--- loncom/interface/loncreateuser.pm 2002/08/30 22:06:56 1.39.4.1 +++ loncom/interface/loncreateuser.pm 2003/03/23 08:31:41 1.49 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Create a user # -# $Id: loncreateuser.pm,v 1.39.4.1 2002/08/30 22:06:56 albertel Exp $ +# $Id: loncreateuser.pm,v 1.49 2003/03/23 08:31:41 albertel Exp $ # # Copyright Michigan State University Board of Trustees # @@ -44,10 +44,9 @@ # 2/14,2/17,2/19,2/20,2/21,2/22,2/23,3/2,3/17,3/24,04/12 Gerd Kortemeyer # April Guy Albertelli # 05/10,10/16 Gerd Kortemeyer -# 11/12,11/13,11/15 Scott Harrison # 02/11/02 Matthew Hall # -# $Id: loncreateuser.pm,v 1.39.4.1 2002/08/30 22:06:56 albertel Exp $ +# $Id: loncreateuser.pm,v 1.49 2003/03/23 08:31:41 albertel Exp $ ### package Apache::loncreateuser; @@ -71,15 +70,30 @@ BEGIN { my %param = ( formname => 'document.cu', kerb_def_dom => $krbdefdom ); - $loginscript = &Apache::loncommon::authform_header(%param); +# no longer static due to configurable kerberos defaults +# $loginscript = &Apache::loncommon::authform_header(%param); $generalrule = &Apache::loncommon::authform_authorwarning(%param); $authformnop = &Apache::loncommon::authform_nochange(%param); - $authformkrb = &Apache::loncommon::authform_kerberos(%param); +# no longer static due to configurable kerberos defaults +# $authformkrb = &Apache::loncommon::authform_kerberos(%param); $authformint = &Apache::loncommon::authform_internal(%param); $authformfsys = &Apache::loncommon::authform_filesystem(%param); $authformloc = &Apache::loncommon::authform_local(%param); } + + +# ==================================================== Figure out author access + +sub authorpriv { + my ($auname,$audom)=@_; + if (($auname ne $ENV{'user.name'}) || + (($audom ne $ENV{'user.domain'}) && + ($audom ne $ENV{'request.role.domain'}))) { return ''; } + unless (&Apache::lonnet::allowed('cca',$audom)) { return ''; } + return 1; +} + # =================================================================== Phase one sub print_username_entry_form { @@ -87,18 +101,26 @@ sub print_username_entry_form { my $defdom=$ENV{'request.role.domain'}; my @domains = &Apache::loncommon::get_domains(); my $domform = &Apache::loncommon::select_dom_form($defdom,'ccdomain'); + my $bodytag =&Apache::loncommon::bodytag( + 'Create Users, Change User Privileges'); + my $selscript=&Apache::loncommon::studentbrowser_javascript(); + my $sellink=&Apache::loncommon::selectstudent_link + ('crtuser','ccuname','ccdomain'); $r->print(<<"ENDDOCUMENT"); The LearningOnline Network with CAPA +$selscript - -

Create User, Change User Privileges

-
- +$bodytag + +

-Username:
-Domain: $domform + + +
Username: +$sellink
+Domain:$domform

@@ -113,15 +135,17 @@ sub print_user_modification_page { my $ccuname=$ENV{'form.ccuname'}; my $ccdomain=$ENV{'form.ccdomain'}; - $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/; - my $krbdefdom=$1; - $krbdefdom=~tr/a-z/A-Z/; + my $defdom=$ENV{'request.role.domain'}; + + my ($krbdef,$krbdefdom) = + &Apache::loncommon::get_kerberos_defaults($defdom); + my %param = ( formname => 'document.cu', - kerb_def_dom => $krbdefdom + kerb_def_dom => $krbdefdom, + kerb_def_auth => $krbdef ); $loginscript = &Apache::loncommon::authform_header(%param); - - my $defdom=$ENV{'request.role.domain'}; + $authformkrb = &Apache::loncommon::authform_kerberos(%param); $ccuname=~s/\W//g; $ccdomain=~s/\W//g; @@ -154,9 +178,9 @@ sub print_user_modification_page { - - ENDDOCHEAD + $r->print(&Apache::loncommon::bodytag( + 'Create Users, Change User Privileges')); my $forminfo =<<"ENDFORMINFO";
@@ -169,7 +193,7 @@ ENDFORMINFO my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain); my %incdomains; my %inccourses; - foreach (%Apache::lonnet::hostdom) { + foreach (values(%Apache::lonnet::hostdom)) { $incdomains{$_}=1; } foreach (keys(%ENV)) { @@ -293,18 +317,12 @@ END } } } - # I have no idea what the hell the above code does - # So the following is a check: - if ($allowed) { - # If we are looking at a co-author role, make sure it is - # for the current users construction space before we let - # them revoke it. - if (($role_code eq 'ca') && - ($ENV{'request.role'} !~ /^dc/)) { - if ($area !~ - /^\/$ENV{'request.role.domain'}\/$ENV{'user.name'}/) { - $allowed = 0; - } + if ($role_code eq 'ca') { + $area=~/\/(\w+)\/(\w+)/; + if (&authorpriv($2,$1)) { + $allowed=1; + } else { + $allowed=0; } } my $row = ''; @@ -328,16 +346,16 @@ END $r->print(''); } # End of unless my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain); - if ($currentauth=~/^krb4:/) { - $currentauth=~/^krb4:(.*)/; - my $krbdefdom2=$1; + if ($currentauth=~/^krb(4|5):/) { + $currentauth=~/^krb(4|5):(.*)/; + my $krbdefdom=$1; my %param = ( formname => 'document.cu', kerb_def_dom => $krbdefdom ); $loginscript = &Apache::loncommon::authform_header(%param); } # Check for a bad authentication type - unless ($currentauth=~/^krb4:/ or + unless ($currentauth=~/^krb(4|5):/ or $currentauth=~/^unix:/ or $currentauth=~/^internal:/ or $currentauth=~/^localauth:/ @@ -375,7 +393,7 @@ ENDBADAUTH } else { # Authentication type is valid my $authformcurrent=''; my $authform_other=''; - if ($currentauth=~/^krb4:/) { + if ($currentauth=~/^krb(4|5):/) { $authformcurrent=$authformkrb; $authform_other="

$authformint

\n". "

$authformfsys

$authformloc

"; @@ -426,7 +444,9 @@ ENDOTHERAUTHS # # Co-Author # - if (&Apache::lonnet::allowed('cca',$ENV{'request.role.domain'})) { + if (&authorpriv($ENV{'user.name'},$ENV{'request.role.domain'}) && + ($ENV{'user.name'} ne $ccuname || $ENV{'user.domain'} ne $ccdomain)) { + # No sense in assigning co-author role to yourself my $cuname=$ENV{'user.name'}; my $cudom=$ENV{'request.role.domain'}; $r->print(< The LearningOnline Network with CAPA - - ENDTHREEHEAD + my $title; + if (exists($ENV{'form.makeuser'})) { + $title='Set Privileges for New User'; + } else { + $title='Modify User Privileges'; + } + $r->print(&Apache::loncommon::bodytag($title)); # Check Inputs if (! $ENV{'form.ccuname'} ) { $r->print($error.'No login name specified.'.$end); @@ -534,7 +559,8 @@ ENDTHREEHEAD my $amode=''; my $genpwd=''; if ($ENV{'form.login'} eq 'krb') { - $amode='krb4'; + $amode='krb'; + $amode.=$ENV{'form.krbver'}; $genpwd=$ENV{'form.krbarg'}; } elsif ($ENV{'form.login'} eq 'int') { $amode='internal'; @@ -559,7 +585,6 @@ ENDTHREEHEAD if ($ENV{'form.makeuser'}) { # Create a new user $r->print(<Create User

Creating user "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"

ENDNEWUSERHEAD # Check for the authentication mode and password @@ -595,7 +620,6 @@ ENDNEWUSERHEAD ($ENV{'form.login'} ne '' )) { # Modify user privileges $r->print(<Change User Privileges

User "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"

ENDMODIFYUSERHEAD if (! $amode || ! $genpwd) {