version 1.2, 2003/05/19 14:06:18
|
version 1.3, 2003/05/19 15:53:07
|
Line 149 sub handler {
|
Line 149 sub handler {
|
$r->header_out('Cache-control','no-cache'); |
$r->header_out('Cache-control','no-cache'); |
$r->header_out('Pragma','no-cache'); |
$r->header_out('Pragma','no-cache'); |
$r->send_http_header; |
$r->send_http_header; |
|
## |
|
## Check permissions |
|
my $allowed_to_edit = &Apache::lonnet::allowed('mgr', |
|
$ENV{'request.course.id'}); |
|
my $allowed_to_view = &Apache::lonnet::allowed('vgr', |
|
$ENV{'request.course.id'}); |
# |
# |
# Check user permissions - only those able to view others grades |
# Only those able to view others grades will be allowed to continue |
# will be allowed to continue if they are not requesting their own. |
# if they are not requesting their own. |
if (($sheettype eq 'classcalc') || |
if (($sheettype eq 'classcalc') || |
($name ne $ENV{'user.name'} ) || |
($name ne $ENV{'user.name'} ) || |
($domain ne $ENV{'user.domain'})) { |
($domain ne $ENV{'user.domain'})) { |
if (! &Apache::lonnet::allowed('vgr',$ENV{'request.course.id'})) { |
if (! $allowed_to_view) { |
$r->print('<h1>Access Permission Denied</h1>'. |
$r->print('<h1>Access Permission Denied</h1>'. |
'</form></body></html>'); |
'</form></body></html>'); |
return OK; |
return OK; |
Line 216 ENDSCRIPT
|
Line 222 ENDSCRIPT
|
&hiddenfield('usymb' ,$ENV{'form.usymb'})); |
&hiddenfield('usymb' ,$ENV{'form.usymb'})); |
$r->rflush(); |
$r->rflush(); |
## |
## |
## Check permissions |
|
my $editing_is_allowed = &Apache::lonnet::allowed('mgr', |
|
$ENV{'request.course.id'}); |
|
## |
|
## Determine the filename to use |
## Determine the filename to use |
my $filename = undef; |
my $filename = undef; |
if ($editing_is_allowed) { |
if ($allowed_to_edit) { |
$filename = $ENV{'form.filename'} if (exists($ENV{'form.filename'})); |
$filename = $ENV{'form.filename'} if (exists($ENV{'form.filename'})); |
# |
# |
if (exists($ENV{'form.load'}) && exists($ENV{'form.loadfilename'})) { |
if (exists($ENV{'form.load'}) && exists($ENV{'form.loadfilename'})) { |
Line 239 ENDSCRIPT
|
Line 241 ENDSCRIPT
|
$spreadsheet = Apache::studentcalc->new($name,$domain,$filename,undef); |
$spreadsheet = Apache::studentcalc->new($name,$domain,$filename,undef); |
} elsif ($sheettype eq 'assesscalc' && |
} elsif ($sheettype eq 'assesscalc' && |
defined($symb) && |
defined($symb) && |
$editing_is_allowed) { |
$allowed_to_edit) { |
$spreadsheet = Apache::assesscalc->new($name,$domain,$filename,$symb); |
$spreadsheet = Apache::assesscalc->new($name,$domain,$filename,$symb); |
} else { |
} else { |
return HTTP_NOT_ACCEPTABLE; |
return HTTP_NOT_ACCEPTABLE; |
Line 250 ENDSCRIPT
|
Line 252 ENDSCRIPT
|
} |
} |
## |
## |
## Editing/loading/saving |
## Editing/loading/saving |
if ($editing_is_allowed) { |
if ($allowed_to_edit) { |
## |
## |
## Deal with saving the spreadsheet |
## Deal with saving the spreadsheet |
if (exists($ENV{'form.save'}) && |
if (exists($ENV{'form.save'}) && |
Line 322 END
|
Line 324 END
|
$r->print(&hiddenfield('filename',$filename)); |
$r->print(&hiddenfield('filename',$filename)); |
# |
# |
$r->print($spreadsheet->get_title()); |
$r->print($spreadsheet->get_title()); |
$r->print($spreadsheet->parent_link()); |
if ($allowed_to_view || $allowed_to_edit) { |
if (defined($spreadsheet)) { |
$r->print($spreadsheet->parent_link()); |
$spreadsheet->display($r); |
|
} |
} |
|
$spreadsheet->display($r); |
$r->print('</form></body></html>'); |
$r->print('</form></body></html>'); |
return OK; |
return OK; |
} |
} |