--- loncom/interface/spreadsheet/lonspreadsheet.pm 2010/12/03 21:33:56 1.58 +++ loncom/interface/spreadsheet/lonspreadsheet.pm 2011/09/26 12:15:39 1.59 @@ -1,5 +1,5 @@ # -# $Id: lonspreadsheet.pm,v 1.58 2010/12/03 21:33:56 www Exp $ +# $Id: lonspreadsheet.pm,v 1.59 2011/09/26 12:15:39 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -218,15 +218,39 @@ sub handler { $r->uri.":opa:0:0:Cannot modify spreadsheet"; return HTTP_NOT_ACCEPTABLE; } + my ($sheettype) = ($r->uri=~/\/(\w+)$/); my $courseid = $env{'request.course.id'}; + + ## + ## Check permissions + my $allowed_to_edit = &Apache::lonnet::allowed('mgr', + $env{'request.course.id'}); + # Only those instructors/tas/whatevers with complete access + # (not section restricted) are able to modify spreadsheets. + my $allowed_to_view = &Apache::lonnet::allowed('vgr', + $env{'request.course.id'}); + if (! $allowed_to_view) { + $allowed_to_view = &Apache::lonnet::allowed('vgr', + $env{'request.course.id'}.'/'.$env{'request.course.sec'}); + # Those who are restricted by section are allowed to view. + # The routines in lonstatistics which decide which students' + # will be shown take care of the restriction by section. + } + # - # Do not allow students to continue if standard or external grading is in - # effect. + # Do not allow users without vgr or mgr priv to continue unless + # grading type is set to spreadsheet. # - if ($env{'request.role'} =~ /^st\./) { - if ($env{'course.'.$courseid.'.grading'} eq 'standard' || - $env{'course.'.$courseid.'.grading'} eq 'external' ) { - return HTTP_NOT_ACCEPTABLE; + + if ((!$allowed_to_view) && (!$allowed_to_edit)) { + if ($env{'course.'.$courseid.'.grading'} eq 'spreadsheet') { + if ($sheettype ne 'studentcalc') { + $r->internal_redirect('/adm/studentcalc'); + return OK; + } + } else { + $r->internal_redirect('/adm/quickgrades'); + return OK; } } # @@ -244,7 +268,6 @@ sub handler { } # # Determine basic information about the spreadsheet - my ($sheettype) = ($r->uri=~/\/(\w+)$/); # my $symb = undef; $symb = $env{'form.usymb'} if (exists($env{'form.usymb'})); @@ -267,29 +290,13 @@ sub handler { $env{'request.course.id'}); } - ## - ## Check permissions - my $allowed_to_edit = &Apache::lonnet::allowed('mgr', - $env{'request.course.id'}); - # Only those instructors/tas/whatevers with complete access - # (not section restricted) are able to modify spreadsheets. - my $allowed_to_view = &Apache::lonnet::allowed('vgr', - $env{'request.course.id'}); - if (! $allowed_to_view) { - $allowed_to_view = &Apache::lonnet::allowed('vgr', - $env{'request.course.id'}.'/'.$env{'request.course.sec'}); - # Those who are restricted by section are allowed to view. - # The routines in lonstatistics which decide which students' - # will be shown take care of the restriction by section. - } # # Only those able to view others grades will be allowed to continue # if they are not requesting their own. if ($sheettype eq 'classcalc') { - if (! $allowed_to_view) { - $env{'user.error.msg'}= - $r->uri.":vgr:0:0:Access Permission Denied"; - return HTTP_NOT_ACCEPTABLE; + if (!$allowed_to_view) { + $r->internal_redirect('/adm/studentcalc'); + return OK; } } if ((($name ne $env{'user.name'} ) ||