--- loncom/interface/spreadsheet/lonspreadsheet.pm	2011/09/26 15:48:06	1.60
+++ loncom/interface/spreadsheet/lonspreadsheet.pm	2021/11/30 15:55:39	1.67
@@ -1,5 +1,5 @@
 #
-# $Id: lonspreadsheet.pm,v 1.60 2011/09/26 15:48:06 raeburn Exp $
+# $Id: lonspreadsheet.pm,v 1.67 2021/11/30 15:55:39 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -241,6 +241,29 @@ sub handler {
     }
 
     #
+    # Check if display of course gradebook is blocked
+    #
+
+    if ($env{'request.course.id'}) {
+        my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+        my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+        my $clientip = &Apache::lonnet::get_requestor_ip($r);
+        my ($blocked,$blocktext) =
+            &Apache::loncommon::blocking_status('grades',$clientip,$cnum,$cdom);
+        if ($blocked) {
+            my $checkrole = "cm./$cdom/$cnum";
+            if ($env{'request.course.sec'} ne '') {
+                $checkrole .= "/$env{'request.course.sec'}";
+            }
+            unless ((&Apache::lonnet::allowed('evb',undef,undef,$checkrole)) &&
+                    ($env{'request.role'} !~ m{^st\./$cdom/$cnum})) {
+                &Apache::lonquickgrades::grades_blocked($r,$blocktext,'spreadsheet');
+                return OK;
+            }
+        }
+    }
+
+    #
     # Do not allow users without vgr or mgr priv to continue unless 
     # grading type is set to spreadsheet. 
     #
@@ -276,9 +299,21 @@ sub handler {
     $symb = $env{'form.usymb'} if (exists($env{'form.usymb'}));
     my $name   = $env{'user.name'};
     my $domain = $env{'user.domain'};
+    my $warning;
     if (exists($env{'form.sname'}) && $env{'form.sname'} ne '') {
-        $name   = $env{'form.sname'};
-        $domain = $env{'form.sdomain'};
+        if (($env{'form.sname'} ne $env{'user.name'}) ||
+            ($env{'form.sdomain'} ne $env{'user.domain'})) {
+            if (($allowed_to_view) || ($allowed_to_edit)) {
+                if (&Apache::lonnet::homeserver($env{'form.sname'},$env{'form.sdomain'}) ne 'no_host') {
+                    $name   = $env{'form.sname'};
+                    $domain = $env{'form.sdomain'};
+                } else {
+                    $warning = &mt('Requested user: "[_1]" does not exist; your own sheet is displayed instead.',$env{'form.sname'}.':'.$env{'form.sdomain'});
+                }
+            } else {
+                $warning = &mt('Your current role is not permitted to display this sheet for the requested user: "[_1]"; your own sheet is displayed instead.',$env{'form.sname'}.':'.$env{'form.sdomain'});
+            }
+        }
     }
     $env{'form.sname'} = $name;
     $env{'form.sdomain'} = $domain;
@@ -333,10 +368,10 @@ sub handler {
     ##
     my $js;
     if ($allowed_to_edit) {
-	my %lt=(
+	my %lt=&Apache::lonlocal::texthash(
 		'ce' => 'Cell',
-		'ac' => 'Accept',
-		'dc' => 'Discard Changes'
+		'ac' => 'Save',
+		'dc' => 'Cancel'
 	);
         my $extra_javascript = 
             &Apache::loncommon::browser_and_searcher_javascript();
@@ -365,14 +400,14 @@ sub handler {
         // cellformula may contain less-than and greater-than symbols, so
         // we need to escape them?  
         edit_text +='$cell_edit_start';
-        edit_text += '<form name="editwinform">';
+        edit_text += '<form name="editwinform" action="">';
         edit_text += '<center><h3>$lt{'ce'} '+cellname+'</h3>';
         edit_text += '<textarea id="LC_newformula" name="newformula" ';
         edit_text += ' cols="60" rows="12"; wrap="off" style="width:100%">';
 	edit_text += cellformula+'</textarea>';
         edit_text += '<div id="LC_aftertextarea"><br />';
         edit_text += '<input type="button" name="accept" value="$lt{'ac'}"';
-        edit_text += ' onClick=\\\'javascript:';
+        edit_text += ' onclick=\\\'javascript:';
         edit_text += 'opener.document.sheet.cell.value=';
         edit_text +=     '"'+cellname+'";';
         edit_text += 'opener.document.sheet.newformula.value=';
@@ -382,7 +417,7 @@ sub handler {
         edit_text += '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
         edit_text += '<input type="button" name="abort" ';
         edit_text +=     'value="$lt{'dc'}"';
-        edit_text += ' onClick="javascript:self.close()" />';
+        edit_text += ' onclick="javascript:self.close()" />';
         edit_text += '</center></div></form>$cell_edit_end';
 
         if (editwin != null && !(editwin.closed) ) {
@@ -416,6 +451,9 @@ ENDSCRIPT
     #
     # Open the form
     # 
+    if ($warning) {
+        $r->print('<p class="LC_info">'.$warning.'</p>');
+    }
     $r->print('<form action="'.$r->uri.'" name="sheet" method="post">');
     $r->print(&hiddenfield('sname'  ,$env{'form.sname'}).
               &hiddenfield('sdomain',$env{'form.sdomain'}).
@@ -520,14 +558,11 @@ ENDSCRIPT
                   '</td>'.
                   '<td valign="center">'.$html."</td></tr></table>\n");
         if ($action_message ne '') {
-            $r->print(<<END);
-<table>
-<tr><td valign="top"><b>Last Action:</b></td>
-    <td>&nbsp;</td>
-    <td>$action_message</td>
-</tr>
-</table>
-END
+            $r->print(
+                &Apache::loncommon::confirmwrapper(
+                    &mt('Last Action:')
+                   .$action_message)
+            );
         }
         $r->rflush();
     } else {
@@ -543,13 +578,13 @@ END
     if ($allowed_to_view) {
         $r->print('<td>'.
                   &Apache::loncommon::help_open_topic("Spreadsheet_About",
-                                                      'Spreadsheet Help').
+                                                      &mt('Spreadsheet Help')).
                   '</td>');
     }
     if ($allowed_to_edit) {
         $r->print('<td>'.
                   &Apache::loncommon::help_open_topic("Spreadsheet_Editing",
-                                                      'Editing Help').
+                                                      &mt('Editing Help')).
                   '</td>');
     }
     $r->print('</tr></table>');