--- loncom/auth/lonroles.pm 2009/09/23 16:55:53 1.209.4.1
+++ loncom/auth/lonroles.pm 2011/09/27 20:33:34 1.256.2.6
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# User Roles Screen
#
-# $Id: lonroles.pm,v 1.209.4.1 2009/09/23 16:55:53 raeburn Exp $
+# $Id: lonroles.pm,v 1.256.2.6 2011/09/27 20:33:34 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -27,6 +27,103 @@
#
###
+=pod
+
+=head1 NAME
+
+Apache::lonroles - User Roles Screen
+
+=head1 SYNOPSIS
+
+Invoked by /etc/httpd/conf/srm.conf:
+
+
+ PerlAccessHandler Apache::lonacc
+ SetHandler perl-script
+ PerlHandler Apache::lonroles
+ ErrorDocument 403 /adm/login
+ ErrorDocument 500 /adm/errorhandler
+
+
+=head1 OVERVIEW
+
+=head2 Choosing Roles
+
+C is a handler that allows a user to switch roles in
+mid-session. LON-CAPA attempts to work with "No Role Specified", the
+default role that a user has before selecting a role, as widely as
+possible, but certain handlers for example need specification which
+course they should act on, etc. Both in this scenario, and when the
+handler determines via C's C<&allowed> function that a certain
+action is not allowed, C is used as error handler. This
+allows the user to select another role which may have permission to do
+what they were trying to do. C can also be accessed via the
+B button in the Remote Control.
+
+=begin latex
+
+\begin{figure}
+\begin{center}
+\includegraphics[width=0.45\paperwidth,keepaspectratio]{Sample_Roles_Screen}
+ \caption{\label{Sample_Roles_Screen}Sample Roles Screen}
+\end{center}
+\end{figure}
+
+=end latex
+
+=head2 Role Initialization
+
+The privileges for a user are established at login time and stored in the session environment. As a consequence, a new role does not become active till the next login. Handlers are able to query for privileges using C's C<&allowed> function. When a user first logs in, their role is the "common" role, which means that they have the sum of all of their privileges. During a session it might become necessary to choose a particular role, which as a consequence also limits the user to only the privileges in that particular role.
+
+=head1 INTRODUCTION
+
+This module enables a user to select what role he wishes to
+operate under (instructor, student, teaching assistant, course
+coordinator, etc). These roles are pre-established by the actions
+of upper-level users.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+
+=head1 HANDLER SUBROUTINE
+
+This routine is called by Apache and mod_perl.
+
+=over 4
+
+=item *
+
+Roles Initialization (yes/no)
+
+=item *
+
+Get Error Message from Environment
+
+=item *
+
+Who is this?
+
+=item *
+
+Generate Page Output
+
+=item *
+
+Choice or no choice
+
+=item *
+
+Table
+
+=item *
+
+Privileges
+
+=back
+
+=cut
+
+
package Apache::lonroles;
use strict;
@@ -41,10 +138,11 @@ use Apache::lonannounce;
use Apache::lonlocal;
use Apache::lonpageflip();
use Apache::lonnavdisplay();
+use Apache::loncoursequeueadmin;
use GDBM_File;
use LONCAPA qw(:DEFAULT :match);
use HTML::Entities;
-
+
sub redirect_user {
my ($r,$title,$url,$msg,$launch_nav) = @_;
@@ -55,13 +153,18 @@ sub redirect_user {
my $swinfo=&Apache::lonmenu::rawconfig();
my $navwindow;
if ($launch_nav eq 'on') {
- $navwindow.=&Apache::lonnavdisplay::launch_win('now',undef,undef,
- ($url =~ m-^/adm/whatsnew-));
+ $navwindow.=&Apache::lonnavdisplay::launch_win('now',undef,undef,
+ ($url =~ m-^/adm/whatsnew-));
} else {
- $navwindow.=&Apache::lonnavmaps::close();
+ $navwindow.=&Apache::lonnavmaps::close();
}
+
+ # Breadcrumbs
+ my $brcrum = [{'href' => $url,
+ 'text' => 'Switching Role'},];
my $start_page = &Apache::loncommon::start_page('Switching Role',undef,
- {'redirect' => [1,$url],});
+ {'redirect' => [1,$url],
+ 'bread_crumbs' => $brcrum,});
my $end_page = &Apache::loncommon::end_page();
# Note to style police:
@@ -70,10 +173,12 @@ sub redirect_user {
$r->print(<
+//
$navwindow
-
$msg
+
$msg
$end_page
ENDREDIR
return;
@@ -85,13 +190,25 @@ sub error_page {
&Apache::loncommon::no_cache($r);
$r->send_http_header;
return OK if $r->header_only;
- $r->print(&Apache::loncommon::start_page('Problems during Course Initialization').
- ''.
- '
'.&mt('The following problems occurred:').
+ # Breadcrumbs
+ my $brcrum = [{'href' => $dest,
+ 'text' => 'Problems during Course Initialization'},];
+ $r->print(&Apache::loncommon::start_page('Problems during Course Initialization',
+ undef,
+ {'bread_crumbs' => $brcrum,})
+ );
+ $r->print(
+ ''.
+ '
'.&mt('The following problems occurred:').
+ ' '.
$error.
- '
'.&mt('Continue').''
+ );
+ $r->print(&Apache::loncommon::end_page());
}
sub handler {
@@ -100,10 +217,15 @@ sub handler {
my $now=time;
my $then=$env{'user.login.time'};
+ my $refresh=$env{'user.refresh.time'};
+ if (!$refresh) {
+ $refresh = $then;
+ }
my $envkey;
my %dcroles = ();
my $numdc = &check_fordc(\%dcroles,$then);
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'});
+ my $loncaparev = $Apache::lonnet::perlvar{'lonVersion'};
# ================================================================== Roles Init
if ($env{'form.selectrole'}) {
@@ -117,8 +239,17 @@ sub handler {
if ($env{'request.course.id'}) {
# Check if user is CC trying to select a course role
if ($env{'form.switchrole'}) {
- if (!defined($env{'user.role.'.$env{'form.switchrole'}})) {
- &adhoc_course_role($then);
+ my $switch_is_active;
+ if (defined($env{'user.role.'.$env{'form.switchrole'}})) {
+ my ($start,$end) = split(/\./,$env{'user.role.'.$env{'form.switchrole'}});
+ if (!$end || $end > $now) {
+ if (!$start || $start < $refresh) {
+ $switch_is_active = 1;
+ }
+ }
+ }
+ unless ($switch_is_active) {
+ &adhoc_course_role($refresh,$then);
}
}
my %temp=('logout_'.$env{'request.course.id'} => time);
@@ -135,11 +266,12 @@ sub handler {
# Check if user is a DC trying to enter a course or author space and needs privs to be created
if ($numdc > 0) {
foreach my $envkey (keys %env) {
-# Is this an ad-hoc CC-role?
- if (my ($domain,$coursenum) =
- ($envkey =~ m-^form\.cc\./($match_domain)/($match_courseid)$-)) {
+# Is this an ad-hoc Coordinator role?
+ if (my ($ccrole,$domain,$coursenum) =
+ ($envkey =~ m-^form\.(cc|co)\./($match_domain)/($match_courseid)$-)) {
if ($dcroles{$domain}) {
- &check_privs($domain,$coursenum,$then,$now,'cc');
+ &Apache::lonnet::check_adhoc_privs($domain,$coursenum,
+ $then,$refresh,$now,$ccrole);
}
last;
}
@@ -152,7 +284,7 @@ sub handler {
my ($server_status,$home) = &check_author_homeserver($user,$domain);
if ($server_status eq 'switchserver') {
my $trolecode = 'au./'.$domain.'/';
- my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
+ my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
$r->internal_redirect($switchserver);
}
last;
@@ -163,7 +295,7 @@ sub handler {
my ($server_status,$home) = &check_author_homeserver($user,$domain);
if ($server_status eq 'switchserver') {
my $trolecode = 'ca./'.$domain.'/'.$user;
- my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
+ my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
$r->internal_redirect($switchserver);
}
last;
@@ -179,11 +311,12 @@ sub handler {
if ($dcroles{$domain}) {
my ($server_status,$home) = &check_author_homeserver($user,$domain);
if (($server_status eq 'ok') || ($server_status eq 'switchserver')) {
- &check_privs($domain,$user,$then,$now,'ca');
+ &Apache::lonnet::check_adhoc_privs($domain,$user,$then,
+ $refresh,$now,'ca');
if ($server_status eq 'switchserver') {
my $trolecode = 'ca./'.$domain.'/'.$user;
my $switchserver = '/adm/switchserver?'
- .'otherserver='.$home.'&role='.$trolecode;
+ .'otherserver='.$home.'&role='.$trolecode;
$r->internal_redirect($switchserver);
}
} else {
@@ -200,11 +333,48 @@ sub handler {
foreach $envkey (keys %env) {
next if ($envkey!~/^user\.role\./);
my ($where,$trolecode,$role,$tstatus,$tend,$tstart);
- &role_status($envkey,$then,$now,\$role,\$where,\$trolecode,\$tstatus,\$tstart,\$tend);
+ &Apache::lonnet::role_status($envkey,$then,$refresh,$now,\$role,\$where,
+ \$trolecode,\$tstatus,\$tstart,\$tend);
if ($env{'form.'.$trolecode}) {
if ($tstatus eq 'is') {
$where=~s/^\///;
my ($cdom,$cnum,$csec)=split(/\//,$where);
+ if (($cnum) && ($role ne 'ca') && ($role ne 'aa')) {
+ my $home = $env{'course.'.$cdom.'_'.$cnum.'.home'};
+ my @ids = &Apache::lonnet::current_machine_ids();
+ unless ($loncaparev eq '' && $home && grep(/^\Q$home\E$/,@ids)) {
+ my %curr_reqd_hash = &Apache::lonnet::userenvironment($cdom,$cnum,'internal.releaserequired');
+ if ($curr_reqd_hash{'internal.releaserequired'} ne '') {
+ my ($switchserver,$switchwarning) =
+ &check_release_required($loncaparev,$cdom.'_'.$cnum,$trolecode,$curr_reqd_hash{'internal.releaserequired'});
+ if ($switchwarning ne '' || $switchserver ne '') {
+ &Apache::loncommon::content_type($r,'text/html');
+ &Apache::loncommon::no_cache($r);
+ $r->send_http_header;
+ my $end_page=&Apache::loncommon::end_page();
+ $r->print(&Apache::loncommon::start_page('Selected course unavailable on this server').
+ '
'
+ .&Apache::loncommon::end_data_table_empty_row()
+ );
}
$r->print($output);
}
@@ -962,8 +1273,63 @@ sub findcourse_advice {
} else {
$r->print(&mt('If you were expecting to see an active role listed for a particular course, that course may not have been created yet.').' ');
}
- $r->print('
'.&mt('The [_1]Course Catalog[_2] provides information about all [_3] classes for which LON-CAPA courses have been created.','','',$domdesc).' ');
- $r->print(&mt('You can search the course catalog for courses which permit self-enrollment, if you would like to enroll in a course.').'
');
+ $r->print('
'.&mt('Self-Enrollment').'
'.
+ '
'.&mt('The [_1]Course/Community Catalog[_2] provides information about all [_3] classes for which LON-CAPA courses have been created, as well as any communities in the domain.','','',$domdesc).' ');
+ $r->print(&mt('You can search for courses and communities which permit self-enrollment, if you would like to enroll in one.').'
'.
+ &Apache::loncoursequeueadmin::queued_selfenrollment());
+ return;
+}
+
+sub requestcourse_advice {
+ my ($r) = @_;
+ my $domdesc = &Apache::lonnet::domain($env{'user.domain'},'description');
+ my $esc_dom = &HTML::Entities::encode($env{'user.domain'},'"<>&');
+ my (%can_request,%request_doms);
+ &Apache::lonnet::check_can_request($env{'user.domain'},\%can_request,\%request_doms);
+ if (keys(%request_doms) > 0) {
+ my ($types,$typename) = &Apache::loncommon::course_types();
+ if ((ref($types) eq 'ARRAY') && (ref($typename) eq 'HASH')) {
+ $r->print('
'.&mt('Request creation of a course or community').'
'.
+ '
'.&mt('You have rights to request the creation of courses and/or communities in the following domain(s):').'
');
+ my (@reqdoms,@reqtypes);
+ foreach my $type (sort(keys(%request_doms))) {
+ push(@reqtypes,$type);
+ if (ref($request_doms{$type}) eq 'ARRAY') {
+ my $domstr = join(', ',map { &Apache::lonnet::domain($_) } sort(@{$request_doms{$type}}));
+ $r->print(
+ '
';
+ my $output = &Apache::loncommon::continue_data_table_row()
+ .'
'
+ .&mt('[_1]Ad hoc[_2] roles in domain [_3] --'
+ ,'','',$dcdom)
+ .' ';
my $selectcclink = &courselink($dcdom,$rowtype);
- my $ccrole = &Apache::lonnet::plaintext('cc');
+ my $ccrole = &Apache::lonnet::plaintext('co',undef,undef,1);
my $carole = &Apache::lonnet::plaintext('ca');
my $selectcalink = &coauthorlink($dcdom,$rowtype);
- $output.= ''.
- &mt('[_1]: [_2]',$ccrole,$selectcclink).
- '
'.
- &mt('[_1]: [_2]',$carole,$selectcalink).
- '
'.
- '
'."\n";
+ $output.=$ccrole.': '.$selectcclink
+ .' | '.$carole.': '.$selectcalink.''
+ .&Apache::loncommon::end_data_table_row();
return $output;
}
@@ -1363,32 +1801,6 @@ sub recent_filename {
return 'nohist_recent_'.&escape($area);
}
-sub set_privileges {
-# role can be cc or ca
- my ($dcdom,$pickedcourse,$role) = @_;
- my $area = '/'.$dcdom.'/'.$pickedcourse;
- my $spec = $role.'.'.$area;
- my %userroles = &Apache::lonnet::set_arearole($role,$area,'','',
- $env{'user.domain'},
- $env{'user.name'});
- my %ccrole = ();
- &Apache::lonnet::standard_roleprivs(\%ccrole,$role,$dcdom,$spec,$pickedcourse,$area);
- my ($author,$adv)= &Apache::lonnet::set_userprivs(\%userroles,\%ccrole);
- &Apache::lonnet::appenv(\%userroles,[$role,'cm']);
-
- &Apache::lonnet::log($env{'user.domain'},
- $env{'user.name'},
- $env{'user.home'},
- "Role ".$role);
- &Apache::lonnet::appenv(
- {'request.role' => $spec,
- 'request.role.domain' => $dcdom,
- 'request.course.sec' => ''});
- my $tadv=0;
- if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; }
- &Apache::lonnet::appenv({'request.role.adv' => $tadv});
-}
-
sub courseloadpage {
my ($courseid) = @_;
my $startpage;
@@ -1438,7 +1850,7 @@ handler determines via C's C<&al
action is not allowed, C is used as error handler. This
allows the user to select another role which may have permission to do
what they were trying to do. C can also be accessed via the
-B button in the Remote Control.
+B button in the Remote Control.
=begin latex