--- loncom/interface/spreadsheet/lonspreadsheet.pm 2010/12/02 00:53:46 1.57 +++ loncom/interface/spreadsheet/lonspreadsheet.pm 2013/07/15 14:33:06 1.64 @@ -1,5 +1,5 @@ # -# $Id: lonspreadsheet.pm,v 1.57 2010/12/02 00:53:46 www Exp $ +# $Id: lonspreadsheet.pm,v 1.64 2013/07/15 14:33:06 bisitz Exp $ # # Copyright Michigan State University Board of Trustees # @@ -64,6 +64,7 @@ use Apache::lonnet; use Apache::lonhtmlcommon; use Apache::lonlocal; use Apache::loncoursedata(); +use Apache::lonquickgrades(); use HTML::Entities(); ## @@ -106,10 +107,13 @@ sub file_dialogs { $spreadsheet->filename($env{'form.savefilename'}); my $save_status = $spreadsheet->save(); if ($save_status ne 'ok') { - $message .= "An error occurred while saving the spreadsheet". - "There error is:".$save_status; + $message .= ''. + &mt('An error occurred while saving the spreadsheet. The error is: [_1].', + $save_status).''; } else { - $message .= "Spreadsheet saved as ".$spreadsheet->filename(); + $message .= ''.&mt('Spreadsheet saved as: [_1] .', + ''.$spreadsheet->filename().''). + ''; } } elsif (exists($env{'form.newformula'}) && exists($env{'form.cell'}) && @@ -217,15 +221,39 @@ sub handler { $r->uri.":opa:0:0:Cannot modify spreadsheet"; return HTTP_NOT_ACCEPTABLE; } + my ($sheettype) = ($r->uri=~/\/(\w+)$/); my $courseid = $env{'request.course.id'}; + + ## + ## Check permissions + my $allowed_to_edit = &Apache::lonnet::allowed('mgr', + $env{'request.course.id'}); + # Only those instructors/tas/whatevers with complete access + # (not section restricted) are able to modify spreadsheets. + my $allowed_to_view = &Apache::lonnet::allowed('vgr', + $env{'request.course.id'}); + if (! $allowed_to_view) { + $allowed_to_view = &Apache::lonnet::allowed('vgr', + $env{'request.course.id'}.'/'.$env{'request.course.sec'}); + # Those who are restricted by section are allowed to view. + # The routines in lonstatistics which decide which students' + # will be shown take care of the restriction by section. + } + # - # Do not allow students to continue if standard or external grading is in - # effect. + # Do not allow users without vgr or mgr priv to continue unless + # grading type is set to spreadsheet. # - if ($env{'request.role'} =~ /^st\./) { - if ($env{'course.'.$courseid.'.grading'} eq 'standard' || - $env{'course.'.$courseid.'.grading'} eq 'external' ) { - return HTTP_NOT_ACCEPTABLE; + + if ((!$allowed_to_view) && (!$allowed_to_edit)) { + if ($env{'course.'.$courseid.'.grading'} eq 'spreadsheet') { + if ($sheettype ne 'studentcalc') { + $r->internal_redirect('/adm/studentcalc'); + return OK; + } + } else { + $r->internal_redirect('/adm/quickgrades'); + return OK; } } # @@ -243,15 +271,26 @@ sub handler { } # # Determine basic information about the spreadsheet - my ($sheettype) = ($r->uri=~/\/(\w+)$/); # my $symb = undef; $symb = $env{'form.usymb'} if (exists($env{'form.usymb'})); my $name = $env{'user.name'}; my $domain = $env{'user.domain'}; + my $warning; if (exists($env{'form.sname'}) && $env{'form.sname'} ne '') { - $name = $env{'form.sname'}; - $domain = $env{'form.sdomain'}; + if (($env{'form.sname'} ne $env{'user.name'}) || + ($env{'form.sdomain'} ne $env{'user.domain'})) { + if (($allowed_to_view) || ($allowed_to_edit)) { + if (&Apache::lonnet::homeserver($env{'form.sname'},$env{'form.sdomain'}) ne 'no_host') { + $name = $env{'form.sname'}; + $domain = $env{'form.sdomain'}; + } else { + $warning = &mt('Requested user: "[_1]" does not exist; your own sheet is displayed instead.',$env{'form.sname'}.':'.$env{'form.sdomain'}); + } + } else { + $warning = &mt('Your current role is not permitted to display this sheet for the requested user: "[_1]"; your own sheet is displayed instead.',$env{'form.sname'}.':'.$env{'form.sdomain'}); + } + } } $env{'form.sname'} = $name; $env{'form.sdomain'} = $domain; @@ -266,29 +305,13 @@ sub handler { $env{'request.course.id'}); } - ## - ## Check permissions - my $allowed_to_edit = &Apache::lonnet::allowed('mgr', - $env{'request.course.id'}); - # Only those instructors/tas/whatevers with complete access - # (not section restricted) are able to modify spreadsheets. - my $allowed_to_view = &Apache::lonnet::allowed('vgr', - $env{'request.course.id'}); - if (! $allowed_to_view) { - $allowed_to_view = &Apache::lonnet::allowed('vgr', - $env{'request.course.id'}.'/'.$env{'request.course.sec'}); - # Those who are restricted by section are allowed to view. - # The routines in lonstatistics which decide which students' - # will be shown take care of the restriction by section. - } # # Only those able to view others grades will be allowed to continue # if they are not requesting their own. if ($sheettype eq 'classcalc') { - if (! $allowed_to_view) { - $env{'user.error.msg'}= - $r->uri.":vgr:0:0:Access Permission Denied"; - return HTTP_NOT_ACCEPTABLE; + if (!$allowed_to_view) { + $r->internal_redirect('/adm/studentcalc'); + return OK; } } if ((($name ne $env{'user.name'} ) || @@ -322,10 +345,10 @@ sub handler { ## my $js; if ($allowed_to_edit) { - my %lt=( + my %lt=&Apache::lonlocal::texthash( 'ce' => 'Cell', - 'ac' => 'Accept', - 'dc' => 'Discard Changes' + 'ac' => 'Save', + 'dc' => 'Cancel' ); my $extra_javascript = &Apache::loncommon::browser_and_searcher_javascript(); @@ -361,7 +384,7 @@ sub handler { edit_text += cellformula+''; edit_text += '