--- loncom/interface/spreadsheet/lonspreadsheet.pm 2003/06/18 19:44:22 1.11 +++ loncom/interface/spreadsheet/lonspreadsheet.pm 2003/06/20 17:24:04 1.15 @@ -1,5 +1,5 @@ # -# $Id: lonspreadsheet.pm,v 1.11 2003/06/18 19:44:22 matthew Exp $ +# $Id: lonspreadsheet.pm,v 1.15 2003/06/20 17:24:04 matthew Exp $ # # Copyright Michigan State University Board of Trustees # @@ -238,32 +238,53 @@ sub handler { $name = $ENV{'form.sname'}; $domain = $ENV{'form.sdomain'}; } - # - # Open page, try to prevent browser cache. - # - $r->content_type('text/html'); - $r->header_out('Cache-control','no-cache'); - $r->header_out('Pragma','no-cache'); - $r->send_http_header; ## ## Check permissions my $allowed_to_edit = &Apache::lonnet::allowed('mgr', $ENV{'request.course.id'}); + # Only those instructors/tas/whatevers with complete access + # (not section restricted) are able to modify spreadsheets. my $allowed_to_view = &Apache::lonnet::allowed('vgr', $ENV{'request.course.id'}); - + if (! $allowed_to_view) { + $allowed_to_view = &Apache::lonnet::allowed('vgr', + $ENV{'request.course.id'}.'/'.$ENV{'request.course.sec'}); + # Those who are restricted by section are allowed to view. + # The routines in lonstatistics which decide which students' + # will be shown take care of the restriction by section. + } # # Only those able to view others grades will be allowed to continue # if they are not requesting their own. - if (($sheettype eq 'classcalc') || - ($name ne $ENV{'user.name'} ) || - ($domain ne $ENV{'user.domain'})) { + if ($sheettype eq 'classcalc') { if (! $allowed_to_view) { - $r->print('