolio"}); my $output = &Apache::lonhtmlcommon::breadcrumbs( - &mt('[_1] portfolio files - [_2]',$gpterm,$grp_desc)); + &mt('Group portfolio files - [_1]',$grp_desc), + undef,undef,undef,undef,1); return $output; } @@ -2666,7 +2682,7 @@ sub handler { $url = $1.$2; $caller = $2; } - my ($can_modify,$can_delete,$can_upload,$can_setacl); + my ($can_modify,$can_delete,$can_upload,$can_setacl,$can_viewacl); if ($caller eq 'coursegrp_portfolio') { # Needs to be in a course if (! ($env{'request.course.fn'})) { @@ -2710,6 +2726,7 @@ sub handler { $can_delete = 1; $can_upload = 1; $can_setacl = 1; + $can_viewacl = 1; } else { if (&Apache::lonnet::allowed('agf',$env{'request.course.id'}.'/'.$group)) { $can_setacl = 1; @@ -2723,6 +2740,9 @@ sub handler { if (&Apache::lonnet::allowed('dgf',$env{'request.course.id'}.'/'.$group)) { $can_delete = 1; } + if (&Apache::lonnet::allowed('rgf',$env{'request.course.id'}.'/'.$group)) { + $can_viewacl = 1; + } } } else { ($uname,$udom) = &get_name_dom(); @@ -2731,7 +2751,11 @@ sub handler { $can_modify = 1; $can_delete = 1; $can_upload = 1; - $can_setacl = 1; + if (&Apache::lonnet::usertools_access('','','portaccess', + undef,'tools')) { + $can_viewacl = 1; + $can_setacl = 1; + } } my $port_path = &get_port_path(); @@ -2767,8 +2791,9 @@ sub handler { } $r->rflush(); # Check if access to portfolio is blocked by one or more blocking events in courses. + my $clientip = &Apache::lonnet::get_requestor_ip($r); my ($blocked,$blocktext) = - &Apache::loncommon::blocking_status('port',$uname,$udom); + &Apache::loncommon::blocking_status('port',$clientip,$uname,$udom); if ($blocked) { my $evade_block; # If portfolio display is in a window popped up from a "Select Portfolio Files" @@ -2911,10 +2936,14 @@ sub handler { } } elsif ($env{'form.access'}) { $env{'form.selectfile'} = $env{'form.access'}; - if (!defined($env{'form.action'})) { + if (!defined($env{'form.action'})) { $env{'form.action'} = 'chgaccess'; } - &display_access($r,$url,$group,$can_setacl,$port_path,$env{'form.action'}); + if (($can_viewacl) || ($can_setacl)) { + &display_access($r,$url,$group,$can_setacl,$can_viewacl,$port_path,$env{'form.action'}); + } else { + &missing_priv($r,$url,'viewacl'); + } } elsif (($env{'form.action'} eq 'chgaccess') || ($env{'form.action'} eq 'chgconditions')) { if ($can_setacl) { @@ -2988,7 +3017,8 @@ sub handler { &display_common($r,$url,$current_path,$is_empty,$dirlistref, $can_upload,$group); &display_directory($r,$url,$current_path,$is_empty,$dirlistref,$group, - $can_upload,$can_modify,$can_delete,$can_setacl); + $can_upload,$can_modify,$can_delete,$can_setacl, + $can_viewacl); } $r->print(&Apache::loncommon::end_page()); return OK;