--- loncom/auth/lonroles.pm 2006/07/14 17:05:02 1.163
+++ loncom/auth/lonroles.pm 2009/04/11 21:42:58 1.218
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# User Roles Screen
#
-# $Id: lonroles.pm,v 1.163 2006/07/14 17:05:02 www Exp $
+# $Id: lonroles.pm,v 1.218 2009/04/11 21:42:58 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -27,6 +27,103 @@
#
###
+=pod
+
+=head1 NAME
+
+Apache::lonroles - User Roles Screen
+
+=head1 SYNOPSIS
+
+Invoked by /etc/httpd/conf/srm.conf:
+
+
+ PerlAccessHandler Apache::lonacc
+ SetHandler perl-script
+ PerlHandler Apache::lonroles
+ ErrorDocument 403 /adm/login
+ ErrorDocument 500 /adm/errorhandler
+
+
+=head1 OVERVIEW
+
+=head2 Choosing Roles
+
+C is a handler that allows a user to switch roles in
+mid-session. LON-CAPA attempts to work with "No Role Specified", the
+default role that a user has before selecting a role, as widely as
+possible, but certain handlers for example need specification which
+course they should act on, etc. Both in this scenario, and when the
+handler determines via C's C<&allowed> function that a certain
+action is not allowed, C is used as error handler. This
+allows the user to select another role which may have permission to do
+what they were trying to do. C can also be accessed via the
+B button in the Remote Control.
+
+=begin latex
+
+\begin{figure}
+\begin{center}
+\includegraphics[width=0.45\paperwidth,keepaspectratio]{Sample_Roles_Screen}
+ \caption{\label{Sample_Roles_Screen}Sample Roles Screen}
+\end{center}
+\end{figure}
+
+=end latex
+
+=head2 Role Initialization
+
+The privileges for a user are established at login time and stored in the session environment. As a consequence, a new role does not become active till the next login. Handlers are able to query for privileges using C's C<&allowed> function. When a user first logs in, their role is the "common" role, which means that they have the sum of all of their privileges. During a session it might become necessary to choose a particular role, which as a consequence also limits the user to only the privileges in that particular role.
+
+=head1 INTRODUCTION
+
+This module enables a user to select what role he wishes to
+operate under (instructor, student, teaching assistant, course
+coordinator, etc). These roles are pre-established by the actions
+of upper-level users.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+
+=head1 HANDLER SUBROUTINE
+
+This routine is called by Apache and mod_perl.
+
+=over 4
+
+=item *
+
+Roles Initialization (yes/no)
+
+=item *
+
+Get Error Message from Environment
+
+=item *
+
+Who is this?
+
+=item *
+
+Generate Page Output
+
+=item *
+
+Choice or no choice
+
+=item *
+
+Table
+
+=item *
+
+Privileges
+
+=back
+
+=cut
+
+
package Apache::lonroles;
use strict;
@@ -40,8 +137,10 @@ use Apache::lonhtmlcommon;
use Apache::lonannounce;
use Apache::lonlocal;
use Apache::lonpageflip();
+use Apache::lonnavdisplay();
use GDBM_File;
-use LONCAPA;
+use LONCAPA qw(:DEFAULT :match);
+use HTML::Entities;
sub redirect_user {
@@ -53,8 +152,8 @@ sub redirect_user {
my $swinfo=&Apache::lonmenu::rawconfig();
my $navwindow;
if ($launch_nav eq 'on') {
- $navwindow.=&Apache::lonnavmaps::launch_win('now',undef,undef,
- ($url =~ m-^/adm/whatsnew-));
+ $navwindow.=&Apache::lonnavdisplay::launch_win('now',undef,undef,
+ ($url =~ m-^/adm/whatsnew-));
} else {
$navwindow.=&Apache::lonnavmaps::close();
}
@@ -105,29 +204,92 @@ sub handler {
# ================================================================== Roles Init
if ($env{'form.selectrole'}) {
+
+ my $locknum=&Apache::lonnet::get_locks();
+ if ($locknum) { return 409; }
+
if ($env{'form.newrole'}) {
$env{'form.'.$env{'form.newrole'}}=1;
}
if ($env{'request.course.id'}) {
+ # Check if user is CC trying to select a course role
+ if ($env{'form.switchrole'}) {
+ if (!defined($env{'user.role.'.$env{'form.switchrole'}})) {
+ &adhoc_course_role($then);
+ }
+ }
my %temp=('logout_'.$env{'request.course.id'} => time);
&Apache::lonnet::put('email_status',\%temp);
&Apache::lonnet::delenv('user.state.'.$env{'request.course.id'});
}
- &Apache::lonnet::appenv("request.course.id" => '',
- "request.course.fn" => '',
- "request.course.uri" => '',
- "request.course.sec" => '',
- "request.role" => 'cm',
- "request.role.adv" => $env{'user.adv'},
- "request.role.domain" => $env{'user.domain'});
-
-# Check if user is a DC trying to enter a course and needs privs to be created
+ &Apache::lonnet::appenv({"request.course.id" => '',
+ "request.course.fn" => '',
+ "request.course.uri" => '',
+ "request.course.sec" => '',
+ "request.role" => 'cm',
+ "request.role.adv" => $env{'user.adv'},
+ "request.role.domain" => $env{'user.domain'}});
+# Check if user is a DC trying to enter a course or author space and needs privs to be created
if ($numdc > 0) {
foreach my $envkey (keys %env) {
+# Is this an ad-hoc CC-role?
if (my ($domain,$coursenum) =
- ($envkey =~ m-^form\.cc\./(\w+)/(\w+)$-)) {
+ ($envkey =~ m-^form\.cc\./($match_domain)/($match_courseid)$-)) {
if ($dcroles{$domain}) {
- &check_privs($domain,$coursenum,$then,$now);
+ &Apache::lonnet::check_adhoc_privs($domain,$coursenum,
+ $then,$now,'cc');
+ }
+ last;
+ }
+# Is this an ad-hoc CA-role?
+ if (my ($domain,$user) =
+ ($envkey =~ m-^form\.ca\./($match_domain)/($match_username)$-)) {
+ if (($domain eq $env{'user.domain'}) && ($user eq $env{'user.name'})) {
+ delete($env{$envkey});
+ $env{'form.au./'.$domain.'/'} = 1;
+ my ($server_status,$home) = &check_author_homeserver($user,$domain);
+ if ($server_status eq 'switchserver') {
+ my $trolecode = 'au./'.$domain.'/';
+ my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
+ $r->internal_redirect($switchserver);
+ }
+ last;
+ }
+ if (my ($castart,$caend) = ($env{'user.role.ca./'.$domain.'/'.$user} =~ /^(\d*)\.(\d*)$/)) {
+ if (((($castart) && ($castart < $now)) || !$castart) &&
+ ((!$caend) || (($caend) && ($caend > $now)))) {
+ my ($server_status,$home) = &check_author_homeserver($user,$domain);
+ if ($server_status eq 'switchserver') {
+ my $trolecode = 'ca./'.$domain.'/'.$user;
+ my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
+ $r->internal_redirect($switchserver);
+ }
+ last;
+ }
+ }
+ # Check if author blocked ca-access
+ my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],$domain,$user);
+ if ($blocked{'domcoord.author'} eq 'blocked') {
+ delete($env{$envkey});
+ $env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access';
+ last;
+ }
+ if ($dcroles{$domain}) {
+ my ($server_status,$home) = &check_author_homeserver($user,$domain);
+ if (($server_status eq 'ok') || ($server_status eq 'switchserver')) {
+ &Apache::lonnet::check_adhoc_privs($domain,$user,$then,
+ $now,'ca');
+ if ($server_status eq 'switchserver') {
+ my $trolecode = 'ca./'.$domain.'/'.$user;
+ my $switchserver = '/adm/switchserver?'
+ .'otherserver='.$home.'&role='.$trolecode;
+ $r->internal_redirect($switchserver);
+ }
+ } else {
+ delete($env{$envkey});
+ }
+ } else {
+ delete($env{$envkey});
}
last;
}
@@ -137,7 +299,8 @@ sub handler {
foreach $envkey (keys %env) {
next if ($envkey!~/^user\.role\./);
my ($where,$trolecode,$role,$tstatus,$tend,$tstart);
- &role_status($envkey,$then,$now,\$role,\$where,\$trolecode,\$tstatus,\$tstart,\$tend);
+ &Apache::lonnet::role_status($envkey,$then,$now,\$role,\$where,
+ \$trolecode,\$tstatus,\$tstart,\$tend);
if ($env{'form.'.$trolecode}) {
if ($tstatus eq 'is') {
$where=~s/^\///;
@@ -164,7 +327,7 @@ sub handler {
my $authnum=$cnum;
if ($env{'course.'.$cdom.'_'.$cnum.'.keyauth'}) {
($authnum,$authdom)=
- split(/\W/,$env{'course.'.$cdom.'_'.$cnum.'.keyauth'});
+ split(/:/,$env{'course.'.$cdom.'_'.$cnum.'.keyauth'});
}
# check with key authority
unless (&Apache::lonnet::validate_access_key(
@@ -189,8 +352,11 @@ sub handler {
$cdom,$cnum,
$env{'user.domain'},
$env{'user.name'},
- 'Assigned from '.$ENV{'REMOTE_ADDR'}.' at '.localtime().' for '.
- $trolecode);
+ &mt('Assigned from [_1] at [_2] for [_3]'
+ ,$ENV{'REMOTE_ADDR'}
+ ,&Apache::lonlocal::locallocaltime()
+ ,$trolecode)
+ );
unless ($assignresult eq 'ok') {
$assignresult=~s/^error\:\s*//;
$message=&mt($assignresult).
@@ -200,13 +366,13 @@ sub handler {
}
$r->print(<
+
$end_page
@@ -223,7 +389,7 @@ ENDENTEREDKEY
my $end_page=&Apache::loncommon::end_page();
$r->print(<
+
');
+ if ($countfuture) {
+ $r->print(&mt('The following [quant,_1,role,roles] will become active in the future:',$countfuture));
+ my $doheaders = &roletable_headers($r,\%roleclass,\%sortrole,
+ $nochoose);
+ &print_rolerows($r,$doheaders,\%roleclass,\%sortrole,\%dcroles,
+ \%roletext);
+ my $tremark='';
+ my $tbg;
+ if ($env{'request.role'} eq 'cm') {
+ $tbg="LC_roles_selected";
+ $tremark=&mt('Currently selected.').' ';
+ } else {
+ $tbg="LC_roles_is";
+ }
+ $r->print(&Apache::loncommon::start_data_table_row()
+ .'
'
+ .'
'
+ .&mt('No role specified')
+ .'
'
+ .'
'.$tremark.'
'
+ .&Apache::loncommon::end_data_table_row()
+ );
+
+ $r->print(&Apache::loncommon::end_data_table());
+ }
+ $r->print(&Apache::loncommon::end_page());
return OK;
}
-# More than one possible role
# ----------------------------------------------------------------------- Table
- unless (($advanced) || ($nochoose)) {
- $r->print("
');
- foreach (sort split(/:/,$env{$envkey})) {
- if ($_) {
- my ($prv,$restr)=split(/\&/,$_);
- my $trestr='';
- if ($restr ne 'F') {
- my $i;
- $trestr.=' (';
- for ($i=0;$iprint('
'.
- Apache::lonnet::plaintext($prv).$trestr.
- '
');
- }
- }
- $r->print('
');
- }
- }
+ $r->print('
'.&mt('Current Privileges').'
');
+ $r->print(&privileges_info());
}
$r->print(&Apache::lonnet::getannounce());
if ($advanced) {
- $r->print('
This is LON-CAPA '.
- $r->dir_config('lonVersion').' '.
- ''.&mt('Logout').'
');
+ my $esc_dom = &HTML::Entities::encode($env{'user.domain'},'"<>&');
+ $r->print('
');
}
$r->print(&Apache::loncommon::end_page());
return OK;
}
-sub role_status {
- my ($rolekey,$then,$now,$role,$where,$trolecode,$tstatus,$tstart,$tend) = @_;
- my @pwhere = ();
- if (exists($env{$rolekey}) && $env{$rolekey} ne '') {
- (undef,undef,$$role,@pwhere)=split(/\./,$rolekey);
- unless (!defined($$role) || $$role eq '') {
- $$where=join('.',@pwhere);
- $$trolecode=$$role.'.'.$$where;
- ($$tstart,$$tend)=split(/\./,$env{$rolekey});
- $$tstatus='is';
- if ($$tstart && $$tstart>$then) {
- $$tstatus='future';
- if ($$tstart<$now) { $$tstatus='will'; }
+sub role_timezone {
+ my ($where,$timezones) = @_;
+ my $timezone;
+ if (ref($timezones) eq 'HASH') {
+ if ($where =~ m{^/($match_domain)/($match_courseid)}) {
+ my $cdom = $1;
+ my $cnum = $2;
+ if ($cdom && $cnum) {
+ if (!exists($timezones->{$cdom.'_'.$cnum})) {
+ my %timehash =
+ &Apache::lonnet::get('environment',['timezone'],$cdom,$cnum);
+ if ($timehash{'timezone'} eq '') {
+ if (!exists($timezones->{$cdom})) {
+ my %domdefaults =
+ &Apache::lonnet::get_domain_defaults($cdom);
+ if ($domdefaults{'timezone_def'} eq '') {
+ $timezones->{$cdom} = 'local';
+ } else {
+ $timezones->{$cdom} = $domdefaults{'timezone_def'};
+ }
+ }
+ $timezones->{$cdom.'_'.$cnum} = $timezones->{$cdom};
+ } else {
+ $timezones->{$cdom.'_'.$cnum} =
+ &Apache::lonlocal::gettimezone($timehash{'timezone'});
+ }
+ }
+ $timezone = $timezones->{$cdom.'_'.$cnum};
+ }
+ } else {
+ my ($tdom) = ($where =~ m{^/($match_domain)});
+ if ($tdom) {
+ if (!exists($timezones->{$tdom})) {
+ my %domdefaults = &Apache::lonnet::get_domain_defaults($tdom);
+ if ($domdefaults{'timezone_def'} eq '') {
+ $timezones->{$tdom} = 'local';
+ } else {
+ $timezones->{$tdom} = $domdefaults{'timezone_def'};
+ }
+ }
+ $timezone = $timezones->{$tdom};
+ }
+ }
+ if ($timezone eq 'local') {
+ $timezone = undef;
+ }
+ }
+ return $timezone;
+}
+
+sub roletable_headers {
+ my ($r,$roleclass,$sortrole,$nochoose) = @_;
+ my $doheaders;
+ if ((ref($sortrole) eq 'HASH') && (ref($roleclass) eq 'HASH')) {
+ $r->print(' '
+ .&Apache::loncommon::start_data_table()
+ .&Apache::loncommon::start_data_table_header_row()
+ );
+ if (!$nochoose) { $r->print('
'); }
+ $r->print('
'.&mt('User Role').'
'
+ .'
'.&mt('Extent').'
'
+ .'
'.&mt('Start').'
'
+ .'
'.&mt('End').'
'
+ .&Apache::loncommon::end_data_table_header_row()
+ );
+ $doheaders=-1;
+ my @roletypes = &roletypes();
+ foreach my $type (@roletypes) {
+ my $haverole=0;
+ foreach my $which (sort {uc($a) cmp uc($b)} (keys(%{$sortrole}))) {
+ if ($roleclass->{$sortrole->{$which}} =~ /^\Q$type\E/) {
+ $haverole=1;
+ }
+ }
+ if ($haverole) { $doheaders++; }
+ }
+ }
+ return $doheaders;
+}
+
+sub roletypes {
+ my @types = ('Domain','Construction Space','Course','Unavailable','System');
+ return @types;
+}
+
+sub print_rolerows {
+ my ($r,$doheaders,$roleclass,$sortrole,$dcroles,$roletext) = @_;
+ if ((ref($roleclass) eq 'HASH') && (ref($sortrole) eq 'HASH')) {
+ my @types = &roletypes();
+ foreach my $type (@types) {
+ my $output;
+ foreach my $which (sort {uc($a) cmp uc($b)} (keys(%{$sortrole}))) {
+ if ($roleclass->{$sortrole->{$which}} =~ /^\Q$type\E/) {
+ if (ref($roletext) eq 'HASH') {
+ $output.=$roletext->{$sortrole->{$which}};
+ if ($sortrole->{$which} =~ m-dc\./($match_domain)/-) {
+ if (ref($dcroles) eq 'HASH') {
+ if ($dcroles->{$1}) {
+ $output .= &adhoc_roles_row($1,'');
+ }
+ }
+ }
+ }
+ }
}
- if ($$tend) {
- if ($$tend<$then) {
- $$tstatus='expired';
- } elsif ($$tend<$now) {
- $$tstatus='will_not';
+ if ($output) {
+ if ($doheaders > 0) {
+ $r->print(&Apache::loncommon::start_data_table_empty_row()
+ .'
'
+ .&mt($type)
+ .'
'
+ .&Apache::loncommon::end_data_table_empty_row()
+ );
+ }
+ $r->print($output);
+ }
+ }
+ }
+}
+
+sub findcourse_advice {
+ my ($r) = @_;
+ my $domdesc = &Apache::lonnet::domain($env{'user.domain'},'description');
+ my $esc_dom = &HTML::Entities::encode($env{'user.domain'},'"<>&');
+ if (&Apache::lonnet::auto_run(undef,$env{'user.domain'})) {
+ $r->print(&mt('If you were expecting to see an active role listed for a particular course in the [_1] domain, it may be missing for one of the following reasons:',$domdesc).'
+
+
'.&mt('The course has yet to be created.').'
+
'.&mt('Automatic enrollment of registered students has not been enabled for the course.').'
+
'.&mt('You are in a section of course for which automatic enrollment in the corresponding LON-CAPA course is not active.').'
+
'.&mt('The start date for automated enrollment has yet to be reached.').'
+
'.&mt('You registered for the course recently and there is a time lag between the time you register, and the time this information becomes available for the update of LON-CAPA course rosters.').'
+
');
+ } else {
+ $r->print(&mt('If you were expecting to see an active role listed for a particular course, that course may not have been created yet.').' ');
+ }
+ $r->print('
'.&mt('The [_1]Course Catalog[_2] provides information about all [_3] classes for which LON-CAPA courses have been created.','','',$domdesc).' ');
+ $r->print(&mt('You can search the course catalog for courses which permit self-enrollment, if you would like to enroll in a course.').'
');
+ &queued_selfenrollment($r);
+ return;
+}
+
+sub queued_selfenrollment {
+ my ($r) = @_;
+ my %selfenrollrequests = &Apache::lonnet::dump('selfenrollrequests');
+ my %reqs_by_date;
+ foreach my $item (keys(%selfenrollrequests)) {
+ if (ref($selfenrollrequests{$item}) eq 'HASH') {
+ if ($selfenrollrequests{$item}{'status'} eq 'request') {
+ if ($selfenrollrequests{$item}{'timestamp'}) {
+ push(@{$reqs_by_date{$selfenrollrequests{$item}{'timestamp'}}},$item);
+ }
+ }
+ }
+ }
+ if (keys(%reqs_by_date)) {
+ my $rolename = &Apache::lonnet::plaintext('st');
+ $r->print(''.&mt('Enrollment requests pending Course Coordinator approval').' '.
+ &Apache::loncommon::start_data_table().
+ &Apache::loncommon::start_data_table_header_row().
+ '
'.&mt('Date requested').'
'.&mt('Course title').'
'.
+ '
'.&mt('User role').'
'.&mt('Section').'
'.
+ &Apache::loncommon::end_data_table_header_row());
+ my @sorted = sort { $a <=> $b } (keys(%reqs_by_date));
+ foreach my $item (@sorted) {
+ if (ref($reqs_by_date{$item}) eq 'ARRAY') {
+ foreach my $crs (@{$reqs_by_date{$item}}) {
+ my %courseinfo = &Apache::lonnet::coursedescription($crs);
+ my $usec = $selfenrollrequests{$crs}{'section'};
+ if ($usec eq '') {
+ $usec = &mt('No section');
+ }
+ $r->print(&Apache::loncommon::start_data_table_row().
+ '
'.&Apache::lonlocal::locallocaltime($item).'
'.
+ '
'.$courseinfo{'description'}.'
'.
+ '
'.$rolename.'
'.$usec.'
'.
+ &Apache::loncommon::end_data_table_row());
}
}
}
+ $r->print(&Apache::loncommon::end_data_table());
+ }
+ return;
+}
+
+sub privileges_info {
+ my ($which) = @_;
+ my $output;
+
+ $which ||= $env{'request.role'};
+
+ foreach my $envkey (sort(keys(%env))) {
+ next if ($envkey!~/^user\.priv\.\Q$which\E\.(.*)/);
+
+ my $where=$1;
+ my $ttype;
+ my $twhere;
+ my (undef,$tdom,$trest,$tsec)=split(m{/},$where);
+ if ($trest) {
+ if ($env{'course.'.$tdom.'_'.$trest.'.description'} eq 'ca') {
+ $ttype='Construction Space';
+ $twhere='User: '.$trest.', Domain: '.$tdom;
+ } else {
+ $ttype= &Apache::loncommon::course_type($tdom.'_'.$trest);
+ $twhere=$env{'course.'.$tdom.'_'.$trest.'.description'};
+ if ($tsec) {
+ my $sec_type = 'Section';
+ if (exists($env{"user.role.gr.$where"})) {
+ $sec_type = 'Group';
+ }
+ $twhere.=' ('.$sec_type.': '.$tsec.')';
+ }
+ }
+ } elsif ($tdom) {
+ $ttype='Domain';
+ $twhere=$tdom;
+ } else {
+ $ttype='System';
+ $twhere='/';
+ }
+ $output .= "\n
".&mt($ttype).': '.$twhere.'
'."\n
";
+ foreach my $priv (sort(split(/:/,$env{$envkey}))) {
+ next if (!$priv);
+
+ my ($prv,$restr)=split(/\&/,$priv);
+ my $trestr='';
+ if ($restr ne 'F') {
+ $trestr.=' ('.
+ join(', ',
+ map { &Apache::lonnet::plaintext($_) }
+ (split('',$restr))).') ';
+ }
+ $output .= "\n\t".
+ '
'.&Apache::lonnet::plaintext($prv).$trestr.'
';
+ }
+ $output .= "\n".'
';
}
+ return $output;
}
sub build_roletext {
- my ($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver) = @_;
- my $roletext='
';
+ my ($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver,$reinit) = @_;
+ my $roletext=&Apache::loncommon::start_data_table_row();
my $is_dc=($trolecode =~ m/^dc\./);
my $rowspan=($is_dc) ? ''
: ' rowspan="2" ';
@@ -828,55 +1197,95 @@ sub build_roletext {
$buttonname=~s/\W//g;
if (!$button) {
if ($switchserver) {
- $roletext.=''.&mt('Switch Server').'';
+ $roletext.=''
+ .''
+ .&mt('Switch Server')
+ .'';
} else {
- $roletext.=('