--- loncom/interface/spreadsheet/lonspreadsheet.pm 2009/07/08 17:55:10 1.55 +++ loncom/interface/spreadsheet/lonspreadsheet.pm 2011/10/09 00:28:03 1.55.6.1 @@ -1,5 +1,5 @@ # -# $Id: lonspreadsheet.pm,v 1.55 2009/07/08 17:55:10 bisitz Exp $ +# $Id: lonspreadsheet.pm,v 1.55.6.1 2011/10/09 00:28:03 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -106,10 +106,13 @@ sub file_dialogs { $spreadsheet->filename($env{'form.savefilename'}); my $save_status = $spreadsheet->save(); if ($save_status ne 'ok') { - $message .= "An error occurred while saving the spreadsheet". - "There error is:".$save_status; + $message .= ''. + &mt('An error occurred while saving the spreadsheet. The error is: [_1].', + $save_status).''; } else { - $message .= "Spreadsheet saved as ".$spreadsheet->filename(); + $message .= ''.&mt('Spreadsheet saved as: [_1] .', + ''.$spreadsheet->filename().''). + ''; } } elsif (exists($env{'form.newformula'}) && exists($env{'form.cell'}) && @@ -227,15 +230,39 @@ sub handler { $r->uri.":opa:0:0:Cannot modify spreadsheet"; return HTTP_NOT_ACCEPTABLE; } + my ($sheettype) = ($r->uri=~/\/(\w+)$/); my $courseid = $env{'request.course.id'}; + + ## + ## Check permissions + my $allowed_to_edit = &Apache::lonnet::allowed('mgr', + $env{'request.course.id'}); + # Only those instructors/tas/whatevers with complete access + # (not section restricted) are able to modify spreadsheets. + my $allowed_to_view = &Apache::lonnet::allowed('vgr', + $env{'request.course.id'}); + if (! $allowed_to_view) { + $allowed_to_view = &Apache::lonnet::allowed('vgr', + $env{'request.course.id'}.'/'.$env{'request.course.sec'}); + # Those who are restricted by section are allowed to view. + # The routines in lonstatistics which decide which students' + # will be shown take care of the restriction by section. + } + # - # Do not allow students to continue if standard or external grading is in - # effect. + # Do not allow users without vgr or mgr priv to continue unless + # grading type is set to spreadsheet. # - if ($env{'request.role'} =~ /^st\./) { - if ($env{'course.'.$courseid.'.grading'} eq 'standard' || - $env{'course.'.$courseid.'.grading'} eq 'external' ) { - return HTTP_NOT_ACCEPTABLE; + + if ((!$allowed_to_view) && (!$allowed_to_edit)) { + if ($env{'course.'.$courseid.'.grading'} eq 'spreadsheet') { + if ($sheettype ne 'studentcalc') { + $r->internal_redirect('/adm/studentcalc'); + return OK; + } + } else { + $r->internal_redirect('/adm/quickgrades'); + return OK; } } # @@ -253,15 +280,26 @@ sub handler { } # # Determine basic information about the spreadsheet - my ($sheettype) = ($r->uri=~/\/(\w+)$/); # my $symb = undef; $symb = $env{'form.usymb'} if (exists($env{'form.usymb'})); my $name = $env{'user.name'}; my $domain = $env{'user.domain'}; + my $warning; if (exists($env{'form.sname'}) && $env{'form.sname'} ne '') { - $name = $env{'form.sname'}; - $domain = $env{'form.sdomain'}; + if (($env{'form.sname'} ne $env{'user.name'}) || + ($env{'form.sdomain'} ne $env{'user.domain'})) { + if (($allowed_to_view) || ($allowed_to_edit)) { + if (&Apache::lonnet::homeserver($env{'form.sname'},$env{'form.sdomain'}) ne 'no_host') { + $name = $env{'form.sname'}; + $domain = $env{'form.sdomain'}; + } else { + $warning = &mt('Requested user: "[_1]" does not exist; your own sheet is displayed instead.',$env{'form.sname'}.':'.$env{'form.sdomain'}); + } + } else { + $warning = &mt('Your current role is not permitted to display this sheet for the requested user: "[_1]"; your own sheet is displayed instead.',$env{'form.sname'}.':'.$env{'form.sdomain'}); + } + } } $env{'form.sname'} = $name; $env{'form.sdomain'} = $domain; @@ -276,29 +314,13 @@ sub handler { $env{'request.course.id'}); } - ## - ## Check permissions - my $allowed_to_edit = &Apache::lonnet::allowed('mgr', - $env{'request.course.id'}); - # Only those instructors/tas/whatevers with complete access - # (not section restricted) are able to modify spreadsheets. - my $allowed_to_view = &Apache::lonnet::allowed('vgr', - $env{'request.course.id'}); - if (! $allowed_to_view) { - $allowed_to_view = &Apache::lonnet::allowed('vgr', - $env{'request.course.id'}.'/'.$env{'request.course.sec'}); - # Those who are restricted by section are allowed to view. - # The routines in lonstatistics which decide which students' - # will be shown take care of the restriction by section. - } # # Only those able to view others grades will be allowed to continue # if they are not requesting their own. if ($sheettype eq 'classcalc') { - if (! $allowed_to_view) { - $env{'user.error.msg'}= - $r->uri.":vgr:0:0:Access Permission Denied"; - return HTTP_NOT_ACCEPTABLE; + if (!$allowed_to_view) { + $r->internal_redirect('/adm/studentcalc'); + return OK; } } if ((($name ne $env{'user.name'} ) || @@ -403,10 +425,19 @@ ENDSCRIPT text => 'Spreadsheet', faq => 134, bug => 'Spreadsheet'}); + my $settingslink = &Apache::lonhtmlcommon::coursepreflink(&mt('Grade display settings'), + 'grading'); + &Apache::lonhtmlcommon::add_breadcrumb_tool('advtools',$settingslink); $r->print(&Apache::loncommon::start_page('Grades Spreadsheet',$js). &Apache::lonhtmlcommon::breadcrumbs('Spreadsheet', - 'Spreadsheet_About'). - '
'); + 'Spreadsheet_About')); + # + # Open the form + # + if ($warning) { + $r->print('

'.$warning.'

'); + } + $r->print(''); $r->print(&hiddenfield('sname' ,$env{'form.sname'}). &hiddenfield('sdomain',$env{'form.sdomain'}). &hiddenfield('usymb' ,$env{'form.usymb'}));