--- loncom/auth/lonroles.pm 2021/04/22 20:14:22 1.348 +++ loncom/auth/lonroles.pm 2022/06/26 04:03:47 1.365 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # User Roles Screen # -# $Id: lonroles.pm,v 1.348 2021/04/22 20:14:22 raeburn Exp $ +# $Id: lonroles.pm,v 1.365 2022/06/26 04:03:47 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -149,41 +149,65 @@ my $registered_cleanup; my $rosterupdates; sub start_loading_course { - my ($r,$title) = @_; + my ($r,$title,$only_body) = @_; &Apache::loncommon::content_type($r,'text/html'); &Apache::loncommon::no_cache($r); $r->send_http_header; - my $swinfo=&Apache::lonmenu::rawconfig(); - # Breadcrumbs - my $brcrum = [{'href' => '', - 'text' => $title},]; - my $start_page = &Apache::loncommon::start_page($title,undef, - {'bread_crumbs' => $brcrum,}); - $r->print(<print(&Apache::loncommon::start_page($title,undef,{'only_body' => 1, + 'add_progressbar' => 1})); + } else { + my $swinfo=&Apache::lonmenu::rawconfig(); + # Breadcrumbs + my $brcrum = [{'href' => '', + 'text' => $title},]; + my $start_page = &Apache::loncommon::start_page($title,undef, + {'bread_crumbs' => $brcrum, + 'bread_crumbs_nomenu' => 1, + 'links_disabled' => 1}); + $r->print(< // ENDREDIR + } return; } sub finish_loading_course { - my ($r,$msg,$url) = @_; -#FIXME add continue link, and add jquery to enable menu links when page is loaded - my $link; + my ($r,$msg,$url,$only_body) = @_; + my $link = ''; my $end_page = &Apache::loncommon::end_page(); my $js_url = &js_escape($url); + my $reenable; + unless ($only_body) { + $reenable = < a').removeAttr("aria-disabled"); + \$('.isDisabled').removeClass("isDisabled"); +REENABLE + } $r->print(< // $link $end_page @@ -266,6 +290,127 @@ sub handler { $update = $then; } + my ($norolelist,$blocked_by_ip,$blocked_type,$clientip); + $clientip = &Apache::lonnet::get_requestor_ip($r); + if (($env{'request.course.id'}) && ($env{'request.deeplink.login'})) { + my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + my $crstype = $env{'course.'.$env{'request.course.id'}.'.type'}; + my $deeplink_symb = &Apache::loncommon::deeplink_login_symb($cnum,$cdom); + if ($deeplink_symb) { + my ($menucoll,$deeplinkmenu,$menuref) = &Apache::loncommon::menucoll_in_effect(); + if (ref($menuref) eq 'HASH') { + unless (($menuref->{'role'}) || ($env{'request.role.adv'})) { + foreach my $envkey (keys(%env)) { + next unless ($envkey =~ /^form\./); + if ($envkey =~ m{\./($match_domain)/($match_courseid)(?:/(\w+)|$)}) { + unless (($1 eq $cdom) && ($2 eq $cnum)) { + delete($env{$envkey}); + } + } + } + if ($env{'form.selectrole'}) { + if ($env{'form.switchrole'} =~ m{\./($match_domain)/($match_courseid)(?:/(\w+)|$)}) { + unless (($1 eq $cdom) && ($2 eq $cnum)) { + delete($env{'form.selectrole'}); + delete($env{'form.switchrole'}); + } + } elsif ($env{'form.newrole'} =~ m{\./($match_domain)/($match_courseid)(?:/(\w+)|$)}) { + unless (($1 eq $cdom) && ($2 eq $cnum)) { + delete($env{'form.selectrole'}); + delete($env{'form.newrole'}); + } + } + } + $norolelist = 1; + } + } + } + } + + if ($env{'form.selectrole'}) { + my ($role,$cdom,$cnum,$rest); + if ($env{'form.switchrole'} =~ m{^(co|cc|in|ta|ep|ad|st|cr).*?\./($match_domain)/($match_courseid)(/(\w+)|$)}) { + ($role,$cdom,$cnum,$rest) = ($1,$2,$3,$4); + } elsif ($env{'form.newrole'} =~ m{^(co|cc|in|ta|ep|ad|st|cr).*?\./($match_domain)/($match_courseid)(/(\w+)|$)}) { + ($role,$cdom,$cnum,$rest) = ($1,$2,$3,$4); + } + if ($cdom ne '') { + my ($has_evb,$check_ipaccess,$showrole); + $showrole = 1; + my $checkrole = "cm./$cdom/$cnum"; + if ($rest ne '') { + $checkrole .= "/$rest"; + } + if ((&Apache::lonnet::allowed('evb',undef,undef,$checkrole)) && + ($role ne 'st')) { + $has_evb = 1; + } + unless ($has_evb) { + my @machinedoms = &Apache::lonnet::current_machine_domains(); + my $udom = $env{'user.domain'}; + if ($udom eq $cdom) { + $check_ipaccess = 1; + } elsif (($udom ne '') && (grep(/^\Q$udom\E$/,@machinedoms))) { + $check_ipaccess = 1; + } else { + my $lonhost = $Apache::lonnet::perlvar{'lonHostID'}; + my $internet_names = &Apache::lonnet::get_internet_names($lonhost); + my $cprim = &Apache::lonnet::domain($cdom,'primary'); + my $cintdom = &Apache::lonnet::internet_dom($cprim); + if (($cintdom ne '') && (ref($internet_names) eq 'ARRAY')) { + if (grep(/^\Q$cintdom\E$/,@{$internet_names})) { + $check_ipaccess = 1; + } + } + } + if ($check_ipaccess) { + my ($ipaccessref,$cached)=&Apache::lonnet::is_cached_new('ipaccess',$cdom); + unless (defined($cached)) { + my %domconfig = + &Apache::lonnet::get_dom('configuration',['ipaccess'],$cdom); + $ipaccessref = &Apache::lonnet::do_cache_new('ipaccess',$cdom,$domconfig{'ipaccess'},1800); + } + if (ref($ipaccessref) eq 'HASH') { + foreach my $id (keys(%{$ipaccessref})) { + if (ref($ipaccessref->{$id}) eq 'HASH') { + my $range = $ipaccessref->{$id}->{'ip'}; + if ($range) { + my $type = 'exclude'; + if (&Apache::lonnet::ip_match($clientip,$range)) { + $type = 'include'; + } + if (ref($ipaccessref->{$id}->{'courses'}) eq 'HASH') { + if ($ipaccessref->{$id}->{'courses'}{$cdom.'_'.$cnum}) { + if ($type eq 'include') { + $showrole = 1; + last; + } else { + $showrole = 0; + } + } else { + if ($type eq 'include') { + $showrole = 0; + } else { + $showrole = 1; + } + } + } + } + } + } + } + } + } + unless ($showrole) { + $blocked_by_ip = 1; + $blocked_type = &Apache::loncommon::course_type($cdom.'_'.$cnum); + delete($env{'form.selectrole'}); + delete($env{'form.newrole'}); + } + } + } + $registered_cleanup=0; @{$rosterupdates}=(); &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'}); @@ -629,9 +774,21 @@ ENDENTERKEY } my $crstype = &Apache::loncommon::course_type($cdom.'_'.$cnum); $crstype = lc($crstype); + my ($msg,$critmsg_check,$title,$loadmsg,$only_body); + $critmsg_check = 1; + $title = &mt("Loading $crstype"); + $loadmsg = &mt("Please be patient while your $crstype loads"); + if (($env{'request.deeplink.login'}) && ($env{'request.linkprot'})) { + if ($env{'request.linkprot'} =~ /^\d+(c|d):\Q$env{'form.destinationurl'}\E$/) { + $title = &mt('Loading LON-CAPA session'); + $loadmsg = &mt('Please be patient while LON-CAPA loads'); + $only_body = 1; + $critmsg_check = 0; + } + } my $preamble = '
'. '
'. - &mt("Please be patient while your $crstype loads"). + $loadmsg. '
'. '
'; my $closure = < ENDCLOSE - my $title = &mt("Loading $crstype"); - &start_loading_course($r,$title); + &start_loading_course($r,$title,$only_body); my %prog_state = &Apache::lonhtmlcommon::Create_PrgWin($r,undef,$preamble); &Apache::lonhtmlcommon::Update_PrgWin($r,\%prog_state,&mt('Loading ...')); $r->rflush(); - my ($msg,$blockcrit,$critmsg_check); - $critmsg_check = 1; - $blockcrit = &Apache::loncommon::blocking_status('alert',$cnum,$cdom,undef,1); - if ($blockcrit) { - my $checkrole = "cm./$cdom/$cnum"; - if ($csec ne '') { - $checkrole .= "/$csec"; - } - unless ((&Apache::lonnet::allowed('evb',undef,undef,$checkrole)) && - ($trolecode !~ m{^st\./$cdom/$cnum})) { - $critmsg_check = 0; + if ($critmsg_check) { + my $blockcrit = &Apache::loncommon::blocking_status('alert',$clientip,$cnum,$cdom,undef,1); + if ($blockcrit) { + my $checkrole = "cm./$cdom/$cnum"; + if ($csec ne '') { + $checkrole .= "/$csec"; + } + unless ((&Apache::lonnet::allowed('evb',undef,undef,$checkrole)) && + ($trolecode !~ m{^st\./$cdom/$cnum})) { + $critmsg_check = 0; + } } } my ($furl,$ferr)= @@ -765,10 +921,13 @@ ENDCLOSE ($env{'request.lti.rosterid'} || $env{'request.lti.passbackid'})) { &process_lti($r,$cdom,$cnum); } + if ($env{'request.deeplink.login'}) { + &set_deeplink_target($cnum,$cdom); + } $msg = '

'.&mt('Entering [_1] ...', $env{'course.'.$cdom.'_'.$cnum.'.description'}). '

'; - &finish_loading_course($r,$msg,$dest); + &finish_loading_course($r,$msg,$dest,$only_body); } } $r->rflush(); @@ -796,6 +955,9 @@ ENDCLOSE ($env{'request.lti.rosterid'} || $env{'request.lti.passbackid'})) { &process_lti($r,$cdom,$cnum); } + if ($env{'request.deeplink.login'}) { + &set_deeplink_target($cnum,$cdom); + } # Check to see if the user is a CC entering a course # for the first time if ((($role eq 'cc') || ($role eq 'co')) @@ -811,7 +973,7 @@ ENDCLOSE $msg = '

'.&mt('Entering [_1] ...', $env{'course.'.$cdom.'_'.$cnum.'.description'}). '

'; - &finish_loading_course($r,$msg,'/adm/placement'); + &finish_loading_course($r,$msg,'/adm/placement',$only_body); $r->rflush(); return OK; } @@ -831,8 +993,9 @@ ENDCLOSE if (($dest =~ m{^\Q/public/$cdom/$cnum/syllabus\E.*(\?|\&)usehttp=1}) || ($dest =~ m{^\Q/adm/wrapper/ext/\E(?!https:)})) { if ($ENV{'SERVER_PORT'} == 443) { - unless (&Apache::lonnet::uses_sts()) { - my $hostname = $r->hostname(); + my $hostname = $r->hostname(); + unless ((&Apache::lonnet::uses_sts()) || + (&Apache::lonnet::waf_allssl($hostname))) { if ($hostname ne '') { $dest = 'http://'.$hostname.$dest; } @@ -874,12 +1037,15 @@ ENDCLOSE $dest .= (($dest =~/\?/)? '&':'?').'symb='.$esc_symb; } } + if ($env{'form.ttoken'}) { + $dest .= (($dest =~/\?/)? '&':'?').'ttoken='.$env{'form.ttoken'}; + } unless ($env{'request.lti.login'}) { $msg = '

'.&mt('Entering [_1] ...', $env{'course.'.$cdom.'_'.$cnum.'.description'}). '

'; } - &finish_loading_course($r,$msg,$dest); + &finish_loading_course($r,$msg,$dest,$only_body); $r->rflush(); return OK; } @@ -894,39 +1060,60 @@ ENDCLOSE $msg = '

'.&mt('Entering [_1] ...', $env{'course.'.$cdom.'_'.$cnum.'.description'}). '

'; - &finish_loading_course($r,$msg,'/adm/whatsnew?refpage=start'); + &finish_loading_course($r,$msg,'/adm/whatsnew?refpage=start',$only_body); $r->rflush(); return OK; } } } # Are we allowed to look at the first resource? - my $access; - if ($furl =~ m{^(/adm/wrapper|)/ext/}) { - # If it's an external resource, - # strip off the symb argument and possible query - my ($exturl,$symb) = ($furl =~ m{^(.+)(?:\?|\&)symb=(.+)$}); - # Unencode $symb - $symb = &unescape($symb); - # Then check for permission - $access = &Apache::lonnet::allowed('bre',$exturl,$symb); - # For other resources just check for permission + # + # $furl returned by lonuserstate::readmap() has format: + # $url?symb=escaped($symb). If the resource has the + # encrypturl parameter in effect, the entire string + # $url?symb=escaped($symb) is encrypted as a string + # beginning /enc/. + # + my ($access,$unencfurl,$unencsymb); + if ($furl =~ m{^(.+)(?:\?|\&)symb=([^&]+)(?:$|&)}) { + my ($poss_url,$poss_symb) = ($1,$2); + $unencsymb = &unescape($poss_symb); + $unencfurl = $poss_url; + } elsif ($furl =~ m{^/enc/}) { + my $unenc = &Apache::lonenc::unencrypted($furl); + if ($unenc =~ m{^(.+)(?:\?|\&)symb=([^&]+)(?:$|&)}) { + ($unencfurl,$unencsymb) = ($1,$2); + $unencsymb = &unescape($unencsymb); + } else { + $unencfurl = $unenc; + } } else { - $access = &Apache::lonnet::allowed('bre',$furl); + $unencfurl = $furl; } - if (!$access) { + if ($unencsymb) { + my $symb = &Apache::lonnet::symbclean($unencsymb); + if (($symb ne '') && (&Apache::lonnet::symbverify($symb,$unencfurl))) { + $access = &Apache::lonnet::allowed('bre',$unencfurl,$symb); + } else { + $access = &Apache::lonnet::allowed('bre',$unencfurl); + } + } else { + $access = &Apache::lonnet::allowed('bre',$unencfurl); + } + if ((!$access) || ($access eq 'B') || ($access eq 'D')) { $furl = &Apache::lonpageflip::first_accessible_resource(); - } elsif ($access eq 'B') { - $furl = '/adm/navmaps?showOnlyHomework=1'; + if ($furl eq '') { + $furl = '/adm/navmaps?showOnlyHomework=1'; + } } if ($env{'request.lti.login'}) { undef($msg); - &finish_loading_course($r,$msg,$furl); + &finish_loading_course($r,$msg,$furl,$only_body); } else { $msg = '

'.&mt('Entering [_1] ...', $env{'course.'.$cdom.'_'.$cnum.'.description'}). '

'; - &finish_loading_course($r,$msg,$furl); + &finish_loading_course($r,$msg,$furl,$only_body); } } $r->rflush(); @@ -995,6 +1182,10 @@ ENDCLOSE $recent = &mt('Recent Courses'); $standby = &mt('Course selected. Please stand by.'); } + if (($norolelist) && ((split(/:/,$env{'user.error.msg'}))[2])) { + $crumbtext = 'Access Denied'; + $pagetitle = 'Unauthorized'; + } my $brcrum =[{href=>"/adm/roles",text=>$crumbtext}]; my %roles_in_env; @@ -1031,11 +1222,13 @@ ENDCLOSE $start_page=&Apache::loncommon::start_page($pagetitle,undef, {bread_crumbs=>$brcrum,crstype=>'Placement'}); } else { - $funcs = &get_roles_functions($showcount,$cattype); my $crumbsright; - if ($env{'browser.mobile'}) { - $crumbsright = $funcs; - undef($funcs); + unless (($norolelist) && ((split(/:/,$env{'user.error.msg'}))[2])) { + $funcs = &get_roles_functions($showcount,$cattype); + if ($env{'browser.mobile'}) { + $crumbsright = $funcs; + undef($funcs); + } } $start_page=&Apache::loncommon::start_page($pagetitle,undef,{bread_crumbs=>$brcrum, bread_crumbs_component=>$crumbsright}); @@ -1143,8 +1336,16 @@ ENDHEADER } if ($nochoose) { $r->print("

".&mt('Sorry ...')."

\n". - &mt('This action is currently not authorized.').''. - &Apache::loncommon::end_page()); + &mt('This action is currently not authorized.').''); + if ($error && $norolelist) { + $r->print('

'. + &mt('As your session was launched from a web page external to LON-CAPA some course content may be unavailable, including the resource you were trying to access.'). + '

'. + '

'. + &mt('You may need to login to LON-CAPA directly, or re-launch from a different external system.'). + '

'); + } + $r->print(&Apache::loncommon::end_page()); return OK; } else { if ($updateresult || $reqauthor || $hotlist) { @@ -1173,6 +1374,16 @@ ENDHEADER $r->print(''); $r->print(''); $r->print(''); + if ($blocked_by_ip) { + my $blocked_role = 'student'; + if ($blocked_type eq 'Community') { + $blocked_role = 'member'; + } + $r->print('

'. + &mt('The [_1] you selected is not available for access with a [_2] role from your current IP address: [_3].', + lc($blocked_type),$blocked_role,$clientip). + '

'); + } } $r->rflush(); @@ -1218,6 +1429,26 @@ ENDHEADER } } + if ($norolelist) { + if ($env{'request.role'}) { + my ($roletext,$role_text_end) = &display_curr_role($env{'request.role'}); + if ($roletext) { + $r->print(&Apache::loncommon::start_data_table('LC_textsize_mobile'). + &Apache::loncommon::start_data_table_row(). + $roletext. + &Apache::loncommon::end_data_table_row()); + if ($role_text_end) { + $r->print(&Apache::loncommon::continue_data_table_row(). + $role_text_end. + &Apache::loncommon::end_data_table_row()); + } + $r->print(&Apache::loncommon::end_data_table()); + } + } + $r->print(&Apache::loncommon::end_page()); + return OK; + } + # No active roles if ($countactive==0) { my $elapsed = 0; @@ -1790,7 +2021,7 @@ sub findcourse_advice { } else { $r->print('

'.&mt('If you were expecting to see an active role listed for a particular course, that course may not have been created yet.').'

'); if ($elapsed > 600) { - $r->print('

'.&mt('You may also have been assigned to a course in the time since you last logged-in, or checked for changes'). + $r->print('

'.&mt('You may also have been assigned to a course in the time since you last logged-in, or checked for changes.'). '
'. &mt('If that is the case you can use the "Check for changes" link in the gray Functions bar to update the list of your available course roles.').'

'); } @@ -2253,6 +2484,38 @@ sub display_cc_role { return ($roletext,$roletext_end); } +sub display_curr_role { + my ($currentrole) = @_; + my ($roletext,$roletext_end); + my $advanced = $env{'user.adv'}; + my $tryagain = $env{'form.tryagain'}; + my ($role,$rest) = split(m{\./},$currentrole,2); + unless (!defined($role) || $role eq '') { + if ($rest =~ m{^($match_domain)/($match_courseid)(?:/(\w+)|$)}) { + my $cdom = $1; + my $cnum = $2; + my $csec = $3; + my $cid = $cdom.'_'.$cnum; + my $ttype = $env{'course.'.$cid.'.type'}; + my $skipcal = 1; + my $tbg='LC_roles_is'; + my $twhere = $env{'course.'.$cid.'.description'}. + ' '. + &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$cnum,$cdom). + ''; + my $trole = &Apache::lonnet::plaintext($role,$ttype,$cid); + if ($csec) { + $twhere.= '  '.&mt('Section').': '.$csec; + } + if ($role ne 'st') { + $twhere.= '  '.&mt('Domain').': '.$cdom; + } + ($roletext,$roletext_end) = &build_roletext($currentrole,$cdom,$cnum,'is',$tryagain,$advanced,'',$tbg,$trole,$twhere,'','','',1,'','','',$skipcal); + } + } + return ($roletext,$roletext_end); +} + sub adhoc_roles_row { my ($dcdom,$rowtype) = @_; my $output = &Apache::loncommon::continue_data_table_row() @@ -3313,6 +3576,34 @@ sub ltienroll { } } +sub set_deeplink_target { + my ($cnum,$cdom) = @_; + if (($cnum ne '') && ($cdom ne '')) { + my $deeplink_symb = &Apache::loncommon::deeplink_login_symb($cnum,$cdom); + if ($deeplink_symb ne '') { + my $deeplink; + if ($deeplink_symb =~ /\.(page|sequence)$/) { + my $mapname = &Apache::lonnet::deversion((&Apache::lonnet::decode_symb($deeplink_symb))[2]); + my $navmap = Apache::lonnavmaps::navmap->new(); + if (ref($navmap)) { + $deeplink = $navmap->get_mapparam(undef,$mapname,'0.deeplink'); + } + } elsif ($deeplink_symb ne '') { + $deeplink = &Apache::lonnet::EXT('resource.0.deeplink',$deeplink_symb); + } + if ($deeplink ne '') { + my ($state,$others,$listed,$scope,$protect,$display,$target) = split(/,/,$deeplink); + if ($target ne '') { + &Apache::lonnet::appenv({'request.deeplink.target' => $target}); + } elsif (exists($env{'request.deeplink.target'})) { + &Apache::lonnet::delenv('request.deeplink.target'); + } + } + } + } + return; +} + 1; __END__