--- loncom/interface/portfolio.pm 2006/06/22 19:01:30 1.116 +++ loncom/interface/portfolio.pm 2006/06/28 19:52:43 1.124 @@ -49,29 +49,32 @@ sub make_anchor { } my $dirptr=16384; sub display_common { - my ($r,$url,$current_path,$is_empty,$dir_list,$group)=@_; - my $groupitem; + my ($r,$url,$current_path,$is_empty,$dir_list,$group,$can_upload)=@_; my $namespace = &get_namespace($group); my $port_path = &get_port_path($group); - if (defined($group)) { - $groupitem = ''; - } - my $iconpath= $r->dir_config('lonIconsURL') . "/"; - my %text=&Apache::lonlocal::texthash('upload' => 'Upload', + if ($can_upload) { + my $groupitem; + if (defined($group)) { + $groupitem = ''; + } + my $iconpath= $r->dir_config('lonIconsURL') . "/"; + my %text=&Apache::lonlocal::texthash( + 'upload' => 'Upload', 'upload_label' => 'Upload file to current directory:', 'createdir' => 'Create Subdirectory', 'createdir_label' => 'Create subdirectory in current directory:'); - my $escuri = &HTML::Entities::encode($r->uri,'&<>"'); - $r->print(<<"TABLE"); + my $escuri = &HTML::Entities::encode($r->uri,'&<>"'); + $r->print(<<"TABLE"); -
$text{'upload_label'} $groupitem +
+ $groupitem @@ -98,8 +101,9 @@ sub display_common {
TABLE + } my @tree = split (/\//,$current_path); - $r->print(''.&make_anchor($url,$port_path,'/',$env{"form.mode"},$env{"form.fieldname"},$env{"form.continue"},$group).'/'); + $r->print(''.&make_anchor($url,$port_path,'/',$env{"form.mode"},$env{"form.fieldname"},$env{"form.continue"},$group).'/'); if (@tree > 1){ my $newCurrentPath = ''; for (my $i = 1; $i< @tree; $i++){ @@ -107,7 +111,7 @@ TABLE $r->print(&make_anchor($url,$tree[$i],'/'.$newCurrentPath, $env{"form.mode"},$env{"form.fieldname"}, $env{"form.continue"},$group).'/'); } } - $r->print(''); + $r->print(''); &Apache::lonhtmlcommon::store_recent($namespace,$current_path,$current_path); $r->print('
'; $groupecho = '&group='.$group; } + my $current_permissions = &Apache::lonnet::get_portfile_permissions($udom, $uname); my %locked_files = &Apache::lonnet::get_marked_as_readonly_hash( @@ -142,7 +152,7 @@ sub display_directory { $checked_files =&Apache::lonnet::files_in_path($uname,$env{'form.currentpath'}); $select_mode = 'true'; } - if ($is_empty && ($current_path ne '/')) { + if ($is_empty && ($current_path ne '/') && $can_delete) { $display_out = ''.$groupitem. ''. ''. @@ -155,11 +165,11 @@ sub display_directory { } if ($select_mode eq 'true') { $r->print(''); - $r->print(''. + $r->print('
'. ''); } else { $r->print(''); - $r->print('
Select NameSizeLast Modified
'. + $r->print('
'. ''); } if (defined($group)) { @@ -209,7 +219,7 @@ sub display_directory { } my $fullpath = $current_path.$filename; $fullpath = &prepend_group($fullpath,$group); - if ($select_mode eq 'true'){ + if ($select_mode eq 'true') { $line=''; $css_class= 'LC_browser_file_locked'; } else { - my $cat=''.&mt('Catalog Information'). - ''; - $line.=' - '; - } - $r->print(''); - $r->print($line); - } - my $curr_access; - my $pub_access = 0; - my $guest_access = 0; - my $cond_access = 0; - foreach my $key (sort(keys(%{$access_controls{$fullpath}}))) { - my ($num,$scope,$end,$start) = &unpack_acc_key($key); - if (($now > $start) && (!$end || $end > $now)) { - if ($scope eq 'public') { - $pub_access = 1; - } elsif ($scope eq 'guest') { - $guest_access = 1; + if (!$can_modify) { + $line .= ''; } } - if (!$pub_access && !$guest_access && !$cond_access) { - $curr_access = &mt('Private'); - } else { - my @allaccesses; - if ($pub_access) { - push(@allaccesses,&mt('Public')); - } - if ($guest_access) { - push(@allaccesses,&mt('Password-protected')); - } - if ($cond_access) { - push(@allaccesses,&mt('Conditional')); - } - $curr_access = join('+ ',@allaccesses); - } - $r->print(''); - $r->print(''); - $r->print(''); - $r->print(''); - $r->print(''); - $r->print(''); + $r->print(''); + $r->print($line); + my $curr_access; + if ($select_mode ne 'true') { + my $pub_access = 0; + my $guest_access = 0; + my $cond_access = 0; + foreach my $key (sort(keys(%{$access_controls{$fullpath}}))) { + my ($num,$scope,$end,$start) = &unpack_acc_key($key); + if (($now > $start) && (!$end || $end > $now)) { + if ($scope eq 'public') { + $pub_access = 1; + } elsif ($scope eq 'guest') { + $guest_access = 1; + } else { + $cond_access = 1; + } + } + } + if (!$pub_access && !$guest_access && !$cond_access) { + $curr_access = &mt('Private'); + } else { + my @allaccesses; + if ($pub_access) { + push(@allaccesses,&mt('Public')); + } + if ($guest_access) { + push(@allaccesses,&mt('Passphrase-protected')); + } + if ($cond_access) { + push(@allaccesses,&mt('Conditional')); + } + $curr_access = join('+ ',@allaccesses); + } + } + $r->print(''); + $r->print(''); + $r->print(''); + $r->print(''); + if ($select_mode ne 'true') { + $r->print(''.$/); } } } @@ -284,11 +308,15 @@ sub display_directory { '); } else { - $r->print('
Actions NameSizeLast ModifiedCurrent Access Status
Locked - Rename'.$cat.' -
'; } else { - $cond_access = 1; + $line .= ''; } + if ($can_delete) { + $line .= ''; + } + if ($can_modify) { + my $cat=''.&mt('Catalog Information'). + ''; + $line .= 'Rename'; + $line .= ''.$cat.''; + } + $line .= ''. - $filename.''.$size.''.&Apache::lonlocal::locallocaltime($mtime).''.&mt($curr_access).'   '. - ''.&mt('View/Change').'
'. + $filename.''.$size.''.&Apache::lonlocal::locallocaltime($mtime).''. + &mt($curr_access).'   '); + $r->print(''.$access_admin_text.''); + } + $r->print('
+ $r->print(''); + if ($can_delete) { + $r->print(' - '); + ' + ); + } } } @@ -493,28 +521,171 @@ sub rename_confirmed { } sub display_access { - my ($r,$url,$group) = @_; + my ($r,$url,$group,$can_setacl) = @_; my ($uname,$udom) = &get_name_dom($group); my $file_name = $env{'form.currentpath'}.$env{'form.access'}; $file_name = &prepend_group($file_name,$group); my $current_permissions = &Apache::lonnet::get_portfile_permissions($udom, $uname); my %access_controls = &Apache::lonnet::get_access_controls($current_permissions,$group,$file_name); - &open_form($r,$url); - $r->print('

'.&mt('Allowing others to retrieve portfolio file: [_1]',$env{'form.currentpath'}.$env{'form.access'}).'

'."\n"); - $r->print(&mt('Access to this file by others can be set to be one or more of the following types: public, password-protected or conditional.').'
'); - &access_setting_table($r,$access_controls{$file_name}); - my $button_text = { + my $aclcount = keys(%access_controls); + my $header = '

'.&mt('Allowing others to retrieve portfolio file: [_1]',$env{'form.currentpath'}.$env{'form.access'}).'

'; + my $info .= &mt('Access to this file by others can be set to be one or more of the following types: public, passphrase-protected or conditional.').'
'; + if ($can_setacl) { + &open_form($r,$url); + $r->print($header.$info); + &access_setting_table($r,$access_controls{$file_name}); + my $button_text = { 'continue' => &mt('Proceed'), 'cancel' => &mt('Back to directory listing'), }; - &close_form($r,$url,$group,$button_text); + &close_form($r,$url,$group,$button_text); + } else { + $r->print($header); + if ($aclcount) { + $r->print($info); + } + &view_access_settings($r,$url,$group,$access_controls{$file_name}, + $aclcount); + } } +sub view_access_settings { + my ($r,$url,$group,$access_controls,$aclcount) = @_; + my ($showstart,$showend); + my %todisplay; + foreach my $key (sort(keys(%{$access_controls}))) { + my ($num,$scope,$end,$start) = &unpack_acc_key($key); + $todisplay{$scope}{$key} = $$access_controls{$key}; + } + if ($aclcount) { + $r->print(&mt('

Current access controls defined for this file:

')); + $r->print(&Apache::loncommon::start_data_table()); + $r->print(&Apache::loncommon::start_data_table_header_row()); + $r->print(''.&mt('Access control').''.&mt('Dates available'). + ''.&mt('Additional information').''); + $r->print(&Apache::loncommon::end_data_table_header_row()); + my $count = 1; + my $chg = 'none'; + &build_access_summary($r,$count,$chg,%todisplay); + $r->print(&Apache::loncommon::end_data_table()); + } else { + $r->print(&mt('No access control settings currently exist for this file.
' )); + } + my $group_arg; + if ($group) { + $group_arg = '&group='.$group; + } + $r->print('
'.&mt('Return to directory listing').''); + return; +} + +sub build_access_summary { + my ($r,$count,$chg,%todisplay) = @_; + my ($showstart,$showend); + my %scope_desc = ( + public => 'Public', + guest => 'Passphrase-protected', + domains => 'Conditional: domain-based', + users => 'Conditional: user-based', + course => 'Conditional: course-based', + group => 'Conditional: group-based', + ); + my @allscopes = ('public','guest','domains','users','course','group'); + foreach my $scope (@allscopes) { + if ((!(exists($todisplay{$scope}))) || (ref($todisplay{$scope}) ne 'HASH')) { + next; + } + foreach my $key (sort(keys(%{$todisplay{$scope}}))) { + if ($count) { + $r->print(&Apache::loncommon::start_data_table_row()); + } + my ($num,$scope,$end,$start) = &unpack_acc_key($key); + my $content = $todisplay{$scope}{$key}; + if ($chg eq 'delete') { + $showstart = &mt('Deleted'); + $showend = $showstart; + } else { + $showstart = localtime($start); + if ($end == 0) { + $showend = &mt('No end date'); + } else { + $showend = localtime($end); + } + } + $r->print(''.&mt($scope_desc{$scope})); + if (($scope eq 'course') || ($scope eq 'group')) { + if ($chg ne 'delete') { + my $cid = $content->{'domain'}.'_'.$content->{'number'}; + my %course_description = &Apache::lonnet::coursedescription($cid); + $r->print('
('.$course_description{'description'}.')'); + } + } + $r->print(''.&mt('Start: ').$showstart. + '
'.&mt('End: ').$showend.''); + if ($chg ne 'delete') { + if ($scope eq 'guest') { + $r->print(&mt('Passphrase').': '.$content->{'password'}); + } elsif ($scope eq 'course' || $scope eq 'group') { + $r->print(''); + $r->print(''); + if ($scope eq 'course') { + $r->print(''); + } else { + $r->print(''); + } + $r->print(''); + foreach my $id (sort(keys(%{$content->{'roles'}}))) { + $r->print(''); + foreach my $item ('role','access','section','group') { + $r->print(''); + } + $r->print("
'.&mt('Roles').''. + &mt('Access').''. + &mt('Sections').''.&mt('Groups').''.&mt('Teams').'
'); + if ($item eq 'role') { + my $ucscope = $scope; + $ucscope =~ s/^(\w)/uc($1)/e; + my $role_output; + foreach my $role (@{$content->{'roles'}{$id}{$item}}) { + if ($role eq 'all') { + $role_output .= $role.','; + } elsif ($role =~ /^cr/) { + $role_output .= (split('/',$role))[3].','; + } else { + $role_output .= &Apache::lonnet::plaintext($role,$ucscope).','; + } + } + $role_output =~ s/,$//; + $r->print($role_output); + } else { + $r->print(join(',',@{$content->{'roles'}{$id}{$item}})); + } + $r->print('
"); + } + $r->print(""); + } elsif ($scope eq 'domains') { + $r->print(&mt('Domains: ').join(',',@{$content->{'dom'}})); + } elsif ($scope eq 'users') { + my $curr_user_list = &sort_users($content->{'users'}); + $r->print(&mt('Users: ').$curr_user_list); + } else { + $r->print(' '); + } + } else { + $r->print(' '); + } + $r->print(''); + $r->print(&Apache::loncommon::end_data_table_row()); + $count ++; + } + } +} + + sub update_access { my ($r,$url,$group) = @_; - my $function = &Apache::loncommon::get_users_function(); - my $tablecolor = &Apache::loncommon::designparm($function.'.tabbg'); my $totalprocessed = 0; my %processing; my %title = ( @@ -579,94 +750,16 @@ sub update_access { $r->print(''.&mt($title{$chg}). '.'); my $count = 0; + my %todisplay; foreach my $key (sort(keys(%{$$changes{$chg}}))) { - if ($count) { - $r->print(&Apache::loncommon::start_data_table_row()); - } - my ($num,$scope,$end,$start) = &unpack_acc_key($key); + my ($num,$scope,$end,$start) = &unpack_acc_key($key); my $newkey = $key; if ($chg eq 'activate') { $newkey =~ s/^(\d+)/$$translation{$1}/; } - my $content = $$updated_controls{$newkey}; - if ($chg eq 'delete') { - $showstart = &mt('Deleted'); - $showend = $showstart; - } else { - $showstart = localtime($start); - if ($end == 0) { - $showend = &mt('No end date'); - } else { - $showend = localtime($end); - } - } - $r->print(''.&mt($scope)); - if (($scope eq 'course') || ($scope eq 'group')) { - if ($chg ne 'delete') { - my $cid = $content->{'domain'}.'_'.$content->{'number'}; - my %course_description = &Apache::lonnet::coursedescription($cid); - $r->print('
('.$course_description{'description'}.')'); - } - } - $r->print(''.&mt('Start: ').$showstart. - '
'.&mt('End: ').$showend.''); - if ($chg ne 'delete') { - if ($scope eq 'guest') { - $r->print(&mt('Password').': '.$content->{'password'}); - } elsif ($scope eq 'course' || $scope eq 'group') { - $r->print(''); - $r->print(''); - if ($scope eq 'course') { - $r->print(''); - } else { - $r->print(''); - } - $r->print(''); - foreach my $id (sort(keys(%{$content->{'roles'}}))) { - $r->print(''); - foreach my $item ('role','access','section','group') { - $r->print(''); - } - } - $r->print(&Apache::loncommon::end_data_table_row()); - $r->print(&Apache::loncommon::end_data_table()); - } elsif ($scope eq 'domains') { - $r->print(&mt('Domains: ').join(',',@{$content->{'dom'}})); - } elsif ($scope eq 'users') { - my $curr_user_list = &sort_users($content->{'users'}); - $r->print(&mt('Users: ').$curr_user_list); - } else { - $r->print(' '); - } - } else { - $r->print(' '); - } - $r->print(''); - $r->print(&Apache::loncommon::end_data_table_row()); - $count ++; + $todisplay{$scope}{$newkey} = $$updated_controls{$newkey}; } + &build_access_summary($r,$count,$chg,%todisplay); } } $r->print(&Apache::loncommon::end_data_table()); @@ -708,8 +801,12 @@ sub update_access { } &close_form($r,$url,$group); } else { + my $group_arg; + if ($group) { + $group_arg = '&group='.$group; + } $r->print('
'. + '&currentpath='.$env{'form.currentpath'}.$group_arg.'">'. &mt('Display all access settings for this file').''); } return; @@ -860,11 +957,11 @@ sub access_setting_table { $r->print(&Apache::loncommon::end_data_table_row()); $r->print(&Apache::loncommon::end_data_table()); $r->print(''); + ''); $r->print(&Apache::loncommon::end_data_table_header_row()); $r->print(&Apache::loncommon::start_data_table_row()); my $passwd; @@ -937,7 +1034,6 @@ sub display_access_row { my ($r,$status,$type,$items,$access_controls,$now,$then) = @_; if (@{$items} > 0) { my @all_doms; - my $tablecolor; my $colspan = 3; my $uctype = $type; $uctype =~ s/^(\w)/uc($1)/e; @@ -949,25 +1045,22 @@ sub display_access_row { $r->print(''); $colspan ++; - my $function = &Apache::loncommon::get_users_function(); - $tablecolor=&Apache::loncommon::designparm($function.'.tabbg'); } elsif ($type eq 'domains') { @all_doms = &Apache::loncommon::get_domains(); } $r->print(&Apache::loncommon::end_data_table_header_row()); - $r->print(&Apache::loncommon::start_data_table_row()); foreach my $key (@{$items}) { + $r->print(&Apache::loncommon::start_data_table_row()); if (($type eq 'course') || ($type eq 'group')) { - &course_row($r,$status,$type,$key,$access_controls, - $tablecolor,$now,$then); + &course_row($r,$status,$type,$key,$access_controls,$now,$then); } elsif ($type eq 'domains') { &domains_row($r,$status,$key,\@all_doms,$access_controls,$now, $then); } elsif ($type eq 'users') { &users_row($r,$status,$key,$access_controls,$now,$then); } + $r->print(&Apache::loncommon::end_data_table_row()); } - $r->print(&Apache::loncommon::end_data_table_row()); if ($status eq 'old') { $r->print(&Apache::loncommon::start_data_table_row()); $r->print(''); @@ -1047,12 +1142,10 @@ sub course_row { my %course_description = &Apache::lonnet::coursedescription($cid); $r->print(''); } elsif ($status eq 'new') { - my $uctype = $type; - $uctype =~ s/^(\w)/uc($1)/e; $r->print(''); } $r->print(''); - $r->print(''); } elsif ($status eq 'new') { my $role_id = 1; my $role_selects = &role_selectors($num,$role_id,$status,$type,undef,'display'); @@ -1192,8 +1285,10 @@ sub role_selectors { $cdom = $env{'form.cdom'}; $cnum = $env{'form.cnum'}; } + my $uctype = $type; + $uctype =~ s/^(\w)/uc($1)/e; my ($sections,$groups,$allroles,$rolehash,$accesshash) = - &Apache::loncommon::get_secgrprole_info($cdom,$cnum,1,$type); + &Apache::loncommon::get_secgrprole_info($cdom,$cnum,1,$uctype); if (!@{$sections}) { @{$sections} = ('none'); } else { @@ -1251,6 +1346,10 @@ sub role_options_window { my $cnum = $env{'form.cnum'}; my $type = $env{'form.type'}; my $addindex = $env{'form.setroles'}; + my $grouptitle = 'Groups'; + if ($type eq 'Group') { + $grouptitle = 'Teams'; + } my $role_selects = &role_selectors(1,1,'new',$type,undef,'rolepicker'); $r->print(<<"END_SCRIPT"); END_SCRIPT $r->print(&mt('Select roles, course status, section(s) and group(s) for users who will be able to access the portfolio file.')); - $r->print('
'.&mt('Roles').''. - &mt('Access').''. - &mt('Sections').''.&mt('Groups').''.&mt('Teams').'
'); - if ($item eq 'role') { - my $ucscope = $scope; - $ucscope =~ s/^(\w)/uc($1)/; - my $role_output; - foreach my $role (@{$content->{'roles'}{$id}{$item}}) { - if ($role eq 'all') { - $role_output .= $role.','; - } elsif ($role =~ /^cr/) { - $role_output .= (split('/',$role))[3].','; - } else { - $role_output .= &Apache::lonnet::plaintext($role,$ucscope).','; - } - } - $role_output =~ s/,$//; - $r->print($role_output); - } else { - $r->print(join(',',@{$content->{'roles'}{$id}{$item}})); - } - $r->print(' '); - $r->print('

'.&mt('Password-protected access:').' '.$guesttext.'

'); + $r->print('

'.&mt('Passphrase-protected access:').' '.$guesttext.'

'); $r->print(&Apache::loncommon::start_data_table()); $r->print(&Apache::loncommon::start_data_table_header_row()); $r->print('		'.&mt('Action').''.&mt('Dates available'). - ''. &mt('Password').''. &mt('Passphrase').''.&mt('Allowed [_1] member affiliations',$type). ''.&additional_item($type). @@ -1026,7 +1119,7 @@ function getIndex(name,value) { } sub course_row { - my ($r,$status,$type,$item,$access_controls,$tablecolor,$now,$then) = @_; + my ($r,$status,$type,$item,$access_controls,$now,$then) = @_; my $content; my $defdom = $env{'user.domain'}; if ($status eq 'old') { @@ -1039,6 +1132,8 @@ sub course_row { if ($type eq 'group') { $crsgrptext = 'Teams'; } + my $uctype = $type; + $uctype =~ s/^(\w)/uc($1)/e; my ($num,$scope,$end,$start) = &set_identifiers($status,$item,$now,$then, $type); $r->print(''.$js.&actionbox($status,$num,$scope).''.$course_description{'description'}.''.&Apache::loncommon::selectcourse_link('portform','crsnum_'.$num,'crsdom_'.$num,'description_'.$num,undef,undef,$uctype).'  '.&dateboxes($num,$start,$end).''); + $r->print(''); + $r->print('
'); $r->print(''); @@ -1066,7 +1159,7 @@ sub course_row { my $role_selects = &role_selectors($num,$role_id,$status,$type,$content,'display'); $r->print(''.$role_selects.''); } - $r->print('
'.&mt('Action').''.&mt('Roles').''. &mt('Access').''.&mt('Sections').''. &mt($crsgrptext).'


'.&mt('Add a roles-based condition').' {'domain'}','$content->{'number'}','Course'".')" value="'.$max_id.'" />

'.&mt('Add a roles-based condition').' {'domain'}','$content->{'number'}','$uctype'".')" value="'.$max_id.'" />
'.$role_selects.'
'.&mt('Roles').''.&mt('[_1] status',$type).''.&mt('Sections').''.&mt('Groups').'

'); + $r->print(''.$role_selects.'
'.&mt('Roles').''.&mt('[_1] status',$type).''.&mt('Sections').''.&mt($grouptitle).'

'); return; } @@ -1485,7 +1584,7 @@ sub get_name_dom { sub prepend_group { my ($filename,$group) = @_; if (defined($group)) { - $filename = $group.'/'.$filename; + $filename = $group.$filename; } return $filename; } @@ -1511,6 +1610,37 @@ sub get_port_path { return $port_path; } +sub missing_priv { + my ($r,$url,$priv,$group) = @_; + my $longtext = { + upload => 'upload files', + delete => 'delete files', + rename => 'rename files', + setacl => 'set access controls for files', + }; + my $escpath = &HTML::Entities::encode($env{'form.currentpath'},'&<>"'); + my $rtnlink = 'print(&mt('in this portfolio.')); + } + $rtnlink .= '">'.&mt('Return to directory listing page').''; + $r->print('
'.$rtnlink); + $r->print(&Apache::loncommon::end_page()); + return; +} + sub handler { # this handles file management my $r = shift; @@ -1523,6 +1653,7 @@ sub handler { $url = $1.$2; $caller = $2; } + my ($can_modify,$can_delete,$can_upload,$can_setacl); if ($caller eq 'coursegrp_portfolio') { # Needs to be in a course if (! ($env{'request.course.fn'})) { @@ -1558,10 +1689,26 @@ sub handler { $earlyout = 1; } if ($earlyout) { return OK; } + if (&Apache::lonnet::allowed('agf',$env{'request.course.id'}.'/'.$group)) { + $can_setacl = 1; + } + if (&Apache::lonnet::allowed('ugf',$env{'request.course.id'}.'/'.$group)) { + $can_upload = 1; + } + if (&Apache::lonnet::allowed('mgf',$env{'request.course.id'}.'/'.$group)) { + $can_modify = 1; + } + if (&Apache::lonnet::allowed('dgf',$env{'request.course.id'}.'/'.$group)) { + $can_delete = 1; + } } else { ($uname,$udom) = &get_name_dom(); $portfolio_root = &get_portfolio_root(); $title = &mt('Portfolio Manager'); + $can_modify = 1; + $can_delete = 1; + $can_upload = 1; + $can_setacl = 1; } &Apache::loncommon::no_cache($r); @@ -1595,31 +1742,71 @@ sub handler { } if ($env{'form.uploaddoc.filename'}) { - &upload($r,$url,$group); + if ($can_upload) { + &upload($r,$url,$group); + } else { + &missing_priv($r,$url,'upload',$group), + } } elsif ($env{'form.action'} eq 'delete' && $env{'form.confirmed'}) { - &delete_confirmed($r,$url,$group); + if ($can_delete) { + &delete_confirmed($r,$url,$group); + } else { + &missing_priv($r,$url,'delete',$group); + } } elsif ($env{'form.action'} eq 'delete') { - &delete($r,$url,$group); + if ($can_delete) { + &delete($r,$url,$group); + } else { + &missing_priv($r,$url,'delete',$group); + } } elsif ($env{'form.action'} eq 'deletedir' && $env{'form.confirmed'}) { - &delete_dir_confirmed($r,$url,$group); - } elsif ($env{'form.action'} eq 'deletedir'){ - &delete_dir($r,$url,$group); + if ($can_delete) { + &delete_dir_confirmed($r,$url,$group); + } else { + &missing_priv($r,$url,'delete',$group); + } + } elsif ($env{'form.action'} eq 'deletedir') { + if ($can_delete) { + &delete_dir($r,$url,$group); + } else { + &missing_priv($r,$url,'delete',$group); + } } elsif ($env{'form.action'} eq 'rename' && $env{'form.confirmed'}) { - &rename_confirmed($r,$url,$group); + if ($can_modify) { + &rename_confirmed($r,$url,$group); + } else { + &missing_priv($r,$url,'rename',$group); + } } elsif ($env{'form.rename'}) { $env{'form.selectfile'} = $env{'form.rename'}; $env{'form.action'} = 'rename'; - &rename($r,$url,$group); + if ($can_modify) { + &rename($r,$url,$group); + } else { + &missing_priv($r,$url,'rename',$group); + } } elsif ($env{'form.access'}) { $env{'form.selectfile'} = $env{'form.access'}; $env{'form.action'} = 'chgaccess'; - &display_access($r,$url,$group); + &display_access($r,$url,$group,$can_setacl); } elsif ($env{'form.action'} eq 'chgaccess') { - &update_access($r,$url,$group); + if ($can_setacl) { + &update_access($r,$url,$group); + } else { + &missing_priv($r,$url,'setacl',$group); + } } elsif ($env{'form.action'} eq 'rolepicker') { - &role_options_window($r); + if ($can_setacl) { + &role_options_window($r); + } else { + &missing_priv($r,$url,'setacl',$group); + } } elsif ($env{'form.createdir'}) { - &createdir($r,$url,$group); + if ($can_upload) { + &createdir($r,$url,$group); + } else { + &missing_priv($r,$url,'upload',$group); + } } elsif ($env{'form.lockinfo'}) { &lock_info($r,$url,$group); } else { @@ -1648,11 +1835,14 @@ sub handler { } # need to know if directory is empty so it can be removed if desired my $is_empty=(@dir_list == 2); - &display_common($r,$url,$current_path,$is_empty,\@dir_list,$group); - &display_directory($r,$url,$current_path,$is_empty,\@dir_list,$group); + &display_common($r,$url,$current_path,$is_empty,\@dir_list,$group, + $can_upload); + &display_directory($r,$url,$current_path,$is_empty,\@dir_list,$group, + $can_upload,$can_modify,$can_delete,$can_setacl); $r->print(&Apache::loncommon::end_page()); } return OK; } + 1; __END__