version 1.11, 2003/06/18 19:44:22
|
version 1.12, 2003/06/19 14:52:21
|
Line 249 sub handler {
|
Line 249 sub handler {
|
## Check permissions |
## Check permissions |
my $allowed_to_edit = &Apache::lonnet::allowed('mgr', |
my $allowed_to_edit = &Apache::lonnet::allowed('mgr', |
$ENV{'request.course.id'}); |
$ENV{'request.course.id'}); |
|
# Only those instructors/tas/whatevers with complete access |
|
# (not section restricted) are able to modify spreadsheets. |
my $allowed_to_view = &Apache::lonnet::allowed('vgr', |
my $allowed_to_view = &Apache::lonnet::allowed('vgr', |
$ENV{'request.course.id'}); |
$ENV{'request.course.id'}); |
|
if (! $allowed_to_view) { |
|
$allowed_to_view = &Apache::lonnet::allowed('vgr', |
|
$ENV{'request.course.id'}.'/'.$ENV{'request.course.sec'}); |
|
# Those who are restricted by section are allowed to view. |
|
# The routines in lonstatistics which decide which students' |
|
# will be shown take care of the restriction by section. |
|
} |
# |
# |
# Only those able to view others grades will be allowed to continue |
# Only those able to view others grades will be allowed to continue |
# if they are not requesting their own. |
# if they are not requesting their own. |
if (($sheettype eq 'classcalc') || |
if ($sheettype eq 'classcalc') { |
($name ne $ENV{'user.name'} ) || |
|
($domain ne $ENV{'user.domain'})) { |
|
if (! $allowed_to_view) { |
if (! $allowed_to_view) { |
$r->print('<h1>Access Permission Denied</h1>'. |
$r->print('<h1>Access Permission Denied</h1>'. |
'</form></body></html>'); |
'</form></body></html>'); |
return OK; |
return OK; |
} |
} |
} |
} |
|
if ((($name ne $ENV{'user.name'} ) || |
|
($domain ne $ENV{'user.domain'})) && $sheettype ne 'classcalc') { |
|
# Check that the student is in their section? |
|
if (exists($ENV{'request.course.sec'}) && |
|
$ENV{'request.course.sec'} ne '' ) { |
|
my $stu_sec = &Apache::lonnet::usection($domain,$name, |
|
$ENV{'request.course.id'}); |
|
if ($stu_sec ne $ENV{'request.course.sec'}) { |
|
$r->print |
|
('<h1>The student requested is not in your section.</h1>'. |
|
'</form></body></html>'); |
|
return OK; |
|
} |
|
} |
|
} |
|
|
# |
# |
# Header.... |
# Header.... |
# |
# |
Line 376 ENDSCRIPT
|
Line 398 ENDSCRIPT
|
} |
} |
$r->print('<table><tr><td>'.$spreadsheet->html_header().'</td>'. |
$r->print('<table><tr><td>'.$spreadsheet->html_header().'</td>'. |
'<td valign="bottom">'.$html."</td></tr></table>\n"); |
'<td valign="bottom">'.$html."</td></tr></table>\n"); |
$r->print(<<END); |
if ($action_message ne '') { |
|
$r->print(<<END); |
<table> |
<table> |
<tr><td valign="top"><b>Last Action:</b></td> |
<tr><td valign="top"><b>Last Action:</b></td> |
<td> </td> |
<td> </td> |
Line 384 ENDSCRIPT
|
Line 407 ENDSCRIPT
|
</tr> |
</tr> |
</table> |
</table> |
END |
END |
|
} |
$r->rflush(); |
$r->rflush(); |
} else { |
} else { |
$r->print('<table><tr><td>'.$spreadsheet->html_header(). |
$r->print('<table><tr><td>'.$spreadsheet->html_header(). |