--- loncom/interface/spreadsheet/lonspreadsheet.pm 2010/12/02 00:53:46 1.57
+++ loncom/interface/spreadsheet/lonspreadsheet.pm 2020/09/08 04:39:15 1.61.6.2.2.1
@@ -1,5 +1,5 @@
#
-# $Id: lonspreadsheet.pm,v 1.57 2010/12/02 00:53:46 www Exp $
+# $Id: lonspreadsheet.pm,v 1.61.6.2.2.1 2020/09/08 04:39:15 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -64,6 +64,7 @@ use Apache::lonnet;
use Apache::lonhtmlcommon;
use Apache::lonlocal;
use Apache::loncoursedata();
+use Apache::lonquickgrades();
use HTML::Entities();
##
@@ -106,10 +107,13 @@ sub file_dialogs {
$spreadsheet->filename($env{'form.savefilename'});
my $save_status = $spreadsheet->save();
if ($save_status ne 'ok') {
- $message .= "An error occurred while saving the spreadsheet".
- "There error is:".$save_status;
+ $message .= ''.
+ &mt('An error occurred while saving the spreadsheet. The error is: [_1].',
+ $save_status).'';
} else {
- $message .= "Spreadsheet saved as ".$spreadsheet->filename();
+ $message .= ''.&mt('Spreadsheet saved as: [_1] .',
+ ''.$spreadsheet->filename().'').
+ '';
}
} elsif (exists($env{'form.newformula'}) &&
exists($env{'form.cell'}) &&
@@ -217,15 +221,61 @@ sub handler {
$r->uri.":opa:0:0:Cannot modify spreadsheet";
return HTTP_NOT_ACCEPTABLE;
}
+ my ($sheettype) = ($r->uri=~/\/(\w+)$/);
my $courseid = $env{'request.course.id'};
+
+ ##
+ ## Check permissions
+ my $allowed_to_edit = &Apache::lonnet::allowed('mgr',
+ $env{'request.course.id'});
+ # Only those instructors/tas/whatevers with complete access
+ # (not section restricted) are able to modify spreadsheets.
+ my $allowed_to_view = &Apache::lonnet::allowed('vgr',
+ $env{'request.course.id'});
+ if (! $allowed_to_view) {
+ $allowed_to_view = &Apache::lonnet::allowed('vgr',
+ $env{'request.course.id'}.'/'.$env{'request.course.sec'});
+ # Those who are restricted by section are allowed to view.
+ # The routines in lonstatistics which decide which students'
+ # will be shown take care of the restriction by section.
+ }
+
#
- # Do not allow students to continue if standard or external grading is in
- # effect.
+ # Check if display of course gradebook is blocked
#
- if ($env{'request.role'} =~ /^st\./) {
- if ($env{'course.'.$courseid.'.grading'} eq 'standard' ||
- $env{'course.'.$courseid.'.grading'} eq 'external' ) {
- return HTTP_NOT_ACCEPTABLE;
+
+ if ($env{'request.course.id'}) {
+ my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+ my ($blocked,$blocktext) =
+ &Apache::loncommon::blocking_status('grades',$cnum,$cdom);
+ if ($blocked) {
+ my $checkrole = "cm./$cdom/$cnum";
+ if ($env{'request.course.sec'} ne '') {
+ $checkrole .= "/$env{'request.course.sec'}";
+ }
+ unless ((&Apache::lonnet::allowed('evb',undef,undef,$checkrole)) &&
+ ($env{'request.role'} !~ m{^st\./$cdom/$cnum})) {
+ &Apache::lonquickgrades::grades_blocked($r,$blocktext,'spreadsheet');
+ return OK;
+ }
+ }
+ }
+
+ #
+ # Do not allow users without vgr or mgr priv to continue unless
+ # grading type is set to spreadsheet.
+ #
+
+ if ((!$allowed_to_view) && (!$allowed_to_edit)) {
+ if ($env{'course.'.$courseid.'.grading'} eq 'spreadsheet') {
+ if ($sheettype ne 'studentcalc') {
+ $r->internal_redirect('/adm/studentcalc');
+ return OK;
+ }
+ } else {
+ $r->internal_redirect('/adm/quickgrades');
+ return OK;
}
}
#
@@ -243,15 +293,26 @@ sub handler {
}
#
# Determine basic information about the spreadsheet
- my ($sheettype) = ($r->uri=~/\/(\w+)$/);
#
my $symb = undef;
$symb = $env{'form.usymb'} if (exists($env{'form.usymb'}));
my $name = $env{'user.name'};
my $domain = $env{'user.domain'};
+ my $warning;
if (exists($env{'form.sname'}) && $env{'form.sname'} ne '') {
- $name = $env{'form.sname'};
- $domain = $env{'form.sdomain'};
+ if (($env{'form.sname'} ne $env{'user.name'}) ||
+ ($env{'form.sdomain'} ne $env{'user.domain'})) {
+ if (($allowed_to_view) || ($allowed_to_edit)) {
+ if (&Apache::lonnet::homeserver($env{'form.sname'},$env{'form.sdomain'}) ne 'no_host') {
+ $name = $env{'form.sname'};
+ $domain = $env{'form.sdomain'};
+ } else {
+ $warning = &mt('Requested user: "[_1]" does not exist; your own sheet is displayed instead.',$env{'form.sname'}.':'.$env{'form.sdomain'});
+ }
+ } else {
+ $warning = &mt('Your current role is not permitted to display this sheet for the requested user: "[_1]"; your own sheet is displayed instead.',$env{'form.sname'}.':'.$env{'form.sdomain'});
+ }
+ }
}
$env{'form.sname'} = $name;
$env{'form.sdomain'} = $domain;
@@ -266,29 +327,13 @@ sub handler {
$env{'request.course.id'});
}
- ##
- ## Check permissions
- my $allowed_to_edit = &Apache::lonnet::allowed('mgr',
- $env{'request.course.id'});
- # Only those instructors/tas/whatevers with complete access
- # (not section restricted) are able to modify spreadsheets.
- my $allowed_to_view = &Apache::lonnet::allowed('vgr',
- $env{'request.course.id'});
- if (! $allowed_to_view) {
- $allowed_to_view = &Apache::lonnet::allowed('vgr',
- $env{'request.course.id'}.'/'.$env{'request.course.sec'});
- # Those who are restricted by section are allowed to view.
- # The routines in lonstatistics which decide which students'
- # will be shown take care of the restriction by section.
- }
#
# Only those able to view others grades will be allowed to continue
# if they are not requesting their own.
if ($sheettype eq 'classcalc') {
- if (! $allowed_to_view) {
- $env{'user.error.msg'}=
- $r->uri.":vgr:0:0:Access Permission Denied";
- return HTTP_NOT_ACCEPTABLE;
+ if (!$allowed_to_view) {
+ $r->internal_redirect('/adm/studentcalc');
+ return OK;
}
}
if ((($name ne $env{'user.name'} ) ||
@@ -322,10 +367,10 @@ sub handler {
##
my $js;
if ($allowed_to_edit) {
- my %lt=(
+ my %lt=&Apache::lonlocal::texthash(
'ce' => 'Cell',
- 'ac' => 'Accept',
- 'dc' => 'Discard Changes'
+ 'ac' => 'Save',
+ 'dc' => 'Cancel'
);
my $extra_javascript =
&Apache::loncommon::browser_and_searcher_javascript();
@@ -354,14 +399,14 @@ sub handler {
// cellformula may contain less-than and greater-than symbols, so
// we need to escape them?
edit_text +='$cell_edit_start';
- edit_text += '