--- loncom/interface/loncreateuser.pm	2002/02/11 15:37:58	1.25
+++ loncom/interface/loncreateuser.pm	2002/02/11 21:25:07	1.26
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Create a user
 #
-# $Id: loncreateuser.pm,v 1.25 2002/02/11 15:37:58 matthew Exp $
+# $Id: loncreateuser.pm,v 1.26 2002/02/11 21:25:07 matthew Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -47,7 +47,7 @@
 # 11/12,11/13,11/15 Scott Harrison
 # 02/11/02 Matthew Hall
 #
-# $Id: loncreateuser.pm,v 1.25 2002/02/11 15:37:58 matthew Exp $
+# $Id: loncreateuser.pm,v 1.26 2002/02/11 21:25:07 matthew Exp $
 ###
 
 package Apache::loncreateuser;
@@ -207,7 +207,6 @@ ENDDOCUMENT
 }
 
 # =================================================================== Phase two
-
 sub phase_two {
     my $r=shift;
     my $ccuname=$ENV{'form.ccuname'};
@@ -276,13 +275,11 @@ ENDFORMINFO
         }
     }
     if ($uhome eq 'no_host') {
-	$r->print(<<ENDNUSER);
+	$r->print(<<ENDNEWUSER);
 $dochead
 <h1>Create New User</h1>
 $forminfo
 <h2>New user "$ccuname" in domain $ccdomain</h2>
-ENDNUSER
-	$r->print(<<ENDNUSER);
 $loginscript
 <input type='hidden' name='makeuser' value='1' />
 <h3>Personal Data</h3>
@@ -307,22 +304,22 @@ $authformkrb
 $authformint
 $authformfsys
 $authformloc
-ENDNUSER
+ENDNEWUSER
     } else { # user already exists
-	$r->print(<<ENDCHUSER);
+	$r->print(<<ENDCHANGEUSER);
 $dochead
 <h1>Change User Privileges</h1>
 $forminfo
 <h2>User "$ccuname" in domain $ccdomain </h2>
-ENDCHUSER
+ENDCHANGEUSER
         my $rolesdump=&Apache::lonnet::reply(
                                   "dump:$ccdomain:$ccuname:roles",$uhome);
         # Build up table of user roles to allow revocation of a role.
-        unless ($rolesdump eq 'con_lost') { 
+        unless ($rolesdump eq 'con_lost' || $rolesdump =~ m/^error/i) { 
            my $now=time;
-           $r->print('<h4>Revoke Existing Roles</h4>'.
+           $r->print('<hr /><h3>Revoke Existing Roles</h3>'.
              '<table border=2><tr><th>Revoke</th><th>Role</th><th>Extent</th>'.
-		     '<th>Start</th><th>End</th>');
+	     '<th>Start</th><th>End</th>');
 	   foreach (split(/&/,$rolesdump)) {
              if ($_!~/^rolesdef\&/) {
               my ($area,$role)=split(/=/,$_);
@@ -338,10 +335,7 @@ ENDCHUSER
                  if (&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) {
 		     $allows=1;
                  }
-		 # What follows is an odd computation.  It seems the value
-		 # of the $area variable above is used to compute the 
-		 # background color.  This makes sense, but I can't make 
-		 # heads or tail of the computation at this point..
+		 # Compute the background color based on $area
                  $bgcol=$1.'_'.$2;
                  $bgcol=~s/[^8-9b-e]//g;
                  $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6);
@@ -361,9 +355,9 @@ ENDCHUSER
                  }
 	      }
 
+              $r->print('<tr bgcolor=#"'.$bgcol.'"><td>');
               my $active=1;
               if (($role_end_time) && ($now>$role_end_time)) { $active=0; }
-              $r->print('<tr bgcolor=#"'.$bgcol.'"><td>');
               if (!($active) && ($allows)) {
 		  $r->print('<input type=checkbox name="rev:'.$thisrole.'">');
               } else {
@@ -387,16 +381,14 @@ ENDCHUSER
 	    my $krbdefdom2=$1;
 	    $loginscript=~s/vf\.krbdom\.value='.*?';/vf.krbdom.value='$krbdefdom2';/;
 	}
-	# Here is where we'll have to check against the permissions of the
-	# user attempting to modify this users data.  Only users with
-	# MAU (Modify Authentication User) permissions should be able to 
-	# make these changes.  I think a subroutine would be in order here.
+	# Check for a bad authentication type
         unless ($currentauth=~/^krb4:/ or
 		$currentauth=~/^unix:/ or
 		$currentauth=~/^internal:/ or
 		$currentauth=~/^localauth:/
-		) {
-	    $r->print(<<END);
+		) { # bad authentication scheme
+	    if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) {
+		$r->print(<<ENDBADAUTH);
 <hr />
 $loginscript
 <font color='#ff0000'>ERROR:</font>
@@ -408,14 +400,25 @@ $authformkrb
 $authformint
 $authformfsys
 $authformloc
-END
-        }
-	else {
+ENDBADAUTH
+            } else { 
+                # This user is not allowed to modify the users 
+                # authentication scheme, so just notify them of the problem
+		$r->print(<<ENDBADAUTH);
+<hr />
+$loginscript
+<font color="#ff0000"> ERROR: </font>
+This user has an unrecognized authentication scheme ($currentauth).
+Please alert a domain coordinator of this situation.
+<hr />
+ENDBADAUTH
+            }
+        } else { # Authentication type is valid
 	    my $authformcurrent='';
-	    my $authformother='';
+	    my $authform_other='';
 	    if ($currentauth=~/^krb4:/) {
 		$authformcurrent=$authformkrb;
-		$authformother=$authformint.$authformfsys.$authformloc;
+		$authform_other=$authformint.$authformfsys.$authformloc;
 		# embarrassing script hack here
 		$loginscript=~s/login\[3\]/login\[4\]/; # loc
 		$loginscript=~s/login\[2\]/login\[3\]/; # fsys
@@ -424,7 +427,7 @@ END
 	    }
 	    elsif ($currentauth=~/^internal:/) {
 		$authformcurrent=$authformint;
-		$authformother=$authformkrb.$authformfsys.$authformloc;
+		$authform_other=$authformkrb.$authformfsys.$authformloc;
 		# embarrassing script hack here
 		$loginscript=~s/login\[3\]/login\[4\]/; # loc
 		$loginscript=~s/login\[2\]/login\[3\]/; # fsys
@@ -433,7 +436,7 @@ END
 	    }
 	    elsif ($currentauth=~/^unix:/) {
 		$authformcurrent=$authformfsys;
-		$authformother=$authformkrb.$authformint.$authformloc;
+		$authform_other=$authformkrb.$authformint.$authformloc;
 		# embarrassing script hack here
 		$loginscript=~s/login\[3\]/login\[4\]/; # loc
 		$loginscript=~s/login\[1\]/login\[3\]/; # int
@@ -442,7 +445,7 @@ END
 	    }
 	    elsif ($currentauth=~/^localauth:/) {
 		$authformcurrent=$authformloc;
-		$authformother=$authformkrb.$authformint.$authformfsys;
+		$authform_other=$authformkrb.$authformint.$authformfsys;
 		# embarrassing script hack here
 		$loginscript=~s/login\[3\]/login\[loc\]/; # loc
 		$loginscript=~s/login\[2\]/login\[4\]/; # fsys
@@ -450,7 +453,7 @@ END
 		$loginscript=~s/login\[0\]/login\[2\]/; # krb4
 		$loginscript=~s/login\[loc\]/login\[1\]/; # loc
 	    }
-	    $authformcurrent=<<END;
+	    $authformcurrent=<<ENDCURRENTAUTH;
 <table border='1'>
 <tr>
 <td><font color='#ff0000'>* * * WARNING * * *</font></td>
@@ -459,8 +462,10 @@ END
 <tr><td bgcolor='#cbbcbb'>$authformcurrent</td>
 <td bgcolor='#cbbcbb'>Changing this value will overwrite existing authentication for the user; you should notify the user of this change.</td></tr>
 </table>
-END
-		$r->print(<<END);
+ENDCURRENTAUTH
+            if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) {
+		# Current user has login modification privileges
+		$r->print(<<ENDOTHERAUTHS);
 <hr />
 $loginscript
 <h3>Change Current Login Data</h3>
@@ -468,9 +473,10 @@ $generalrule
 $authformnop
 $authformcurrent
 <h3>Enter New Login Data</h3>
-$authformother
-END
-        }
+$authform_other
+ENDOTHERAUTHS
+            }
+        }  ## End of "check for bad authentication type" logic
     } ## End of new user/old user logic
     $r->print('<hr /><h3>Add Roles</h3>');
 #
@@ -529,49 +535,12 @@ ENDDROW
 #
 # Course level
 #
-    $r->print('<h4>Course Level</h4>'.
-    '<table border=2><tr><th>Activate</th><th>Role</th><th>Extent</th>'.
-    '<th>Group/Section</th><th>Start</th><th>End</th></tr>');
-    foreach (sort( keys(%inccourses))) {
-	my $thiscourse=$_;
-	my $protectedcourse=$_;
-        $thiscourse=~s:_:/:g;
-        my %coursedata=&Apache::lonnet::coursedescription($thiscourse);
-        my $area=$coursedata{'description'};
-        my $bgcol=$thiscourse;
-        $bgcol=~s/[^8-9b-e]//g;
-        $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6);
-        foreach  ('st','ta','ep','ad','in','cc') {
-            if (&Apache::lonnet::allowed('c'.$_,$thiscourse)) {
-               my $plrole=&Apache::lonnet::plaintext($_);
-               $r->print("
-<tr bgcolor=#$bgcol>
-<td><input type=checkbox name=\"act_$protectedcourse\_$_\"></td>
-<td>$plrole</td>
-<td>$area</td>
-<td>");
-	       if ($_ ne 'cc') {
-		 $r->print("<input type=text size=5 name=\"sec_$protectedcourse\_$_\">");
-	       } else { $r->print("&nbsp"); }
-	       $r->print(<<ENDROW);
-<td><input type=hidden name="start_$protectedcourse\_$_" value=''>
-<a href=
-"javascript:pjump('date_start','Start Date $plrole',document.cu.start_$protectedcourse\_$_.value,'start_$protectedcourse\_$_','cu.pres','dateset')">Set Start Date</a></td>
-<td><input type=hidden name="end_$protectedcourse\_$_" value=''>
-<a href=
-"javascript:pjump('date_end','End Date $plrole',document.cu.end_$protectedcourse\_$_.value,'end_$protectedcourse\_$_','cu.pres','dateset')">Set End Date</a></td>
-</tr>
-ENDROW
-            }
-        }
-    } 
-    $r->print('</table>');
-    $r->print('<input type=submit value="Modify User">');
-    $r->print('</form></body></html>');
+    $r->print(&course_level_table(%inccourses));
+    $r->print("<hr /><input type=submit value=\"Modify User\">\n");
+    $r->print("</form></body></html>");
 }
 
 # ================================================================= Phase Three
-
 sub phase_three {
     my $r=shift;
     $r->print(<<ENDTHREEHEAD);
@@ -755,6 +724,61 @@ sub handler {
    return OK;
 } 
 
+
+sub course_level_table {
+    my %inccourses = @_;
+    my $table = '';
+    foreach (sort( keys(%inccourses))) {
+	my $thiscourse=$_;
+	my $protectedcourse=$_;
+	$thiscourse=~s:_:/:g;
+	my %coursedata=&Apache::lonnet::coursedescription($thiscourse);
+	my $area=$coursedata{'description'};
+	my $bgcol=$thiscourse;
+	$bgcol=~s/[^8-9b-e]//g;
+	$bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6);
+	foreach  ('st','ta','ep','ad','in','cc') {
+	    if (&Apache::lonnet::allowed('c'.$_,$thiscourse)) {
+		my $plrole=&Apache::lonnet::plaintext($_);
+		$table .= <<ENDEXTENT;
+<tr bgcolor="#$bgcol">
+<td><input type="checkbox" name="act_$protectedcourse\_$_"></td>
+<td>$plrole</td>
+<td>$area</td>
+ENDEXTENT
+	        if ($_ ne 'cc') {
+		    $table .= <<ENDSECTION;
+<td><input type="text" size="5" name="sec_$protectedcourse\_$_"></td>
+ENDSECTION
+                } else { 
+		    $table .= <<ENDSECTION;
+<td>&nbsp</td> 
+ENDSECTION
+                }
+		$table .= <<ENDTIMEENTRY;
+<td><input type=hidden name="start_$protectedcourse\_$_" value=''>
+<a href=
+"javascript:pjump('date_start','Start Date $plrole',document.cu.start_$protectedcourse\_$_.value,'start_$protectedcourse\_$_','cu.pres','dateset')">Set Start Date</a></td>
+<td><input type=hidden name="end_$protectedcourse\_$_" value=''>
+<a href=
+"javascript:pjump('date_end','End Date $plrole',document.cu.end_$protectedcourse\_$_.value,'end_$protectedcourse\_$_','cu.pres','dateset')">Set End Date</a></td>
+ENDTIMEENTRY
+                $table.= "</tr>\n";
+            }
+        }
+    }
+    return '' if ($table eq ''); # return nothing if there is nothing 
+                                 # in the table
+    my $result = <<ENDTABLE;
+<h4>Course Level</h4>
+<table border=2><tr><th>Activate</th><th>Role</th><th>Extent</th>
+<th>Group/Section</th><th>Start</th><th>End</th></tr>
+$table
+</table>
+ENDTABLE
+    return $result;
+}
+
 1;
 __END__
 

Revoke	Role	Extent	Start	End	Start	End
'); my $active=1; if (($role_end_time) && ($now>$role_end_time)) { $active=0; } - $r->print('
'); if (!($active) && ($allows)) { $r->print(''); } else { @@ -387,16 +381,14 @@ ENDCHUSER my $krbdefdom2=$1; $loginscript=~s/vf\.krbdom\.value='.*?';/vf.krbdom.value='$krbdefdom2';/; } - # Here is where we'll have to check against the permissions of the - # user attempting to modify this users data. Only users with - # MAU (Modify Authentication User) permissions should be able to - # make these changes. I think a subroutine would be in order here. + # Check for a bad authentication type unless ($currentauth=~/^krb4:/ or $currentauth=~/^unix:/ or $currentauth=~/^internal:/ or $currentauth=~/^localauth:/ - ) { - $r->print(<print(< $loginscript ERROR: @@ -408,14 +400,25 @@ $authformkrb $authformint $authformfsys $authformloc -END - } - else { +ENDBADAUTH + } else { + # This user is not allowed to modify the users + # authentication scheme, so just notify them of the problem + $r->print(< +$loginscript + ERROR: +This user has an unrecognized authentication scheme ($currentauth). +Please alert a domain coordinator of this situation. + +ENDBADAUTH + } + } else { # Authentication type is valid my $authformcurrent=''; - my $authformother=''; + my $authform_other=''; if ($currentauth=~/^krb4:/) { $authformcurrent=$authformkrb; - $authformother=$authformint.$authformfsys.$authformloc; + $authform_other=$authformint.$authformfsys.$authformloc; # embarrassing script hack here $loginscript=~s/login\[3\]/login\[4\]/; # loc $loginscript=~s/login\[2\]/login\[3\]/; # fsys @@ -424,7 +427,7 @@ END } elsif ($currentauth=~/^internal:/) { $authformcurrent=$authformint; - $authformother=$authformkrb.$authformfsys.$authformloc; + $authform_other=$authformkrb.$authformfsys.$authformloc; # embarrassing script hack here $loginscript=~s/login\[3\]/login\[4\]/; # loc $loginscript=~s/login\[2\]/login\[3\]/; # fsys @@ -433,7 +436,7 @@ END } elsif ($currentauth=~/^unix:/) { $authformcurrent=$authformfsys; - $authformother=$authformkrb.$authformint.$authformloc; + $authform_other=$authformkrb.$authformint.$authformloc; # embarrassing script hack here $loginscript=~s/login\[3\]/login\[4\]/; # loc $loginscript=~s/login\[1\]/login\[3\]/; # int @@ -442,7 +445,7 @@ END } elsif ($currentauth=~/^localauth:/) { $authformcurrent=$authformloc; - $authformother=$authformkrb.$authformint.$authformfsys; + $authform_other=$authformkrb.$authformint.$authformfsys; # embarrassing script hack here $loginscript=~s/login\[3\]/login\[loc\]/; # loc $loginscript=~s/login\[2\]/login\[4\]/; # fsys @@ -450,7 +453,7 @@ END $loginscript=~s/login\[0\]/login\[2\]/; # krb4 $loginscript=~s/login\[loc\]/login\[1\]/; # loc } - $authformcurrent=<
* * * WARNING * * *
$authformcurrent	Changing this value will overwrite existing authentication for the user; you should notify the user of this change.