--- loncom/auth/lonroles.pm 2002/11/12 22:36:38 1.44 +++ loncom/auth/lonroles.pm 2004/11/12 15:33:32 1.108 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # User Roles Screen # -# $Id: lonroles.pm,v 1.44 2002/11/12 22:36:38 www Exp $ +# $Id: lonroles.pm,v 1.108 2004/11/12 15:33:32 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -25,22 +25,6 @@ # # http://www.lon-capa.org/ # -# (Directory Indexer -# (Login Screen -# YEAR=1999 -# 5/21/99,5/22,5/25,5/26,5/31,6/2,6/10,7/12,7/14 Gerd Kortemeyer) -# 11/23 Gerd Kortemeyer) -# YEAR=2000 -# 1/14,03/06,06/01,07/22,07/24,07/25, -# 09/04,09/06,09/28,09/29,09/30,10/2,10/5,10/26,10/28, -# 12/08,12/28, -# YEAR=2001 -# 01/15/01 Gerd Kortemeyer -# 02/27/01 Scott Harrison -# 03/02,05/03,05/25,05/30,06/01,07/06,08/06 Gerd Kortemeyer -# 12/21 Scott Harrison -# 12/29 Gerd Kortemeyer -# ### package Apache::lonroles; @@ -52,6 +36,44 @@ use Apache::Constants qw(:common); use Apache::File(); use Apache::lonmenu; use Apache::loncommon; +use Apache::lonhtmlcommon; +use Apache::lonannounce; +use Apache::lonlocal; + +sub redirect_user { + my ($r,$title,$url,$msg,$launch_nav) = @_; + $msg = $title if (! defined($msg)); + &Apache::loncommon::content_type($r,'text/html'); + &Apache::loncommon::no_cache($r); + $r->send_http_header; + my $swinfo=&Apache::lonmenu::rawconfig(); + my $navwindow; + if ($launch_nav eq 'on') { + $navwindow.=&Apache::lonnavmaps::launch_win('now'); + } else { + $navwindow.=&Apache::lonnavmaps::close(); + } + my $bodytag=&Apache::loncommon::bodytag('Switching Role'); +# Note to style police: +# This must only replace the spaces, nothing else, or it bombs elsewhere. + $url=~s/ /\%20/g; + $r->print(<$title + + + +$bodytag + +$navwindow +

$msg

+Continue + + +ENDREDIR + return; +} sub handler { @@ -60,104 +82,241 @@ sub handler { my $now=time; my $then=$ENV{'user.login.time'}; my $envkey; - + my %dcroles = (); + my $numdc = &check_fordc(\%dcroles,$then); # ================================================================== Roles Init - if ($ENV{'form.selectrole'}) { if ($ENV{'request.course.id'}) { my %temp=('logout_'.$ENV{'request.course.id'} => time); &Apache::lonnet::put('email_status',\%temp); + &Apache::lonnet::delenv('user.state.'.$ENV{'request.course.id'}); + } + &Apache::lonnet::appenv("request.course.id" => '', + "request.course.fn" => '', + "request.course.uri" => '', + "request.course.sec" => '', + "request.role" => 'cm', + "request.role.adv" => $ENV{'user.adv'}, + "request.role.domain" => $ENV{'user.domain'}); + +# Check to see if the user is a DC trying to enter a course and needs privs to be created + if ($numdc > 0) { + foreach my $envkey (keys %ENV) { + if ($envkey =~ m-^form\.cc\./(\w+)/(\w+)$-) { + if ($dcroles{$1}) { + unless ($ENV{'user.role.cc./'.$1.'/'.$2}) { + &set_privileges($1,$2); + } + } + last; + } + } } - &Apache::lonnet::appenv("request.course.id" => '', - "request.course.fn" => '', - "request.course.uri" => '', - "request.course.sec" => '', - "request.role" => 'cm', - "request.role.domain" => $ENV{'user.domain'}); + foreach $envkey (keys %ENV) { next if ($envkey!~/^user\.role\./); - my (undef,undef,$role,@pwhere)=split(/\./,$envkey); - my $where=join('.',@pwhere); - my $trolecode=$role.'.'.$where; + my ($where,$trolecode,$role,$tstatus,$tend,$tstart); + &role_status($envkey,$then,$now,\$role,\$where,\$trolecode,\$tstatus,\$tstart,\$tend); if ($ENV{'form.'.$trolecode}) { - my ($tstart,$tend)=split(/\./,$ENV{$envkey}); - my $tstatus='is'; - if ($tstart) { - if ($tstart>$then) { - $tstatus='future'; - } - } - if ($tend) { - if ($tend<$then) { $tstatus='expired'; } - if ($tend<$now) { $tstatus='will_not'; } - } - if ($tstatus eq 'is') { - $where=~s/^\///; - my ($cdom,$cnum,$csec)=split(/\//,$where); - &Apache::lonnet::appenv('request.role' => $trolecode, - 'request.role.domain' => $cdom, - 'request.course.sec' => $csec); - my $msg='Entering course ...'; - if (($cnum) && ($role ne 'ca')) { - my ($furl,$ferr)= - &Apache::lonuserstate::readmap($cdom.'/'.$cnum); - if (($ENV{'form.orgurl'}) && - ($ENV{'form.orgurl'}!~/^\/adm\/flip/)) { - $r->internal_redirect($ENV{'form.orgurl'}); - return OK; - } else { - unless ($ENV{'request.course.id'}) { - &Apache::lonnet::appenv( - "request.course.id" => $cdom.'_'.$cnum); - $furl='/adm/notfound.html'; - $msg= - '

Could not initialize top-level map.

'; - } - $r->content_type('text/html'); - &Apache::loncommon::no_cache($r); - $r->send_http_header; - my $swinfo=&Apache::lonmenu::rawconfig($r); - my $bodytag=&Apache::loncommon::bodytag('Switching Role'); - print (<Entering Course - + if ($tstatus eq 'is') { + $where=~s/^\///; + my ($cdom,$cnum,$csec)=split(/\//,$where); +# check for keyed access + if (($role eq 'st') && + ($ENV{'course.'.$cdom.'_'.$cnum.'.keyaccess'} eq 'yes')) { +# who is key authority? + my $authdom=$cdom; + my $authnum=$cnum; + if ($ENV{'course.'.$cdom.'_'.$cnum.'.keyauth'}) { + ($authnum,$authdom)= + split(/\W/,$ENV{'course.'.$cdom.'_'.$cnum.'.keyauth'}); + } +# check with key authority + unless (&Apache::lonnet::validate_access_key( + $ENV{'environment.key.'.$cdom.'_'.$cnum}, + $authdom,$authnum)) { +# there is no valid key + if ($ENV{'form.newkey'}) { +# student attempts to register a new key + &Apache::loncommon::content_type($r,'text/html'); + &Apache::loncommon::no_cache($r); + $r->send_http_header; + my $swinfo=&Apache::lonmenu::rawconfig(); + my $bodytag=&Apache::loncommon::bodytag + ('Verifying Access Key to Unlock this Course'); + my $buttontext=&mt('Enter Course'); + my $message=&mt('Successfully registered key'); + my $assignresult= + &Apache::lonnet::assign_access_key( + $ENV{'form.newkey'}, + $authdom,$authnum, + $cdom,$cnum, + $ENV{'user.domain'}, + $ENV{'user.name'}, + 'Assigned from '.$ENV{'REMOTE_ADDR'}.' at '.localtime().' for '. + $trolecode); + unless ($assignresult eq 'ok') { + $assignresult=~s/^error\:\s*//; + $message=&mt($assignresult). + '
'. + &mt('Logout').''; + $buttontext=&mt('Re-Enter Key'); + } + $r->print(<Verifying Course Access Key $bodytag -

$msg

- - -ENDREDIR +
+ + +$message
+ +
+ +ENDENTEREDKEY + return OK; + } else { +# print form to enter a new key + &Apache::loncommon::content_type($r,'text/html'); + &Apache::loncommon::no_cache($r); + $r->send_http_header; + my $swinfo=&Apache::lonmenu::rawconfig(); + my $bodytag=&Apache::loncommon::bodytag + ('Enter Access Key to Unlock this Course'); + $r->print(<Entering Course Access Key + + +$bodytag + +
+ + + + +
+ +ENDENTERKEY + return OK; + } + } + } + &Apache::lonnet::log($ENV{'user.domain'}, + $ENV{'user.name'}, + $ENV{'user.home'}, + "Role ".$trolecode); + + &Apache::lonnet::appenv( + 'request.role' => $trolecode, + 'request.role.domain' => $cdom, + 'request.course.sec' => $csec); + my $tadv=0; + if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; } + &Apache::lonnet::appenv('request.role.adv' => $tadv); + + my $msg=&mt('Entering course ...'); + + if (($cnum) && ($role ne 'ca')) { + my ($furl,$ferr)= + &Apache::lonuserstate::readmap($cdom.'/'.$cnum); + if (($ENV{'form.orgurl'}) && + ($ENV{'form.orgurl'}!~/^\/adm\/flip/)) { + my $dest=$ENV{'form.orgurl'}; + if ( &Apache::lonnet::mod_perl_version() == 2 ) { + &Apache::lonnet::cleanenv(); + } + $r->internal_redirect($dest); + return OK; + } else { + unless ($ENV{'request.course.id'}) { + &Apache::lonnet::appenv( + "request.course.id" => $cdom.'_'.$cnum); + $furl='/adm/roles?tryagain=1'; + $msg= + '

'. + &mt('Could not initialize course at this time.'). + '

'.&mt('Please try again.').'

'.$ferr; + } + + # Check to see if the user is a CC entering a course + # for the first time + my (undef, undef, $role, $courseid) = split(/\./, $envkey); + if (substr($courseid, 0, 1) eq '/') { + $courseid = substr($courseid, 1); + } + $courseid =~ s/\//_/; + if ($role eq 'cc' && $ENV{'course.' . $courseid . + '.course.helper.not.run'}) { + $furl = "/adm/helper/course.initialization.helper"; + } + # Check to see if the user is a DC selecting a course + if (($numdc > 0) && ($role eq 'cc')) { + my $formaction = '/adm/roles/'; + my ($dcdom,$pickedcourse) = split/_/,$courseid; + if ($ENV{'user.role.dc./'.$dcdom.'/'}) { + &Apache::lonhtmlcommon::store_recent('recent_roles', + $courseid,$formaction); + } + } + # + # Send the user to the course they selected + &redirect_user($r,&mt('Entering Course'), + $furl,$msg, + $ENV{'environment.remotenavmap'}); return OK; - } - } - } - } + } + } + # + # Send the user to the construction space they selected + if ($role =~ /^(au|ca)$/) { + my $redirect_url = '/priv/'; + if ($role eq 'au') { + $redirect_url.=$ENV{'user.name'}; + } else { + $where =~ /\/(.*)$/; + $redirect_url .= $1; + } + $redirect_url .= '/'; + &redirect_user($r,&mt('Entering Construction Space'), + $redirect_url); + return OK; + } + if ($role eq 'dc') { + my $redirect_url = '/adm/menu/'; + &redirect_user($r,&mt('Loading Domain Coordinator Menu'), + $redirect_url); + return OK; + } + } + } } } # =============================================================== No Roles Init - $r->content_type('text/html'); + &Apache::loncommon::content_type($r,'text/html'); &Apache::loncommon::no_cache($r); $r->send_http_header; return OK if $r->header_only; - my $swinfo=&Apache::lonmenu::rawconfig($r); + my $swinfo=&Apache::lonmenu::rawconfig(); my $bodytag=&Apache::loncommon::bodytag('User Roles'); - my $helptag=&Apache::loncommon::help_open_topic("General_Intro","HELP"); + my $helptag='
'.&Apache::loncommon::help_open_menu('','General Intro','General_Intro','User Roles',1,undef,undef,undef,undef,,&mt("Click here for help")).'
'; $r->print(< LON-CAPA User Roles $bodytag -$helptag

 

+$helptag
'); + $r->print(''); + return OK; + } +# More than one possible role +# ----------------------------------------------------------------------- Table + unless (($advanced) || ($nochoose)) { + $r->print("

".&mt('Select a Course to Enter')."

\n"); + } + $r->print('
'); + unless ($nochoose) { $r->print(''); } + $r->print(''."\n"); + my $doheaders=-1; + foreach my $type ('Construction Space','Course','Domain','System') { + my $haverole=0; + foreach my $which (sort {uc($a) cmp uc($b)} (keys(%sortrole))) { + if ($roleclass{$sortrole{$which}} =~ /^\Q$type\E/) { + $haverole=1; + } + } + if ($haverole) { $doheaders++; } + } + if ($numdc > 0) { + &select_recent_courses($r,\%roletext); + } + foreach my $type ('Construction Space','Course','Domain','System') { + my $output; + foreach my $which (sort {uc($a) cmp uc($b)} (keys(%sortrole))) { + if ($roleclass{$sortrole{$which}} =~ /^\Q$type\E/) { + $output.=$roletext{$sortrole{$which}}; + if ($sortrole{$which} =~ m-dc\./(\w+)/-) { + if ($dcroles{$1}) { + $output .= &allcourses_row($1); + } + } + } + } + if ($output) { + if ($doheaders > 0) { + $r->print("". + ""); + } + $r->print($output); + } + } my $tremark=''; + my $tfont='#003300'; if ($ENV{'request.role'} eq 'cm') { $r->print(''); - $tremark='Currently selected.'; + $tremark=&mt('Currently selected. '); + $tfont='#002200'; } else { $r->print(''); } unless ($nochoose) { - if ($ENV{'request.role'} ne 'cm') { - $r->print(''); - } else { - $r->print(''); - } + if ($ENV{'request.role'} ne 'cm') { + $r->print(''); + } else { + $r->print(''); + } } - $r->print(''."\n"); + $r->print(''."\n"); $r->print('
 '.&mt('User Role').''.&mt('Extent'). + ''.&mt('Start').''.&mt('End').''. + &mt('Remarks and Calendar Announcements').'
".&mt($type)."
  No role specified'. - ''.$tremark.' 
'.&mt('No role specified'). + ''.$tremark. + ' 
'); unless ($nochoose) { $r->print("\n"); } # ------------------------------------------------------------ Privileges Info - if (($advanced) && (($ENV{'user.error.msg'}) || ($error))) { - $r->print('

Current Privileges

'); + if (($advanced) && (($ENV{'user.error.msg'}) || ($error))) { + $r->print('

Current Privileges

'); - foreach $envkey (sort keys %ENV) { - if ($envkey=~/^user\.priv\.$ENV{'request.role'}\./) { - my $where=$envkey; - $where=~s/^user\.priv\.$ENV{'request.role'}\.//; - my $ttype; - my $twhere; - my ($tdom,$trest,$tsec)= - split(/\//,Apache::lonnet::declutter($where)); - if ($trest) { - if ($ENV{'course.'.$tdom.'_'.$trest.'.description'} eq 'ca') { - $ttype='Construction Space'; - $twhere='User: '.$trest.', Domain: '.$tdom; - } else { - $ttype='Course'; - $twhere=$ENV{'course.'.$tdom.'_'.$trest.'.description'}; - if ($tsec) { - $twhere.=' (Section/Group: '.$tsec.')'; + foreach $envkey (sort keys %ENV) { + if ($envkey=~/^user\.priv\.$ENV{'request.role'}\./) { + my $where=$envkey; + $where=~s/^user\.priv\.$ENV{'request.role'}\.//; + my $ttype; + my $twhere; + my ($tdom,$trest,$tsec)= + split(/\//,Apache::lonnet::declutter($where)); + if ($trest) { + if ($ENV{'course.'.$tdom.'_'.$trest.'.description'} eq 'ca') { + $ttype='Construction Space'; + $twhere='User: '.$trest.', Domain: '.$tdom; + } else { + $ttype='Course'; + $twhere=$ENV{'course.'.$tdom.'_'.$trest.'.description'}; + if ($tsec) { + $twhere.=' (Section/Group: '.$tsec.')'; + } + } + } elsif ($tdom) { + $ttype='Domain'; + $twhere=$tdom; + } else { + $ttype='System'; + $twhere='/'; + } + $r->print("\n

".$ttype.': '.$twhere.'

    '); + foreach (sort split(/:/,$ENV{$envkey})) { + if ($_) { + my ($prv,$restr)=split(/\&/,$_); + my $trestr=''; + if ($restr ne 'F') { + my $i; + $trestr.=' ('; + for ($i=0;$iprint('
  • '. + Apache::lonnet::plaintext($prv).$trestr. + '
    • '); + } + } + $r->print('
'); + } + } + } + $r->print(&Apache::lonnet::getannounce()); + if ($advanced) { + $r->print('

This is LON-CAPA '. + $r->dir_config('lonVersion').'
'. + ''.&mt('Logout').'

'); + } + $r->print("\n"); + return OK; +} + +sub role_status { + my ($rolekey,$then,$now,$role,$where,$trolecode,$tstatus,$tstart,$tend) = @_; + my @pwhere = (); + if (exists($ENV{$rolekey}) && $ENV{$rolekey} ne '') { + (undef,undef,$$role,@pwhere)=split(/\./,$rolekey); + unless (!defined($$role) || $$role eq '') { + $$where=join('.',@pwhere); + $$trolecode=$$role.'.'.$$where; + ($$tstart,$$tend)=split(/\./,$ENV{$rolekey}); + $$tstatus='is'; + if ($$tstart && $$tstart>$then) { + $$tstatus='future'; + if ($$tstart<$now) { $$tstatus='will'; } + } + if ($$tend) { + if ($$tend<$then) { + $$tstatus='expired'; + } elsif ($$tend<$now) { + $$tstatus='will_not'; + } + } + } + } +} + +sub dc_script { + my $response = (<<"END"); +function setDCchoice(caller) { + var dcname = "dc./"+caller+"/" + document.rolechoice.dcselected.value = caller + document.rolechoice.elements[3].name = dcname + document.rolechoice.submit() +} +END + return $response; +} + +sub check_fordc { + my ($dcroles,$then) = @_; + my $numdc = 0; + if ($ENV{'user.adv'}) { + foreach my $envkey (sort keys %ENV) { + if ($envkey=~/^user\.role\.dc\.\/(\w+)\/$/) { + my $dcdom = $1; + my $livedc = 1; + my ($tstart,$tend)=split(/\./,$ENV{$envkey}); + if ($tstart && $tstart>$then) { $livedc = 0; } + if ($tend && $tend <$then) { $livedc = 0; } + if ($livedc) { + $$dcroles{$dcdom} = $envkey; + $numdc++; } - } - } elsif ($tdom) { - $ttype='Domain'; - $twhere=$tdom; - } else { - $ttype='System'; - $twhere='/'; } - $r->print("\n

".$ttype.': '.$twhere.'

    '); - foreach (sort split(/:/,$ENV{$envkey})) { - if ($_) { - my ($prv,$restr)=split(/\&/,$_); - my $trestr=''; - if ($restr ne 'F') { - my $i; - $trestr.=' ('; - for ($i=0;$iprint('
  • '.Apache::lonnet::plaintext($prv).$trestr. - '
    • '); - } + } + } + return $numdc; +} + +sub courselink { + my ($dcdom) = @_; + my $cb_jscript = &Apache::loncommon::coursebrowser_javascript($dcdom,'dom'); + my $verify_script = <<"END"; + +END + my $courseform=&Apache::loncommon::selectcourse_link + ('rolechoice','dccourse','dcdomain','coursedesc'); + my $hiddenitems = ''. + ''. + ''. + ''; + return $cb_jscript.$verify_script.$courseform.$hiddenitems; +} + + +sub select_recent_courses { + my ($r,$roletext)=@_; + my $advanced = $ENV{'user.adv'}; + my $tryagain = $ENV{'form.tryagain'}; + my %recent=&Apache::lonnet::dump(&recent_filename('recent_roles')); + my $numrecent = 0; + my $roledisplay = ''. + ''. + &mt('Recent courses accessed by DC'). + ''."\n"; + foreach my $courseid (sort keys %recent) { + unless ($courseid =~/^error\:/) { + my ($dom,$crs) = split/_/,$courseid; + $numrecent ++; + my $crskey = 'user.role.cc./'.$dom.'/'.$crs; + $roledisplay.=$$roletext{$crskey}; + } + } + if ($numrecent > 0) { + $r->print("$roledisplay\n"); + } +} + +sub allcourses_row { + my ($dcdom) = @_; + my $ccrole = Apache::lonnet::plaintext('cc'); + my $selectlink = &courselink($dcdom); + my $output = ''. + ''. + ''. + ''. + $ccrole.''.&mt('Course').''. + ''.&mt('All courses').': '. + $selectlink.''. + '
    '.&mt('Domain').':'.$dcdom.'    '. + ''. + &mt('Course Coordinator access to all courses in domain'). + ': '.$dcdom.''."\n"; + return $output; +} + +sub recent_filename { + my $area=shift; + return 'nohist_recent_'.&Apache::lonnet::escape($area); +} + +sub set_privileges { + my ($dcdom,$pickedcourse) = @_; + my $area = '/'.$dcdom.'/'.$pickedcourse; + my $role = 'cc'; + my $spec = $role.'.'.$area; + my $userroles = &Apache::lonnet::set_arearole($role,$area,'','',$dcdom,$ENV{'user.name'}); + my %ccrole = (); + &Apache::lonnet::standard_roleprivs(\%ccrole,$role,$dcdom,$spec,$pickedcourse,$area); + my ($author,$adv)= &Apache::lonnet::set_userprivs(\$userroles,\%ccrole); + my @newprivs = split/\n/,$userroles; + my %newccroles = (); + foreach (@newprivs) { + my ($key,$val) = split/=/,$_; + $newccroles{$key} = $val; + } + &Apache::lonnet::appenv(%newccroles); + &Apache::lonnet::log($ENV{'user.domain'}, + $ENV{'user.name'}, + $ENV{'user.home'}, + "Role ".$role); + &Apache::lonnet::appenv( + 'request.role' => $role, + 'request.role.domain' => $dcdom, + 'request.course.sec' => ''); + my $tadv=0; + if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; } + &Apache::lonnet::appenv('request.role.adv' => $tadv); +} 1; __END__ @@ -469,6 +936,36 @@ Invoked by /etc/httpd/conf/srm.conf: ErrorDocument 500 /adm/errorhandler +=head1 OVERVIEW + +=head2 Choosing Roles + +C is a handler that allows a user to switch roles in +mid-session. LON-CAPA attempts to work with "No Role Specified", the +default role that a user has before selecting a role, as widely as +possible, but certain handlers for example need specification which +course they should act on, etc. Both in this scenario, and when the +handler determines via C's C<&allowed> function that a certain +action is not allowed, C is used as error handler. This +allows the user to select another role which may have permission to do +what they were trying to do. C can also be accessed via the +B button in the Remote Control. + +=begin latex + +\begin{figure} +\begin{center} +\includegraphics[width=0.45\paperwidth,keepaspectratio]{Sample_Roles_Screen} + \caption{\label{Sample_Roles_Screen}Sample Roles Screen} +\end{center} +\end{figure} + +=end latex + +=head2 Role Initialization + +The privileges for a user are established at login time and stored in the session environment. As a consequence, a new role does not become active till the next login. Handlers are able to query for privileges using C's C<&allowed> function. When a user first logs in, their role is the "common" role, which means that they have the sum of all of their privileges. During a session it might become necessary to choose a particular role, which as a consequence also limits the user to only the privileges in that particular role. + =head1 INTRODUCTION This module enables a user to select what role he wishes to 500 Internal Server Error

    Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

    More information about this error may be available in the server error log.