--- loncom/auth/lonroles.pm 2008/07/14 10:21:52 1.201
+++ loncom/auth/lonroles.pm 2008/11/12 20:01:09 1.210
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# User Roles Screen
#
-# $Id: lonroles.pm,v 1.201 2008/07/14 10:21:52 raeburn Exp $
+# $Id: lonroles.pm,v 1.210 2008/11/12 20:01:09 jms Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -27,6 +27,103 @@
#
###
+=pod
+
+=head1 NAME
+
+Apache::lonroles - User Roles Screen
+
+=head1 SYNOPSIS
+
+Invoked by /etc/httpd/conf/srm.conf:
+
+
+ PerlAccessHandler Apache::lonacc
+ SetHandler perl-script
+ PerlHandler Apache::lonroles
+ ErrorDocument 403 /adm/login
+ ErrorDocument 500 /adm/errorhandler
+
+
+=head1 OVERVIEW
+
+=head2 Choosing Roles
+
+C is a handler that allows a user to switch roles in
+mid-session. LON-CAPA attempts to work with "No Role Specified", the
+default role that a user has before selecting a role, as widely as
+possible, but certain handlers for example need specification which
+course they should act on, etc. Both in this scenario, and when the
+handler determines via C's C<&allowed> function that a certain
+action is not allowed, C is used as error handler. This
+allows the user to select another role which may have permission to do
+what they were trying to do. C can also be accessed via the
+B button in the Remote Control.
+
+=begin latex
+
+\begin{figure}
+\begin{center}
+\includegraphics[width=0.45\paperwidth,keepaspectratio]{Sample_Roles_Screen}
+ \caption{\label{Sample_Roles_Screen}Sample Roles Screen}
+\end{center}
+\end{figure}
+
+=end latex
+
+=head2 Role Initialization
+
+The privileges for a user are established at login time and stored in the session environment. As a consequence, a new role does not become active till the next login. Handlers are able to query for privileges using C's C<&allowed> function. When a user first logs in, their role is the "common" role, which means that they have the sum of all of their privileges. During a session it might become necessary to choose a particular role, which as a consequence also limits the user to only the privileges in that particular role.
+
+=head1 INTRODUCTION
+
+This module enables a user to select what role he wishes to
+operate under (instructor, student, teaching assistant, course
+coordinator, etc). These roles are pre-established by the actions
+of upper-level users.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+
+=head1 HANDLER SUBROUTINE
+
+This routine is called by Apache and mod_perl.
+
+=over 4
+
+=item *
+
+Roles Initialization (yes/no)
+
+=item *
+
+Get Error Message from Environment
+
+=item *
+
+Who is this?
+
+=item *
+
+Generate Page Output
+
+=item *
+
+Choice or no choice
+
+=item *
+
+Table
+
+=item *
+
+Privileges
+
+=back
+
+=cut
+
+
package Apache::lonroles;
use strict;
@@ -146,12 +243,35 @@ sub handler {
# Is this an ad-hoc CA-role?
if (my ($domain,$user) =
($envkey =~ m-^form\.ca\./($match_domain)/($match_username)$-)) {
- # Check if author blocked ca-access
+ if (($domain eq $env{'user.domain'}) && ($user eq $env{'user.name'})) {
+ delete($env{$envkey});
+ $env{'form.au./'.$domain.'/'} = 1;
+ my ($server_status,$home) = &check_author_homeserver($user,$domain);
+ if ($server_status eq 'switchserver') {
+ my $trolecode = 'au./'.$domain.'/';
+ my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
+ $r->internal_redirect($switchserver);
+ }
+ last;
+ }
+ if (my ($castart,$caend) = ($env{'user.role.ca./'.$domain.'/'.$user} =~ /^(\d*)\.(\d*)$/)) {
+ if (((($castart) && ($castart < $now)) || !$castart) &&
+ ((!$caend) || (($caend) && ($caend > $now)))) {
+ my ($server_status,$home) = &check_author_homeserver($user,$domain);
+ if ($server_status eq 'switchserver') {
+ my $trolecode = 'ca./'.$domain.'/'.$user;
+ my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
+ $r->internal_redirect($switchserver);
+ }
+ last;
+ }
+ }
+ # Check if author blocked ca-access
my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],$domain,$user);
if ($blocked{'domcoord.author'} eq 'blocked') {
- delete($env{$envkey});
- $env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access';
- last;
+ delete($env{$envkey});
+ $env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access';
+ last;
}
if ($dcroles{$domain}) {
my ($server_status,$home) = &check_author_homeserver($user,$domain);
@@ -229,8 +349,11 @@ sub handler {
$cdom,$cnum,
$env{'user.domain'},
$env{'user.name'},
- 'Assigned from '.$ENV{'REMOTE_ADDR'}.' at '.localtime().' for '.
- $trolecode);
+ &mt('Assigned from [_1] at [_2] for [_3]'
+ ,$ENV{'REMOTE_ADDR'}
+ ,&Apache::lonlocal::locallocaltime()
+ ,$trolecode)
+ );
unless ($assignresult eq 'ok') {
$assignresult=~s/^error\:\s*//;
$message=&mt($assignresult).
@@ -336,6 +459,10 @@ ENDENTERKEY
} elsif ($env{'request.course.id'}) {
if ($env{'form.destinationurl'}) {
my $dest = $env{'form.destinationurl'};
+ if ($env{'form.destsymb'} ne '') {
+ my $esc_symb = &HTML::Entities::encode($env{'form.destsymb'},'"<>&');
+ $dest .= '?symb='.$esc_symb;
+ }
&redirect_user($r,&mt('Entering [_1]',
$env{'course.'.$courseid.'.description'}),
$dest,$msg,
@@ -350,7 +477,7 @@ ENDENTERKEY
) {
my $startpage = &courseloadpage($courseid);
unless ($startpage eq 'firstres') {
- $msg = &mt('Entering [_1] ....',
+ $msg = &mt('Entering [_1] ...',
$env{'course.'.$courseid.'.description'});
&redirect_user($r,&mt('New in course'),
'/adm/whatsnew?refpage=start',$msg,
@@ -453,6 +580,8 @@ ENDHEADER
my $advanced=$env{'user.adv'};
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['tryagain']);
my $tryagain=$env{'form.tryagain'};
+ my $reinit=$env{'user.reinit'};
+ delete $env{'user.reinit'};
# -------------------------------------------------------- Generate Page Output
# --------------------------------------------------------------- Error Header?
@@ -482,10 +611,16 @@ ENDHEADER
&Apache::lonenc::check_encrypt($fn));
} else {
if ($env{'user.error.msg'}) {
- $r->print(
+ if ($reinit) {
+ $r->print(
+ '
'.
+ &mt('As your session file for the course has expired, you will need to re-select the course.').'
');
+ } else {
+ $r->print(
'
'.
&mt('You need to choose another user role or enter a specific course for this function').'
');
- }
+ }
+ }
}
# -------------------------------------------------------- Choice or no choice?
if ($nochoose) {
@@ -550,7 +685,7 @@ ENDHEADER
$countfuture ++;
} elsif ($tstatus eq 'will') {
$tbg='#FFAA77';
- $tremark.=&mt('Active at next login. ');
+ $tremark.=&mt('Active at next login.').' ';
$roles_nextlogin{$trolecode} = $tstart.':'.$tend;
$countwill ++;
} elsif ($tstatus eq 'expired') {
@@ -559,20 +694,19 @@ ENDHEADER
$button=0;
} elsif ($tstatus eq 'will_not') {
$tbg='#AAFF77';
- $tremark.=&mt('Expired after logout. ');
+ $tremark.=&mt('Expired after logout.').' ';
} elsif ($tstatus eq 'selected') {
$tbg='#11CC55';
$tfont='#002200';
$inrole=1;
$countactive++;
- $tremark.=&mt('Currently selected. ');
+ $tremark.=&mt('Currently selected.').' ';
}
my $trole;
if ($role =~ /^cr\//) {
my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$role);
if ($tremark) { $tremark.=' '; }
- $tremark.=&mt('Defined by ').$rauthor.
- &mt(' at ').$rdomain.'.';
+ $tremark.=&mt('Defined by [_1] at [_2].',$rauthor,$rdomain);
}
$trole=Apache::lonnet::plaintext($role);
my $ttype;
@@ -660,7 +794,7 @@ ENDHEADER
$twhere=&mt('system wide');
$sortkey=$role.$twhere;
}
- $roletext.=&build_roletext($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver);
+ $roletext.=&build_roletext($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver,$reinit);
$roletext{$envkey}=$roletext;
if (!$sortkey) {$sortkey=$twhere."\0".$envkey;}
$sortrole{$sortkey}=$envkey;
@@ -700,7 +834,7 @@ ENDHEADER
my $tfont='#003300';
if ($env{'request.role'} eq 'cm') {
$r->print('
";
foreach my $priv (sort(split(/:/,$env{$envkey}))) {
next if (!$priv);
@@ -969,7 +1093,7 @@ sub role_status {
}
sub build_roletext {
- my ($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver) = @_;
+ my ($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver,$reinit) = @_;
my $roletext='
';
my $is_dc=($trolecode =~ m/^dc\./);
my $rowspan=($is_dc) ? ''
@@ -999,8 +1123,16 @@ sub build_roletext {
'
';
+ } elsif ($reinit) {
+ $roletext.=
+ '
';
} else {
- $roletext.='
';
+ $roletext.=
+ '
';
}
}
if ($trolecode !~ m/^(dc|ca|au|aa)\./) {
@@ -1019,6 +1151,24 @@ sub build_roletext {
return $roletext;
}
+sub check_needs_switchserver {
+ my ($possiblerole) = @_;
+ my $needs_switchserver;
+ my ($role,$where) = split(/\./,$possiblerole,2);
+ my (undef,$tdom,$twho) = split(/\//,$where);
+ my ($server_status,$home);
+ if (($role eq 'ca') || ($role eq 'aa')) {
+ ($server_status,$home) = &check_author_homeserver($twho,$tdom);
+ } else {
+ ($server_status,$home) = &check_author_homeserver($env{'user.name'},
+ $env{'user.domain'});
+ }
+ if ($server_status eq 'switchserver') {
+ $needs_switchserver = 1;
+ }
+ return $needs_switchserver;
+}
+
sub check_author_homeserver {
my ($uname,$udom)=@_;
if (($uname eq '') || ($udom eq '')) {
@@ -1099,7 +1249,15 @@ sub adhoc_course_role {
return;
}
}
- my (%userroles,%newrole,%newgroups);
+ my (%userroles,%newrole,%newgroups,%group_privs);
+ my %cgroups =
+ &Apache::lonnet::get_active_groups($env{'user.domain'},
+ $env{'user.name'},$cdom,$cnum);
+ foreach my $group (keys(%cgroups)) {
+ $group_privs{$group} =
+ $env{'user.priv.cc./'.$cdom.'/'.$cnum.'./'.$cdom.'/'.$cnum.'/'.$group};
+ }
+ $newgroups{'/'.$cdom.'/'.$cnum} = \%group_privs;
my $area = '/'.$cdom.'/'.$cnum;
my $spec = $role.'.'.$area;
if ($usec ne '') {
@@ -1107,7 +1265,7 @@ sub adhoc_course_role {
$area .= '/'.$usec;
}
&Apache::lonnet::standard_roleprivs(\%newrole,$role,$cdom,$spec,$cnum,$area);
- &Apache::lonnet::set_userprivs(\%userroles,\%newrole,%newgroups);
+ &Apache::lonnet::set_userprivs(\%userroles,\%newrole,\%newgroups);
my $adhocstart = $then-1;
$userroles{'user.role.'.$spec} = $adhocstart.'.';
&Apache::lonnet::appenv(\%userroles,[$role,'cm']);