--- loncom/interface/lonhelper.pm 2003/05/15 16:14:52 1.30
+++ loncom/interface/lonhelper.pm 2003/05/29 17:39:40 1.35
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# .helper XML handler to implement the LON-CAPA helper
#
-# $Id: lonhelper.pm,v 1.30 2003/05/15 16:14:52 bowersj2 Exp $
+# $Id: lonhelper.pm,v 1.35 2003/05/29 17:39:40 bowersj2 Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -53,7 +53,10 @@ Each state contains one or more state el
messages, resource selections, or date queries.
The helper tag is required to have one attribute, "title", which is the name
-of the helper itself, such as "Parameter helper".
+of the helper itself, such as "Parameter helper". The helper tag may optionally
+have a "requiredpriv" attribute, specifying the priviledge a user must have
+to use the helper, or get denied access. See loncom/auth/rolesplain.tab for
+useful privs. Default is full access, which is often wrong!
=head2 State tags
@@ -257,10 +260,17 @@ sub real_handler {
# xml parsing
&Apache::lonxml::xmlparse($r, 'helper', $file);
+ my $allowed = $helper->allowedCheck();
+ if (!$allowed) {
+ $ENV{'user.error.msg'} = $ENV{'request.uri'}.':'.$helper->{REQUIRED_PRIV}.
+ ":0:0:Permission denied to access this helper.";
+ return HTTP_NOT_ACCEPTABLE;
+ }
+
$helper->process();
$r->print($helper->display());
- return OK;
+ return OK;
}
sub registerHelperTags {
@@ -284,7 +294,7 @@ sub start_helper {
registerHelperTags();
- Apache::lonhelper::helper->new($token->[2]{'title'});
+ Apache::lonhelper::helper->new($token->[2]{'title'}, $token->[2]{'requiredpriv'});
return '';
}
@@ -343,6 +353,7 @@ sub new {
my $self = {};
$self->{TITLE} = shift;
+ $self->{REQUIRED_PRIV} = shift;
# If there is a state from the previous form, use that. If there is no
# state, use the start state parameter.
@@ -467,6 +478,16 @@ sub declareVar {
}
}
+sub allowedCheck {
+ my $self = shift;
+
+ if (!defined($self->{REQUIRED_PRIV})) {
+ return 1;
+ }
+
+ return Apache::lonnet::allowed($self->{REQUIRED_PRIV}, $ENV{'request.course.id'});
+}
+
sub changeState {
my $self = shift;
$self->{STATE} = shift;
@@ -549,23 +570,22 @@ sub display {
HEADER
if (!$state->overrideForm()) { $result.="