--- loncom/interface/spreadsheet/lonspreadsheet.pm 2003/05/16 20:55:11 1.1 +++ loncom/interface/spreadsheet/lonspreadsheet.pm 2003/05/19 15:53:07 1.3 @@ -1,5 +1,5 @@ # -# $Id: lonspreadsheet.pm,v 1.1 2003/05/16 20:55:11 matthew Exp $ +# $Id: lonspreadsheet.pm,v 1.3 2003/05/19 15:53:07 matthew Exp $ # # Copyright Michigan State University Board of Trustees # @@ -149,13 +149,19 @@ sub handler { $r->header_out('Cache-control','no-cache'); $r->header_out('Pragma','no-cache'); $r->send_http_header; + ## + ## Check permissions + my $allowed_to_edit = &Apache::lonnet::allowed('mgr', + $ENV{'request.course.id'}); + my $allowed_to_view = &Apache::lonnet::allowed('vgr', + $ENV{'request.course.id'}); # - # Check user permissions - only those able to view others grades - # will be allowed to continue if they are not requesting their own. + # Only those able to view others grades will be allowed to continue + # if they are not requesting their own. if (($sheettype eq 'classcalc') || ($name ne $ENV{'user.name'} ) || ($domain ne $ENV{'user.domain'})) { - if (! &Apache::lonnet::allowed('vgr',$ENV{'request.course.id'})) { + if (! $allowed_to_view) { $r->print('