--- loncom/interface/loncreateuser.pm 2002/02/11 15:37:58 1.25
+++ loncom/interface/loncreateuser.pm 2012/11/30 15:09:17 1.367
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Create a user
#
-# $Id: loncreateuser.pm,v 1.25 2002/02/11 15:37:58 matthew Exp $
+# $Id: loncreateuser.pm,v 1.367 2012/11/30 15:09:17 goltermann Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -25,736 +25,6932 @@
#
# http://www.lon-capa.org/
#
-# (Create a course
-# (My Desk
-#
-# (Internal Server Error Handler
-#
-# (Login Screen
-# 5/21/99,5/22,5/25,5/26,5/31,6/2,6/10,7/12,7/14,
-# 1/14/00,5/29,5/30,6/1,6/29,7/1,11/9 Gerd Kortemeyer)
-#
-# YEAR=2001
-# 3/1/1 Gerd Kortemeyer)
-#
-# 3/1 Gerd Kortemeyer)
-#
-# 2/14 Gerd Kortemeyer)
-#
-# 2/14,2/17,2/19,2/20,2/21,2/22,2/23,3/2,3/17,3/24,04/12 Gerd Kortemeyer
-# April Guy Albertelli
-# 05/10,10/16 Gerd Kortemeyer
-# 11/12,11/13,11/15 Scott Harrison
-# 02/11/02 Matthew Hall
-#
-# $Id: loncreateuser.pm,v 1.25 2002/02/11 15:37:58 matthew Exp $
###
package Apache::loncreateuser;
+=pod
+
+=head1 NAME
+
+Apache::loncreateuser.pm
+
+=head1 SYNOPSIS
+
+ Handler to create users and custom roles
+
+ Provides an Apache handler for creating users,
+ editing their login parameters, roles, and removing roles, and
+ also creating and assigning custom roles.
+
+=head1 OVERVIEW
+
+=head2 Custom Roles
+
+In LON-CAPA, roles are actually collections of privileges. "Teaching
+Assistant", "Course Coordinator", and other such roles are really just
+collection of privileges that are useful in many circumstances.
+
+Custom roles can be defined by a Domain Coordinator, Course Coordinator
+or Community Coordinator via the Manage User functionality.
+The custom role editor screen will show all privileges which can be
+assigned to users. For a complete list of privileges, please see
+C.
+
+Custom role definitions are stored in the C file of the creator
+of the role.
+
+=cut
+
use strict;
use Apache::Constants qw(:common :http);
use Apache::lonnet;
+use Apache::loncommon;
+use Apache::lonlocal;
+use Apache::longroup;
+use Apache::lonuserutils;
+use Apache::loncoursequeueadmin;
+use LONCAPA qw(:DEFAULT :match);
my $loginscript; # piece of javascript used in two separate instances
-my $generalrule;
my $authformnop;
my $authformkrb;
my $authformint;
my $authformfsys;
my $authformloc;
-BEGIN {
- $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/;
- my $krbdefdom=$1;
- $krbdefdom=~tr/a-z/A-Z/;
- $authformnop=(<
-
-Do not change login data
-
-END
- $authformkrb=(<
-
-Kerberos authenticated with domain
-
-
-END
- $authformint=(<
-
-Internally authenticated (with initial password
-)
-
-END
- $authformfsys=(<
-
-Filesystem authenticated (with initial password
-)
-
-END
- $authformloc=(<
-
-Local Authentication with argument
-
-
-END
- $loginscript=(<
-function setkrb(vf) {
- if (vf.krbdom.value!='') {
- vf.login[0].checked=true;
- vf.krbdom.value=vf.krbdom.value.toUpperCase();
- vf.intpwd.value='';
- vf.fsyspwd.value='';
- vf.locarg.value='';
- }
-}
-
-function setint(vf) {
- if (vf.intpwd.value!='') {
- vf.login[1].checked=true;
- vf.krbdom.value='';
- vf.fsyspwd.value='';
- vf.locarg.value='';
- }
-}
-
-function setfsys(vf) {
- if (vf.fsyspwd.value!='') {
- vf.login[2].checked=true;
- vf.krbdom.value='';
- vf.intpwd.value='';
- vf.locarg.value='';
- }
-}
-
-function setloc(vf) {
- if (vf.locarg.value!='') {
- vf.login[3].checked=true;
- vf.krbdom.value='';
- vf.intpwd.value='';
- vf.fsyspwd.value='';
- }
-}
-
-function clicknop(vf) {
- vf.krbdom.value='';
- vf.intpwd.value='';
- vf.fsyspwd.value='';
- vf.locarg.value='';
-}
-
-function clickkrb(vf) {
- vf.krbdom.value='$krbdefdom';
- vf.intpwd.value='';
- vf.fsyspwd.value='';
- vf.locarg.value='';
-}
-
-function clickint(vf) {
- vf.krbdom.value='';
- vf.fsyspwd.value='';
- vf.locarg.value='';
-}
-
-function clickfsys(vf) {
- vf.krbdom.value='';
- vf.intpwd.value='';
- vf.locarg.value='';
-}
-
-function clickloc(vf) {
- vf.krbdom.value='';
- vf.intpwd.value='';
- vf.fsyspwd.value='';
+sub initialize_authen_forms {
+ my ($dom,$formname,$curr_authtype,$mode) = @_;
+ my ($krbdef,$krbdefdom) = &Apache::loncommon::get_kerberos_defaults($dom);
+ my %param = ( formname => $formname,
+ kerb_def_dom => $krbdefdom,
+ kerb_def_auth => $krbdef,
+ domain => $dom,
+ );
+ my %abv_auth = &auth_abbrev();
+ if ($curr_authtype =~ /^(krb4|krb5|internal|localauth|unix):(.*)$/) {
+ my $long_auth = $1;
+ my $curr_autharg = $2;
+ my %abv_auth = &auth_abbrev();
+ $param{'curr_authtype'} = $abv_auth{$long_auth};
+ if ($long_auth =~ /^krb(4|5)$/) {
+ $param{'curr_kerb_ver'} = $1;
+ $param{'curr_autharg'} = $curr_autharg;
+ }
+ if ($mode eq 'modifyuser') {
+ $param{'mode'} = $mode;
+ }
+ }
+ $loginscript = &Apache::loncommon::authform_header(%param);
+ $authformkrb = &Apache::loncommon::authform_kerberos(%param);
+ $authformnop = &Apache::loncommon::authform_nochange(%param);
+ $authformint = &Apache::loncommon::authform_internal(%param);
+ $authformfsys = &Apache::loncommon::authform_filesystem(%param);
+ $authformloc = &Apache::loncommon::authform_local(%param);
+}
+
+sub auth_abbrev {
+ my %abv_auth = (
+ krb5 => 'krb',
+ krb4 => 'krb',
+ internal => 'int',
+ localuth => 'loc',
+ unix => 'fsys',
+ );
+ return %abv_auth;
}
+
+# ====================================================
+
+sub portfolio_quota {
+ my ($ccuname,$ccdomain) = @_;
+ my %lt = &Apache::lonlocal::texthash(
+ 'usrt' => "User Tools",
+ 'disk' => "Disk space allocated to user's portfolio files",
+ 'cuqu' => "Current quota",
+ 'cust' => "Custom quota",
+ 'defa' => "Default",
+ 'chqu' => "Change quota",
+ );
+ my ($currquota,$quotatype,$inststatus,$defquota) =
+ &Apache::loncommon::get_user_quota($ccuname,$ccdomain);
+ my ($usertypes,$order) = &Apache::lonnet::retrieve_inst_usertypes($ccdomain);
+ my ($longinsttype,$showquota,$custom_on,$custom_off,$defaultinfo);
+ if ($inststatus ne '') {
+ if ($usertypes->{$inststatus} ne '') {
+ $longinsttype = $usertypes->{$inststatus};
+ }
+ }
+ $custom_on = ' ';
+ $custom_off = ' checked="checked" ';
+ my $quota_javascript = <<"END_SCRIPT";
+
-ENDLOGINSCRIPT
- $generalrule=<
-As a general rule, only authors or co-authors should be filesystem
-authenticated (which allows access to the server filesystem).
-
-END
+END_SCRIPT
+ if ($quotatype eq 'custom') {
+ $custom_on = $custom_off;
+ $custom_off = ' ';
+ $showquota = $currquota;
+ if ($longinsttype eq '') {
+ $defaultinfo = &mt('For this user, the default quota would be [_1]'
+ .' Mb.',$defquota);
+ } else {
+ $defaultinfo = &mt("For this user, the default quota would be [_1]".
+ " Mb, as determined by the user's institutional".
+ " affiliation ([_2]).",$defquota,$longinsttype);
+ }
+ } else {
+ if ($longinsttype eq '') {
+ $defaultinfo = &mt('For this user, the default quota is [_1]'
+ .' Mb.',$defquota);
+ } else {
+ $defaultinfo = &mt("For this user, the default quota of [_1]".
+ " Mb, is determined by the user's institutional".
+ " affiliation ([_2]).",$defquota,$longinsttype);
+ }
+ }
+
+ my $output = $quota_javascript."\n".
+ '