--- loncom/auth/lonroles.pm 2000/07/25 15:40:11 1.4
+++ loncom/auth/lonroles.pm 2021/11/19 19:19:35 1.356
@@ -1,184 +1,3549 @@
# The LearningOnline Network with CAPA
# User Roles Screen
-# (Directory Indexer
-# (Login Screen
-# 5/21/99,5/22,5/25,5/26,5/31,6/2,6/10,7/12,7/14 Gerd Kortemeyer)
-# 11/23 Gerd Kortemeyer)
-# 1/14,03/06,06/01,07/22,07/24,07/25 Gerd Kortemeyer
#
+# $Id: lonroles.pm,v 1.356 2021/11/19 19:19:35 raeburn Exp $
+#
+# Copyright Michigan State University Board of Trustees
+#
+# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
+#
+# LON-CAPA is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# LON-CAPA is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with LON-CAPA; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# /home/httpd/html/adm/gpl.txt
+#
+# http://www.lon-capa.org/
+#
+###
+
+=pod
+
+=head1 NAME
+
+Apache::lonroles - User Roles Screen
+
+=head1 SYNOPSIS
+
+Invoked by /etc/httpd/conf/srm.conf:
+
+
+ PerlAccessHandler Apache::lonacc
+ SetHandler perl-script
+ PerlHandler Apache::lonroles
+ ErrorDocument 403 /adm/login
+ ErrorDocument 500 /adm/errorhandler
+
+
+=head1 OVERVIEW
+
+=head2 Choosing Roles
+
+C is a handler that allows a user to switch roles in
+mid-session. LON-CAPA attempts to work with "No Role Specified", the
+default role that a user has before selecting a role, as widely as
+possible, but certain handlers for example need specification which
+course they should act on, etc. Both in this scenario, and when the
+handler determines via C's C<&allowed> function that a certain
+action is not allowed, C is used as error handler. This
+allows the user to select another role which may have permission to do
+what they were trying to do.
+
+=begin latex
+
+\begin{figure}
+\begin{center}
+\includegraphics[width=0.45\paperwidth,keepaspectratio]{Sample_Roles_Screen}
+ \caption{\label{Sample_Roles_Screen}Sample Roles Screen}
+\end{center}
+\end{figure}
+
+=end latex
+
+=head2 Role Initialization
+
+The privileges for a user are established at login time and stored in the session environment. As a consequence, a new role does not become active till the next login. Handlers are able to query for privileges using C's C<&allowed> function. When a user first logs in, their role is the "common" role, which means that they have the sum of all of their privileges. During a session it might become necessary to choose a particular role, which as a consequence also limits the user to only the privileges in that particular role.
+
+=head1 INTRODUCTION
+
+This module enables a user to select what role he wishes to
+operate under (instructor, student, teaching assistant, course
+coordinator, etc). These roles are pre-established by the actions
+of upper-level users.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+
+=head1 HANDLER SUBROUTINE
+
+This routine is called by Apache and mod_perl.
+
+=over 4
+
+=item *
+
+Roles Initialization (yes/no)
+
+=item *
+
+Get Error Message from Environment
+
+=item *
+
+Who is this?
+
+=item *
+
+Generate Page Output
+
+=item *
+
+Choice or no choice
+
+=item *
+
+Table
+
+=item *
+
+Privileges
+
+=back
+
+=cut
+
+
package Apache::lonroles;
use strict;
-use Apache::lonnet();
-use Apache::Constants qw(:common);
+use Apache::lonnet;
+use Apache::lonuserstate();
+use Apache::Constants qw(:common REDIRECT);
use Apache::File();
+use Apache::lonmenu;
+use Apache::loncommon;
+use Apache::lonhtmlcommon;
+use Apache::lonannounce;
+use Apache::lonlocal;
+use Apache::lonpageflip();
+use Apache::lonnavdisplay();
+use Apache::loncoursequeueadmin;
+use Apache::longroup;
+use Apache::lonrss;
+use Apache::lonplacementtest;
+use GDBM_File;
+use LONCAPA qw(:DEFAULT :match);
+use HTML::Entities;
+
+my $registered_cleanup;
+my $rosterupdates;
+
+sub start_loading_course {
+ my ($r,$title) = @_;
+ &Apache::loncommon::content_type($r,'text/html');
+ &Apache::loncommon::no_cache($r);
+ $r->send_http_header;
+ my $swinfo=&Apache::lonmenu::rawconfig();
+ # Breadcrumbs
+ my $brcrum = [{'href' => '',
+ 'text' => $title},];
+ my $start_page = &Apache::loncommon::start_page($title,undef,
+ {'bread_crumbs' => $brcrum,
+ 'bread_crumbs_nomenu' => 1,
+ 'links_disabled' => 1});
+ $r->print(<
+//
+
+ENDREDIR
+ return;
+}
+
+sub finish_loading_course {
+ my ($r,$msg,$url) = @_;
+ my $link = '
";
+ }
+ my $end_page = &Apache::loncommon::end_page();
+
+# Note to style police:
+# This must only replace the spaces, nothing else, or it bombs elsewhere.
+ $url=~s/ /\%20/g;
+ $r->print(< 'Problems during Course Initialization',
+ tfp => 'The following problems occurred:',
+ con => 'Continue',
+ );
+ my $end_page = &Apache::loncommon::end_page();
+ $dest = &HTML::Entities::encode($dest,'"<>&');
+ $r->print(<$lt{'pdc'}
+
$lt{'tfp'}
+
+$error
+
$lt{'con'}
+$end_page
+END
+ return;
+}
sub handler {
+
my $r = shift;
- $r->content_type('text/html');
+
+ # Check for critical messages and redirect if present.
+ my ($redirect,$url) = &Apache::loncommon::critical_redirect(300,'roles');
+ if ($redirect) {
+ &Apache::loncommon::content_type($r,'text/html');
+ $r->header_out(Location => $url);
+ return REDIRECT;
+ }
+
+ my $now=time;
+ my $then=$env{'user.login.time'};
+ my $refresh=$env{'user.refresh.time'};
+ my $update=$env{'user.update.time'};
+ if (!$refresh) {
+ $refresh = $then;
+ }
+ if (!$update) {
+ $update = $then;
+ }
+
+ my $norolelist;
+ if (($env{'request.course.id'}) && ($env{'request.deeplink.login'})) {
+ my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+ my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ my $crstype = $env{'course.'.$env{'request.course.id'}.'.type'};
+ my $deeplink_symb = &Apache::loncommon::deeplink_login_symb($cnum,$cdom);
+ if ($deeplink_symb) {
+ my ($menucoll,$deeplinkmenu,$menuref) = &Apache::loncommon::menucoll_in_effect();
+ if (ref($menuref) eq 'HASH') {
+ unless (($menuref->{'role'}) || ($env{'request.role.adv'})) {
+ foreach my $envkey (keys(%env)) {
+ next unless ($envkey =~ /^form\./);
+ if ($envkey =~ m{\./($match_domain)/($match_courseid)(?:/(\w+)|$)}) {
+ unless (($1 eq $cdom) && ($2 eq $cnum)) {
+ delete($env{$envkey});
+ }
+ }
+ }
+ if ($env{'form.selectrole'}) {
+ if ($env{'form.switchrole'} =~ m{\./($match_domain)/($match_courseid)(?:/(\w+)|$)}) {
+ unless (($1 eq $cdom) && ($2 eq $cnum)) {
+ delete($env{'form.selectrole'});
+ delete($env{'form.switchrole'});
+ }
+ } elsif ($env{'form.newrole'} =~ m{\./($match_domain)/($match_courseid)(?:/(\w+)|$)}) {
+ unless (($1 eq $cdom) && ($2 eq $cnum)) {
+ delete($env{'form.selectrole'});
+ delete($env{'form.newrole'});
+ }
+ }
+ }
+ $norolelist = 1;
+ }
+ }
+ }
+ }
+
+ $registered_cleanup=0;
+ @{$rosterupdates}=();
+ &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'});
+
+# -------------------------------------------------- Check if setting hot list
+ my $hotlist;
+ if ($env{'form.action'} eq 'verify_and_change_rolespref') {
+ $hotlist = &Apache::lonpreferences::verify_and_change_rolespref($r);
+ }
+
+# -------------------------------------------------------- Check for new roles
+ my $updateresult;
+ if ($env{'form.state'} eq 'doupdate') {
+ my $show_course=&Apache::loncommon::show_course();
+ my $checkingtxt;
+ if ($show_course) {
+ $checkingtxt = &mt('Checking for new courses ...');
+ } else {
+ $checkingtxt = &mt('Checking for new roles ...');
+ }
+ $updateresult = $checkingtxt;
+ $updateresult .= &update_session_roles();
+ &Apache::lonnet::appenv({'user.update.time' => $now});
+ $update = $now;
+ &Apache::loncoursequeueadmin::reqauthor_check();
+ }
+
+# -------------------------------------------------- Check for author requests
+ my $reqauthor;
+ if ($env{'form.state'} eq 'requestauthor') {
+ $reqauthor = &Apache::loncoursequeueadmin::process_reqauthor(\$update);
+ }
+
+ my $envkey;
+ my %dcroles = ();
+ my %helpdeskroles = ();
+ my ($numdc,$numhelpdesk,$numadhoc) =
+ &check_for_adhoc(\%dcroles,\%helpdeskroles,$update,$then);
+ my $loncaparev = $r->dir_config('lonVersion');
+
+# ================================================================== Roles Init
+ if ($env{'form.selectrole'}) {
+ if (($env{'request.lti.login'}) && ($env{'request.lti.target'} eq '')) {
+ if ($env{'form.ltitarget'} eq 'iframe') {
+ &Apache::lonnet::appenv({'request.lti.target' => 'iframe'});
+ delete($env{'form.ltitarget'});
+ }
+ }
+
+ my $locknum=&Apache::lonnet::get_locks();
+ if ($locknum) { return 409; }
+
+ my $custom_adhoc;
+ if ($env{'form.newrole'}) {
+ $env{'form.'.$env{'form.newrole'}}=1;
+# Check if this is a Domain Helpdesk or Domain Helpdesk Assistant role trying to enter a course
+ if ($env{'form.newrole'} =~ m{^cr/($match_domain)/\1\-domainconfig/\w+\./\1/$match_courseid$}) {
+ if ($helpdeskroles{$1}) {
+ $custom_adhoc = 1;
+ }
+ }
+ }
+ if ($env{'request.course.id'}) {
+ # Check if user is CC trying to select a course role
+ if ($env{'form.switchrole'}) {
+ my $switch_is_active;
+ if (defined($env{'user.role.'.$env{'form.switchrole'}})) {
+ my ($start,$end) = split(/\./,$env{'user.role.'.$env{'form.switchrole'}});
+ if (!$end || $end > $now) {
+ if (!$start || $start < $update) {
+ $switch_is_active = 1;
+ }
+ }
+ }
+ unless ($switch_is_active) {
+ &adhoc_course_role($refresh,$update,$then);
+ }
+ }
+ my %temp=('logout_'.$env{'request.course.id'} => time);
+ &Apache::lonnet::put('email_status',\%temp);
+ &Apache::lonnet::delenv('user.state.'.$env{'request.course.id'});
+ }
+ &Apache::lonnet::appenv({"request.course.id" => '',
+ "request.course.fn" => '',
+ "request.course.uri" => '',
+ "request.course.sec" => '',
+ "request.course.tied" => '',
+ "request.course.timechecked" => '',
+ "request.role" => 'cm',
+ "request.role.adv" => $env{'user.adv'},
+ "request.role.domain" => $env{'user.domain'}});
+# Check if Domain Helpdesk role trying to enter a course needs privs to be created
+ if ($env{'form.newrole'} =~ m{^cr/($match_domain)/\1\-domainconfig/(\w+)\./\1/($match_courseid)(?:/(\w+)|$)}) {
+ my $cdom = $1;
+ my $rolename = $2;
+ my $cnum = $3;
+ my $sec = $4;
+ if ($custom_adhoc) {
+ my ($possroles,$description) = &Apache::lonnet::get_my_adhocroles($cdom.'_'.$cnum,1);
+ if (ref($possroles) eq 'ARRAY') {
+ if (grep(/^\Q$rolename\E$/,@{$possroles})) {
+ if (&Apache::lonnet::check_adhoc_privs($cdom,$cnum,$update,$refresh,$now,
+ "cr/$cdom/$cdom".'-domainconfig/'.$rolename,undef,$sec)) {
+ &Apache::lonnet::appenv({"environment.internal.$cdom.$cnum.cr/$cdom/$cdom".'-domainconfig/'."$rolename.adhoc" => time});
+ }
+ }
+ }
+ }
+ } elsif (($numdc > 0) || ($numhelpdesk > 0)) {
+# Check if user is a DC trying to enter a course or author space and needs privs to be created
+# Check if user is a DH or DA trying to enter a course and needs privs to be created
+ foreach my $envkey (keys(%env)) {
+# Is this an ad-hoc Coordinator role?
+ if ($numdc) {
+ if (my ($ccrole,$domain,$coursenum) =
+ ($envkey =~ m-^form\.(cc|co)\./($match_domain)/($match_courseid)$-)) {
+ if ($dcroles{$domain}) {
+ if (&Apache::lonnet::check_adhoc_privs($domain,$coursenum,
+ $update,$refresh,$now,$ccrole)) {
+ &Apache::lonnet::appenv({"environment.internal.$domain.$coursenum.$ccrole.adhoc" => time});
+ }
+ }
+ last;
+ }
+# Is this an ad-hoc CA-role?
+ if (my ($domain,$user) =
+ ($envkey =~ m-^form\.ca\./($match_domain)/($match_username)$-)) {
+ if (($domain eq $env{'user.domain'}) && ($user eq $env{'user.name'})) {
+ delete($env{$envkey});
+ $env{'form.au./'.$domain.'/'} = 1;
+ my ($server_status,$home) = &check_author_homeserver($user,$domain);
+ if ($server_status eq 'switchserver') {
+ my $trolecode = 'au./'.$domain.'/';
+ my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
+ $r->internal_redirect($switchserver);
+ return OK;
+ }
+ last;
+ }
+ if (my ($castart,$caend) = ($env{'user.role.ca./'.$domain.'/'.$user} =~ /^(\d*)\.(\d*)$/)) {
+ if (((($castart) && ($castart < $now)) || !$castart) &&
+ ((!$caend) || (($caend) && ($caend > $now)))) {
+ my ($server_status,$home) = &check_author_homeserver($user,$domain);
+ if ($server_status eq 'switchserver') {
+ my $trolecode = 'ca./'.$domain.'/'.$user;
+ my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
+ $r->internal_redirect($switchserver);
+ return OK;
+ }
+ last;
+ }
+ }
+ # Check if author blocked ca-access
+ my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],$domain,$user);
+ if ($blocked{'domcoord.author'} eq 'blocked') {
+ delete($env{$envkey});
+ $env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access';
+ last;
+ }
+ if ($dcroles{$domain}) {
+ my ($server_status,$home) = &check_author_homeserver($user,$domain);
+ if (($server_status eq 'ok') || ($server_status eq 'switchserver')) {
+ &Apache::lonnet::check_adhoc_privs($domain,$user,$update,
+ $refresh,$now,'ca');
+ if ($server_status eq 'switchserver') {
+ my $trolecode = 'ca./'.$domain.'/'.$user;
+ my $switchserver = '/adm/switchserver?'
+ .'otherserver='.$home.'&role='.$trolecode;
+ $r->internal_redirect($switchserver);
+ return OK;
+ }
+ } else {
+ delete($env{$envkey});
+ }
+ } else {
+ delete($env{$envkey});
+ }
+ last;
+ }
+ }
+ if ($numhelpdesk) {
+# Is this an ad hoc custom role in a course/community?
+ if (my ($domain,$rolename,$coursenum,$sec) = ($envkey =~ m{^form\.cr/($match_domain)/\1\-domainconfig/(\w+)\./\1/($match_courseid)(?:/(\w+)|$)})) {
+ if ($helpdeskroles{$domain}) {
+ my ($possroles,$description) = &Apache::lonnet::get_my_adhocroles($domain.'_'.$coursenum,1);
+ if (ref($possroles) eq 'ARRAY') {
+ if (grep(/^\Q$rolename\E$/,@{$possroles})) {
+ if (&Apache::lonnet::check_adhoc_privs($domain,$coursenum,$update,$refresh,$now,
+ "cr/$domain/$domain".'-domainconfig/'.$rolename,
+ undef,$sec)) {
+ &Apache::lonnet::appenv({"environment.internal.$domain.$coursenum.cr/$domain/$domain".
+ '-domainconfig/'."$rolename.adhoc" => time});
+ }
+ } else {
+ delete($env{$envkey});
+ }
+ } else {
+ delete($env{$envkey});
+ }
+ } else {
+ delete($env{$envkey});
+ }
+ last;
+ }
+ }
+ }
+ }
+ foreach $envkey (keys(%env)) {
+ next if ($envkey!~/^user\.role\./);
+ my ($where,$trolecode,$role,$tstatus,$tend,$tstart);
+ &Apache::lonnet::role_status($envkey,$update,$refresh,$now,\$role,\$where,
+ \$trolecode,\$tstatus,\$tstart,\$tend);
+ if ($env{'form.'.$trolecode}) {
+ if ($tstatus eq 'is') {
+ $where=~s/^\///;
+ my ($cdom,$cnum,$csec)=split(/\//,$where);
+ if (($cnum) && ($role ne 'ca') && ($role ne 'aa')) {
+ my $home = $env{'course.'.$cdom.'_'.$cnum.'.home'};
+ my @ids = &Apache::lonnet::current_machine_ids();
+ unless ($loncaparev eq '' && $home && grep(/^\Q$home\E$/,@ids)) {
+ my %curr_reqd_hash = &Apache::lonnet::userenvironment($cdom,$cnum,'internal.releaserequired');
+ if ($curr_reqd_hash{'internal.releaserequired'} ne '') {
+ my ($switchserver,$switchwarning) =
+ &Apache::loncommon::check_release_required($loncaparev,$cdom.'_'.$cnum,$trolecode,
+ $curr_reqd_hash{'internal.releaserequired'});
+ if ($switchwarning ne '' || $switchserver ne '') {
+ &Apache::loncommon::content_type($r,'text/html');
+ &Apache::loncommon::no_cache($r);
+ $r->send_http_header;
+ $r->print(&Apache::loncommon::check_release_result($switchwarning,$switchserver));
+ return OK;
+ }
+ }
+ }
+ }
+# check for course groups
+ my %coursegroups = &Apache::lonnet::get_active_groups(
+ $env{'user.domain'},$env{'user.name'},$cdom, $cnum);
+ my $cgrps = join(':',keys(%coursegroups));
+
+# store role if recent_role list being kept
+ if ($env{'environment.recentroles'}) {
+ my %frozen_roles =
+ &Apache::lonhtmlcommon::get_recent_frozen('roles',$env{'environment.recentrolesn'});
+ &Apache::lonhtmlcommon::store_recent('roles',
+ $trolecode,' ',$frozen_roles{$trolecode});
+ }
+
+
+# check for keyed access
+ if (($role eq 'st') &&
+ ($env{'course.'.$cdom.'_'.$cnum.'.keyaccess'} eq 'yes')) {
+# who is key authority?
+ my $authdom=$cdom;
+ my $authnum=$cnum;
+ if ($env{'course.'.$cdom.'_'.$cnum.'.keyauth'}) {
+ ($authnum,$authdom)=
+ split(/:/,$env{'course.'.$cdom.'_'.$cnum.'.keyauth'});
+ }
+# check with key authority
+ unless (&Apache::lonnet::validate_access_key(
+ $env{'environment.key.'.$cdom.'_'.$cnum},
+ $authdom,$authnum)) {
+# there is no valid key
+ if ($env{'form.newkey'}) {
+# student attempts to register a new key
+ &Apache::loncommon::content_type($r,'text/html');
+ &Apache::loncommon::no_cache($r);
+ $r->send_http_header;
+ my $swinfo=&Apache::lonmenu::rawconfig();
+ my $start_page=&Apache::loncommon::start_page
+ ('Verifying Access Key to Unlock this Course');
+ my $end_page=&Apache::loncommon::end_page();
+ my $buttontext=&mt('Enter Course');
+ my $message=&mt('Successfully registered key');
+ my $ip = &Apache::lonnet::get_requestor_ip();
+ my $assignresult=
+ &Apache::lonnet::assign_access_key(
+ $env{'form.newkey'},
+ $authdom,$authnum,
+ $cdom,$cnum,
+ $env{'user.domain'},
+ $env{'user.name'},
+ &mt('Assigned from [_1] at [_2] for [_3]'
+ ,$ip
+ ,&Apache::lonlocal::locallocaltime()
+ ,$trolecode)
+ );
+ unless ($assignresult eq 'ok') {
+ $assignresult=~s/^error\:\s*//;
+ $message=&mt($assignresult).
+ ' '.
+ &mt('Logout').'';
+ $buttontext=&mt('Re-Enter Key');
+ }
+ $r->print(<
+//
+
+
+$end_page
+ENDENTEREDKEY
+ return OK;
+ } else {
+# print form to enter a new key
+ &Apache::loncommon::content_type($r,'text/html');
+ &Apache::loncommon::no_cache($r);
+ $r->send_http_header;
+ my $swinfo=&Apache::lonmenu::rawconfig();
+ my $start_page=&Apache::loncommon::start_page
+ ('Enter Access Key to Unlock this Course');
+ my $end_page=&Apache::loncommon::end_page();
+ $r->print(<
+//
+
+
+$end_page
+ENDENTERKEY
+ return OK;
+ }
+ }
+ }
+ &Apache::lonnet::log($env{'user.domain'},
+ $env{'user.name'},
+ $env{'user.home'},
+ "Role ".$trolecode);
+
+ &Apache::lonnet::appenv(
+ {'request.role' => $trolecode,
+ 'request.role.domain' => $cdom,
+ 'request.course.sec' => $csec,
+ 'request.course.groups' => $cgrps});
+ my $tadv=0;
+
+ if (($cnum) && ($role ne 'ca') && ($role ne 'aa')) {
+ if ($role =~ m{^\Qcr/$cdom/$cdom\E\-domainconfig/(\w+)$}) {
+ my $rolename = $1;
+ my %domdef = &Apache::lonnet::get_domain_defaults($cdom);
+ if (ref($domdef{'adhocroles'}) eq 'HASH') {
+ if (ref($domdef{'adhocroles'}{$rolename}) eq 'HASH') {
+ &Apache::lonnet::appenv({'request.role.desc' => $domdef{'adhocroles'}{$rolename}{'desc'}});
+ }
+ }
+ }
+ my $crstype = &Apache::loncommon::course_type($cdom.'_'.$cnum);
+ $crstype = lc($crstype);
+ my $preamble = '
'.
+ ' '.
+ &mt("Please be patient while your $crstype loads").
+ '
'.
+ '';
+ my $closure = <
+//
+
+ENDCLOSE
+ my $title = &mt("Loading $crstype");
+ &start_loading_course($r,$title);
+ my %prog_state = &Apache::lonhtmlcommon::Create_PrgWin($r,undef,$preamble);
+ &Apache::lonhtmlcommon::Update_PrgWin($r,\%prog_state,&mt('Loading ...'));
+ $r->rflush();
+ my ($msg,$blockcrit,$critmsg_check);
+ $critmsg_check = 1;
+ $blockcrit = &Apache::loncommon::blocking_status('alert',$cnum,$cdom,undef,1);
+ if ($blockcrit) {
+ my $checkrole = "cm./$cdom/$cnum";
+ if ($csec ne '') {
+ $checkrole .= "/$csec";
+ }
+ unless ((&Apache::lonnet::allowed('evb',undef,undef,$checkrole)) &&
+ ($trolecode !~ m{^st\./$cdom/$cnum})) {
+ $critmsg_check = 0;
+ }
+ }
+ my ($furl,$ferr)=
+ &Apache::lonuserstate::readmap($cdom.'/'.$cnum,$critmsg_check);
+ &Apache::lonhtmlcommon::Update_PrgWin($r,\%prog_state,&mt('Finished!'));
+ &Apache::lonhtmlcommon::Close_PrgWin($r,\%prog_state);
+ $r->print($closure);
+ $r->rflush();
+ if ($ferr) {
+ $furl = '/adm/roles?tryagain=1';
+ } else {
+ &Apache::lonnet::appenv({'request.course.timechecked'=>$now});
+ unless (($env{'form.switchrole'}) ||
+ ($env{"environment.internal.$cdom.$cnum.$role.adhoc"})) {
+ &Apache::lonnet::put('nohist_crslastlogin',
+ {$env{'user.name'}.':'.$env{'user.domain'}.
+ ':'.$csec.':'.$role => $now},$cdom,$cnum);
+ }
+ if (($env{"environment.internal.$cdom.$cnum.$role.adhoc"}) &&
+ (&Apache::lonnet::allowed('vxc',$cdom.'_'.$cnum))) {
+ my $owner = $env{'course.'.$cdom.'_'.$cnum.'.internal.courseowner'};
+ my @coowners = split(/,/,$env{'course.'.$env{'request.course.id'}.'.internal.co-owners'});
+ my %auaccess;
+ foreach my $user ($owner,@coowners) {
+ my ($cpname,$cpdom) = split(/:/,$user);
+ my %auroles = &Apache::lonnet::get_my_roles($cpname,$cpdom,'userroles',undef,['au','ca','aa'],[$cdom]);
+ foreach my $key (keys(%auroles)) {
+ my ($auname,$audom,$aurole) = split(/:/,$key);
+ if ($aurole eq 'au') {
+ $auaccess{$cpname} = 1;
+ } else {
+ $auaccess{$auname} = 1;
+ }
+ }
+ }
+ &Apache::lonnet::appenv({'request.course.adhocsrcaccess' => join(',',sort(keys(%auaccess))) });
+ }
+ my ($feeds,$syllabus_time);
+ &Apache::lonrss::advertisefeeds($cnum,$cdom,undef,\$feeds);
+ &Apache::lonnet::appenv({'request.course.feeds' => $feeds});
+ &Apache::lonnet::get_numsuppfiles($cnum,$cdom,1);
+ unless ($env{'course.'.$cdom.'_'.$cnum.'.updatedsyllabus'}) {
+ unless (($env{'course.'.$cdom.'_'.$cnum.'.externalsyllabus'}) ||
+ ($env{'course.'.$cdom.'_'.$cnum.'.uploadedsyllabus'})) {
+ my %syllabus=&Apache::lonnet::dump('syllabus',$cdom,$cnum);
+ $syllabus_time = $syllabus{'uploaded.lastmodified'};
+ if ($syllabus_time) {
+ &Apache::lonnet::appenv({'request.course.syllabustime' => $syllabus_time});
+ }
+ }
+ }
+ }
+ if (($env{'form.orgurl'}) &&
+ ($env{'form.orgurl'}!~/^\/adm\/flip/) &&
+ ($env{'form.orgurl'} ne '/adm/roles')) {
+ my $dest=$env{'form.orgurl'};
+ if ($env{'form.symb'}) {
+ if ($dest =~ /\?/) {
+ $dest .= '&';
+ } else {
+ $dest .= '?';
+ }
+ $dest .= 'symb='.$env{'form.symb'};
+ }
+ if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; }
+ &Apache::lonnet::appenv({'request.role.adv'=>$tadv});
+ if ($ferr) {
+ if ($env{'form.orgurl'}) {
+ $furl .= '&orgurl='.&HTML::Entities::encode($env{'form.orgurl'},'<>&"');
+ }
+ if ($env{'form.symb'}) {
+ $furl .= '&symb='.&HTML::Entities::encode($env{'form.symb'},'<>&"');
+ }
+ }
+ if (($ferr) && ($tadv)) {
+ &error_page($r,$ferr,$furl);
+ } else {
+ if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
+ if (($env{'form.orgurl'} ne '') && ($env{'form.symb'} ne '')) {
+ unless (&Apache::lonnet::symbverify($env{'form.symb'},$env{'form.orgurl'})) {
+ $dest=$env{'form.orgurl'};
+ }
+ }
+ }
+ if ($dest =~ m{^/adm/coursedocs\?folderpath}) {
+ if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
+ my $chome = &Apache::lonnet::homeserver($cnum,$cdom);
+ &Apache::loncommon::update_content_constraints($cdom,$cnum,$chome,
+ $cdom.'_'.$cnum);
+ }
+ }
+ if ($ferr) {
+ if (!$env{'request.course.id'}) {
+ &Apache::lonnet::appenv(
+ {"request.course.id" => $cdom.'_'.$cnum});
+ $r->print('
'.
+ &mt('Could not initialize [_1] at this time.',
+ $env{'course.'.$cdom.'_'.$cnum.'.description'}).
+ '
'.
+ &Apache::loncommon::end_page());
+ }
+ } else {
+ if (($env{'request.lti.login'}) &&
+ ($env{'request.lti.rosterid'} || $env{'request.lti.passbackid'})) {
+ &process_lti($r,$cdom,$cnum);
+ }
+ # Check to see if the user is a CC entering a course
+ # for the first time
+ if ((($role eq 'cc') || ($role eq 'co'))
+ && ($env{'course.'.$cdom.'_'.$cnum.'.course.helper.not.run'})) {
+ $furl = "/adm/helper/course.initialization.helper";
+ # Send the user to the course they selected
+ } elsif ($env{'request.course.id'}) {
+ if ((&Apache::loncommon::course_type() eq 'Placement') &&
+ (!$env{'request.role.adv'})) {
+ my ($score,$incomplete) =
+ &Apache::lonplacementtest::check_completion(undef,undef,1);
+ if (($incomplete) && ($incomplete < 100)) {
+ $msg = '
");
+ if ($priv ne '') {
+ $r->print(&mt('Access : ').&Apache::lonnet::plaintext($priv)."\n");
+ }
+ if ($fn ne '') {
+ $r->print(&mt('Resource: ').&Apache::lonenc::check_encrypt($fn)."\n");
+ }
+ if ($msg ne '') {
+ $r->print(&mt('Action : ').$msg."\n");
+ }
+ $r->print("
");
+ my $url=$fn;
+ my $last;
+ if (tie(my %hash,'GDBM_File',$env{'request.course.fn'}.'_symb.db',
+ &GDBM_READER(),0640)) {
+ $last=$hash{'last_known'};
+ untie(%hash);
+ }
+ if ($last) { $fn.='?symb='.&escape($last); }
+
+ &Apache::londocs::changewarning($r,undef,'You have modified your course recently, [_1] may fix this access problem.',
+ &Apache::lonenc::check_encrypt($fn));
} else {
- $r->print("
LON-CAPA User Roles
");
+ if ($env{'user.error.msg'}) {
+ if ($reinit) {
+ $r->print(
+ '
'.
+ &mt('As your session file for the course or community has expired, you will need to re-select it.').'
');
+ } else {
+ $r->print(
+ '
'.
+ &mt('You need to choose another user role or enter a specific course or community for this function.').
+ '
');
+ }
+ }
}
-
- my $now=time;
- my $then=$ENV{'user.login.time'};
-
if ($nochoose) {
- $r->print("
Assigned User Roles
\n");
+ $r->print("
".&mt('Sorry ...')."
\n".
+ &mt('This action is currently not authorized.').'');
+ if ($error && $norolelist) {
+ $r->print('
'.
+ &mt('As your session was launched from a web page external to LON-CAPA some course content may be unavailable, including the resource you were trying to access.').
+ '
'.
+ '
'.
+ &mt('You may need to login to LON-CAPA directly, or re-launch from a different external system.').
+ '