--- loncom/interface/spreadsheet/lonspreadsheet.pm 2003/05/19 14:06:18 1.2 +++ loncom/interface/spreadsheet/lonspreadsheet.pm 2003/05/23 19:36:04 1.4 @@ -1,5 +1,5 @@ # -# $Id: lonspreadsheet.pm,v 1.2 2003/05/19 14:06:18 matthew Exp $ +# $Id: lonspreadsheet.pm,v 1.4 2003/05/23 19:36:04 matthew Exp $ # # Copyright Michigan State University Board of Trustees # @@ -99,7 +99,7 @@ sub handler { # Check the course homeserver $loaderror= &Apache::lonnet::overloaderror($r, $ENV{'course.'.$ENV{'request.course.id'}.'.home'}); - if ($loaderror) { return $loaderror; } +# if ($loaderror) { return $loaderror; } # # HTML Header # @@ -149,13 +149,19 @@ sub handler { $r->header_out('Cache-control','no-cache'); $r->header_out('Pragma','no-cache'); $r->send_http_header; + ## + ## Check permissions + my $allowed_to_edit = &Apache::lonnet::allowed('mgr', + $ENV{'request.course.id'}); + my $allowed_to_view = &Apache::lonnet::allowed('vgr', + $ENV{'request.course.id'}); # - # Check user permissions - only those able to view others grades - # will be allowed to continue if they are not requesting their own. + # Only those able to view others grades will be allowed to continue + # if they are not requesting their own. if (($sheettype eq 'classcalc') || ($name ne $ENV{'user.name'} ) || ($domain ne $ENV{'user.domain'})) { - if (! &Apache::lonnet::allowed('vgr',$ENV{'request.course.id'})) { + if (! $allowed_to_view) { $r->print('

Access Permission Denied

'. ''); return OK; @@ -216,13 +222,9 @@ ENDSCRIPT &hiddenfield('usymb' ,$ENV{'form.usymb'})); $r->rflush(); ## - ## Check permissions - my $editing_is_allowed = &Apache::lonnet::allowed('mgr', - $ENV{'request.course.id'}); - ## ## Determine the filename to use my $filename = undef; - if ($editing_is_allowed) { + if ($allowed_to_edit) { $filename = $ENV{'form.filename'} if (exists($ENV{'form.filename'})); # if (exists($ENV{'form.load'}) && exists($ENV{'form.loadfilename'})) { @@ -239,7 +241,7 @@ ENDSCRIPT $spreadsheet = Apache::studentcalc->new($name,$domain,$filename,undef); } elsif ($sheettype eq 'assesscalc' && defined($symb) && - $editing_is_allowed) { + $allowed_to_edit) { $spreadsheet = Apache::assesscalc->new($name,$domain,$filename,$symb); } else { return HTTP_NOT_ACCEPTABLE; @@ -250,7 +252,7 @@ ENDSCRIPT } ## ## Editing/loading/saving - if ($editing_is_allowed) { + if ($allowed_to_edit) { ## ## Deal with saving the spreadsheet if (exists($ENV{'form.save'}) && @@ -318,14 +320,17 @@ END $r->rflush(); } # + # Output selector + $r->print($spreadsheet->html_header()); + # # Keep track of the filename $r->print(&hiddenfield('filename',$filename)); # - $r->print($spreadsheet->get_title()); - $r->print($spreadsheet->parent_link()); - if (defined($spreadsheet)) { - $spreadsheet->display($r); + $r->print($spreadsheet->get_html_title()); + if ($allowed_to_view || $allowed_to_edit) { + $r->print($spreadsheet->parent_link()); } + $spreadsheet->display($r); $r->print(''); return OK; }