--- loncom/auth/lonroles.pm 2006/06/29 17:51:37 1.162.2.1
+++ loncom/auth/lonroles.pm 2015/04/13 18:32:43 1.311
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# User Roles Screen
#
-# $Id: lonroles.pm,v 1.162.2.1 2006/06/29 17:51:37 albertel Exp $
+# $Id: lonroles.pm,v 1.311 2015/04/13 18:32:43 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -27,12 +27,108 @@
#
###
+=pod
+
+=head1 NAME
+
+Apache::lonroles - User Roles Screen
+
+=head1 SYNOPSIS
+
+Invoked by /etc/httpd/conf/srm.conf:
+
+
+ PerlAccessHandler Apache::lonacc
+ SetHandler perl-script
+ PerlHandler Apache::lonroles
+ ErrorDocument 403 /adm/login
+ ErrorDocument 500 /adm/errorhandler
+
+
+=head1 OVERVIEW
+
+=head2 Choosing Roles
+
+C is a handler that allows a user to switch roles in
+mid-session. LON-CAPA attempts to work with "No Role Specified", the
+default role that a user has before selecting a role, as widely as
+possible, but certain handlers for example need specification which
+course they should act on, etc. Both in this scenario, and when the
+handler determines via C's C<&allowed> function that a certain
+action is not allowed, C is used as error handler. This
+allows the user to select another role which may have permission to do
+what they were trying to do.
+
+=begin latex
+
+\begin{figure}
+\begin{center}
+\includegraphics[width=0.45\paperwidth,keepaspectratio]{Sample_Roles_Screen}
+ \caption{\label{Sample_Roles_Screen}Sample Roles Screen}
+\end{center}
+\end{figure}
+
+=end latex
+
+=head2 Role Initialization
+
+The privileges for a user are established at login time and stored in the session environment. As a consequence, a new role does not become active till the next login. Handlers are able to query for privileges using C's C<&allowed> function. When a user first logs in, their role is the "common" role, which means that they have the sum of all of their privileges. During a session it might become necessary to choose a particular role, which as a consequence also limits the user to only the privileges in that particular role.
+
+=head1 INTRODUCTION
+
+This module enables a user to select what role he wishes to
+operate under (instructor, student, teaching assistant, course
+coordinator, etc). These roles are pre-established by the actions
+of upper-level users.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+
+=head1 HANDLER SUBROUTINE
+
+This routine is called by Apache and mod_perl.
+
+=over 4
+
+=item *
+
+Roles Initialization (yes/no)
+
+=item *
+
+Get Error Message from Environment
+
+=item *
+
+Who is this?
+
+=item *
+
+Generate Page Output
+
+=item *
+
+Choice or no choice
+
+=item *
+
+Table
+
+=item *
+
+Privileges
+
+=back
+
+=cut
+
+
package Apache::lonroles;
use strict;
use Apache::lonnet;
use Apache::lonuserstate();
-use Apache::Constants qw(:common);
+use Apache::Constants qw(:common REDIRECT);
use Apache::File();
use Apache::lonmenu;
use Apache::loncommon;
@@ -40,26 +136,28 @@ use Apache::lonhtmlcommon;
use Apache::lonannounce;
use Apache::lonlocal;
use Apache::lonpageflip();
+use Apache::lonnavdisplay();
+use Apache::loncoursequeueadmin;
+use Apache::longroup;
+use Apache::lonrss;
use GDBM_File;
-use LONCAPA;
-
+use LONCAPA qw(:DEFAULT :match);
+use HTML::Entities;
+
sub redirect_user {
- my ($r,$title,$url,$msg,$launch_nav) = @_;
+ my ($r,$title,$url,$msg) = @_;
$msg = $title if (! defined($msg));
&Apache::loncommon::content_type($r,'text/html');
&Apache::loncommon::no_cache($r);
$r->send_http_header;
- my $swinfo=&Apache::lonmenu::rawconfig();
- my $navwindow;
- if ($launch_nav eq 'on') {
- $navwindow.=&Apache::lonnavmaps::launch_win('now',undef,undef,
- ($url =~ m-^/adm/whatsnew-));
- } else {
- $navwindow.=&Apache::lonnavmaps::close();
- }
+
+ # Breadcrumbs
+ my $brcrum = [{'href' => $url,
+ 'text' => 'Switching Role'},];
my $start_page = &Apache::loncommon::start_page('Switching Role',undef,
- {'redirect' => [1,$url],});
+ {'redirect' => [1,$url],
+ 'bread_crumbs' => $brcrum,});
my $end_page = &Apache::loncommon::end_page();
# Note to style police:
@@ -67,11 +165,7 @@ sub redirect_user {
$url=~s/ /\%20/g;
$r->print(<
-$swinfo
-
-$navwindow
-
$msg
+
$msg
$end_page
ENDREDIR
return;
@@ -83,65 +177,224 @@ sub error_page {
&Apache::loncommon::no_cache($r);
$r->send_http_header;
return OK if $r->header_only;
- $r->print(&Apache::loncommon::start_page('Problems during Course Initialization').
- ''.
- '
'.&mt('The following problems occurred:').
+ # Breadcrumbs
+ my $brcrum = [{'href' => $dest,
+ 'text' => 'Problems during Course Initialization'},];
+ $r->print(&Apache::loncommon::start_page('Problems during Course Initialization',
+ undef,
+ {'bread_crumbs' => $brcrum,})
+ );
+ $r->print(
+ ''.
+ '
'.&mt('The following problems occurred:').
+ ' '.
$error.
- '
'
+ .&Apache::loncommon::end_data_table_empty_row()
+ );
+ }
+ $r->print($output);
+ }
+ }
}
- my $tremark='';
- my $tfont='#003300';
- if ($env{'request.role'} eq 'cm') {
- $r->print('
');
- $tremark=&mt('Currently selected. ');
- $tfont='#002200';
+}
+
+sub findcourse_advice {
+ my ($r,$cattype) = @_;
+ my $domdesc = &Apache::lonnet::domain($env{'user.domain'},'description');
+ my $esc_dom = &HTML::Entities::encode($env{'user.domain'},'"<>&');
+ if (&Apache::lonnet::auto_run(undef,$env{'user.domain'})) {
+ $r->print(&mt('If you were expecting to see an active role listed for a particular course in the [_1] domain, it may be missing for one of the following reasons:',$domdesc).'
+
+
'.&mt('The course has yet to be created.').'
+
'.&mt('Automatic enrollment of registered students has not been enabled for the course.').'
+
'.&mt('You are in a section of course for which automatic enrollment in the corresponding LON-CAPA course is not active.').'
+
'.&mt('The start date for automated enrollment has yet to be reached.').'
+
'.&mt('You registered for the course recently and there is a time lag between the time you register, and the time this information becomes available for the update of LON-CAPA course rosters.').'
+
');
} else {
- $r->print('
');
+ $r->print(&mt('If you were expecting to see an active role listed for a particular course, that course may not have been created yet.').' ');
}
- unless ($nochoose) {
- if ($env{'request.role'} ne 'cm') {
- $r->print('
'.&mt('The [_1]Course/Community Catalog[_2] provides information about all [_3] classes for which LON-CAPA courses have been created, as well as any communities in the domain.','','',$domdesc).' ');
+ $r->print(&mt('You can search for courses and communities which permit self-enrollment, if you would like to enroll in one.').'
';
+ foreach my $dom (@{$request_doms{$type}}) {
+ unless (grep(/^\Q$dom\E/,@reqdoms)) {
+ push(@reqdoms,$dom);
+ }
+ }
+ }
+ }
+ my @showtypes;
+ foreach my $type (@{$types}) {
+ if (grep(/^\Q$type\E$/,@reqtypes)) {
+ push(@showtypes,$type);
+ }
+ }
+ my $requrl = '/adm/requestcourse';
+ if (@reqdoms == 1) {
+ $requrl .= '?showdom='.$reqdoms[0];
+ }
+ if (@showtypes > 0) {
+ $requrl.=(($requrl=~/\?/)?'&':'?').'crstype='.$showtypes[0];
+ }
+ if (@reqdoms == 1 || @showtypes > 0) {
+ $requrl .= '&state=crstype&action=new';
+ }
+ if ($output) {
+ $r->print('
'.&mt('Request creation of a course or community').'
'.
+ '
'.
+ &mt('You have rights to request the creation of courses and/or communities in the following domain(s):').
+ '
'.
+ $output.
+ '
'.
+ &mt('Use the [_1]request form[_2] to submit a request for creation of a new course or community.',
+ '','').
+ '');
+ }
+ }
+ } elsif (!$env{'user.adv'}) {
+ if ($inrole) {
+ $r->print('
'.&mt('Currently no additional roles, courses or communities').'
');
+ } else {
+ $r->print('
'.&mt('Currently no active roles, courses or communities').'
');
+ }
+ &findcourse_advice($r,$cattype);
}
-# ------------------------------------------------------------ Privileges Info
- if (($advanced) && (($env{'user.error.msg'}) || ($error))) {
- $r->print('
Current Privileges
');
+ return;
+}
- foreach $envkey (sort keys %env) {
- if ($envkey=~/^user\.priv\.$env{'request.role'}\./) {
- my $where=$envkey;
- $where=~s/^user\.priv\.$env{'request.role'}\.//;
- my $ttype;
- my $twhere;
- my ($tdom,$trest,$tsec)=
- split(/\//,Apache::lonnet::declutter($where));
- if ($trest) {
- if ($env{'course.'.$tdom.'_'.$trest.'.description'} eq 'ca') {
- $ttype='Construction Space';
- $twhere='User: '.$trest.', Domain: '.$tdom;
- } else {
- $ttype=
- &Apache::loncommon::course_type($tdom.'_'.$trest);
- $twhere=$env{'course.'.$tdom.'_'.$trest.'.description'};
- if ($tsec) {
- $twhere.=' (Section: '.$tsec.')';
- }
+sub privileges_info {
+ my ($which) = @_;
+ my $output;
+
+ $which ||= $env{'request.role'};
+
+ foreach my $envkey (sort(keys(%env))) {
+ next if ($envkey!~/^user\.priv\.\Q$which\E\.(.*)/);
+
+ my $where=$1;
+ my $ttype;
+ my $twhere;
+ my (undef,$tdom,$trest,$tsec)=split(m{/},$where);
+ if ($trest) {
+ if ($env{'course.'.$tdom.'_'.$trest.'.description'} eq 'ca') {
+ $ttype='Authoring Space';
+ $twhere='User: '.$trest.', Domain: '.$tdom;
+ } else {
+ $ttype= &Apache::loncommon::course_type($tdom.'_'.$trest);
+ $twhere=$env{'course.'.$tdom.'_'.$trest.'.description'};
+ if ($tsec) {
+ my $sec_type = 'Section';
+ if (exists($env{"user.role.gr.$where"})) {
+ $sec_type = 'Group';
}
- } elsif ($tdom) {
- $ttype='Domain';
- $twhere=$tdom;
- } else {
- $ttype='System';
- $twhere='/';
+ $twhere.=' ('.$sec_type.': '.$tsec.')';
}
- $r->print("\n
".$ttype.': '.$twhere.'
');
- foreach (sort split(/:/,$env{$envkey})) {
- if ($_) {
- my ($prv,$restr)=split(/\&/,$_);
- my $trestr='';
- if ($restr ne 'F') {
- my $i;
- $trestr.=' (';
- for ($i=0;$iprint('
';
}
- return $roletext;
+ return ($roletext,$roletext_end);
}
-sub check_privs {
- my ($cdom,$cnum,$then,$now) = @_;
- my $cckey = 'user.role.cc./'.$cdom.'/'.$cnum;
- if ($env{$cckey}) {
- my ($role,$where,$trolecode,$tstart,$tend,$tremark,$tstatus,$tpstart,$tpend,$tfont);
- &role_status($cckey,$then,$now,\$role,\$where,\$trolecode,\$tstatus,\$tstart,\$tend);
- unless (($tstatus eq 'is') || ($tstatus eq 'will_not')) {
- &set_privileges($cdom,$cnum);
- }
+sub check_author_homeserver {
+ my ($uname,$udom)=@_;
+ if (($uname eq '') || ($udom eq '')) {
+ return ('fail','');
+ }
+ my $home = &Apache::lonnet::homeserver($uname,$udom);
+ if (&Apache::lonnet::host_domain($home) ne $udom) {
+ return ('fail',$home);
+ }
+ my @ids=&Apache::lonnet::current_machine_ids();
+ if (grep(/^\Q$home\E$/,@ids)) {
+ return ('ok',$home);
} else {
- &set_privileges($cdom,$cnum);
+ return ('switchserver',$home);
}
}
sub check_fordc {
- my ($dcroles,$then) = @_;
+ my ($dcroles,$update,$then) = @_;
my $numdc = 0;
if ($env{'user.adv'}) {
- foreach my $envkey (sort keys %env) {
- if ($envkey=~/^user\.role\.dc\.\/(\w+)\/$/) {
+ foreach my $envkey (sort(keys(%env))) {
+ if ($envkey=~/^user\.role\.dc\.\/($match_domain)\/$/) {
my $dcdom = $1;
my $livedc = 1;
my ($tstart,$tend)=split(/\./,$env{$envkey});
- if ($tstart && $tstart>$then) { $livedc = 0; }
- if ($tend && $tend <$then) { $livedc = 0; }
+ my $limit = $update;
+ if ($env{'request.role'} eq 'dc./'.$dcdom.'/') {
+ $limit = $then;
+ }
+ if ($tstart && $tstart>$limit) { $livedc = 0; }
+ if ($tend && $tend <$limit) { $livedc = 0; }
if ($livedc) {
$$dcroles{$dcdom} = $envkey;
$numdc++;
@@ -901,12 +1658,100 @@ sub check_fordc {
return $numdc;
}
+sub adhoc_course_role {
+ my ($refresh,$update,$then) = @_;
+ my ($cdom,$cnum,$crstype);
+ $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+ $crstype = &Apache::loncommon::course_type();
+ if (&check_forcc($cdom,$cnum,$refresh,$update,$then,$crstype)) {
+ my $setprivs;
+ if (!defined($env{'user.role.'.$env{'form.switchrole'}})) {
+ $setprivs = 1;
+ } else {
+ my ($start,$end) = split(/\./,$env{'user.role.'.$env{'form.switchrole'}});
+ if (($start && ($start>$refresh || $start == -1)) ||
+ ($end && $end<$update)) {
+ $setprivs = 1;
+ }
+ }
+ unless ($setprivs) {
+ if (!exists($env{'user.priv.'.$env{'form.switchrole'}.'./'})) {
+ $setprivs = 1;
+ }
+ }
+ if ($setprivs) {
+ if ($env{'form.switchrole'} =~ m-^(in|ta|ep|ad|st|cr)(.*?)\./\Q$cdom\E/\Q$cnum\E/?(\w*)$-) {
+ my $role = $1;
+ my $custom_role = $2;
+ my $usec = $3;
+ if ($role eq 'cr') {
+ if ($custom_role =~ m-^/$match_domain/$match_username/\w+$-) {
+ $role .= $custom_role;
+ } else {
+ return;
+ }
+ }
+ my (%userroles,%newrole,%newgroups,%group_privs);
+ my %cgroups =
+ &Apache::lonnet::get_active_groups($env{'user.domain'},
+ $env{'user.name'},$cdom,$cnum);
+ foreach my $group (keys(%cgroups)) {
+ $group_privs{$group} =
+ $env{'user.priv.cc./'.$cdom.'/'.$cnum.'./'.$cdom.'/'.$cnum.'/'.$group};
+ }
+ $newgroups{'/'.$cdom.'/'.$cnum} = \%group_privs;
+ my $area = '/'.$cdom.'/'.$cnum;
+ my $spec = $role.'.'.$area;
+ if ($usec ne '') {
+ $spec .= '/'.$usec;
+ $area .= '/'.$usec;
+ }
+ if ($role =~ /^cr/) {
+ &Apache::lonnet::custom_roleprivs(\%newrole,$role,$cdom,$cnum,$spec,$area);
+ } else {
+ &Apache::lonnet::standard_roleprivs(\%newrole,$role,$cdom,$spec,$cnum,$area);
+ }
+ &Apache::lonnet::set_userprivs(\%userroles,\%newrole,\%newgroups);
+ my $adhocstart = $refresh-1;
+ $userroles{'user.role.'.$spec} = $adhocstart.'.';
+ &Apache::lonnet::appenv(\%userroles,[$role,'cm']);
+ }
+ }
+ }
+ return;
+}
+
+sub check_forcc {
+ my ($cdom,$cnum,$refresh,$update,$then,$crstype) = @_;
+ my ($is_cc,$ccrole);
+ if ($crstype eq 'Community') {
+ $ccrole = 'co';
+ } else {
+ $ccrole = 'cc';
+ }
+ if (&Apache::lonnet::is_course($cdom,$cnum)) {
+ my $envkey = 'user.role.'.$ccrole.'./'.$cdom.'/'.$cnum;
+ if (defined($env{$envkey})) {
+ $is_cc = 1;
+ my ($tstart,$tend)=split(/\./,$env{$envkey});
+ my $limit = $update;
+ if ($env{'request.role'} eq $ccrole.'./'.$cdom.'/'.$cnum) {
+ $limit = $then;
+ }
+ if ($tstart && $tstart>$refresh) { $is_cc = 0; }
+ if ($tend && $tend <$limit) { $is_cc = 0; }
+ }
+ }
+ return $is_cc;
+}
+
sub courselink {
- my ($dcdom,$rowtype,$selecttype) = @_;
+ my ($dcdom,$rowtype) = @_;
my $courseform=&Apache::loncommon::selectcourse_link
('rolechoice','dccourse'.$rowtype.'_'.$dcdom,
'dcdomain'.$rowtype.'_'.$dcdom,'coursedesc'.$rowtype.'_'.
- $dcdom,$dcdom,undef,$selecttype);
+ $dcdom,$dcdom,undef,'Course/Community');
my $hiddenitems = ''.
''.
''.
@@ -915,8 +1760,13 @@ sub courselink {
}
sub coursepick_jscript {
+ my %lt = &Apache::lonlocal::texthash(
+ plsu => "Please use the 'Select Course/Community' link to open a separate pick course window where you may select the course or community you wish to enter.",
+ youc => 'You can only use this screen to select courses and communities in the current domain.',
+ );
my $verify_script = <<"END";
-
END
return $verify_script;
}
-sub processpick {
- my $process_pick = <<"END";
-
-END
- return $process_pick;
+sub coauthorlink {
+ my ($dcdom,$rowtype) = @_;
+ my $coauthorform=&Apache::loncommon::selectauthor_link('rolechoice',$dcdom);
+ my $hiddenitems = '';
+ return $coauthorform.$hiddenitems;
}
sub display_cc_role {
my $rolekey = shift;
- my $roletext;
+ my ($roletext,$roletext_end);
my $advanced = $env{'user.adv'};
my $tryagain = $env{'form.tryagain'};
unless ($rolekey =~/^error\:/) {
- if ($rolekey =~ m-^user\.role.cc\./(\w+)/(\w+)$-) {
- my $tcourseid = $1.'_'.$2;
- my $trolecode = 'cc./'.$1.'/'.$2;
+ if ($rolekey =~ m{^user\.role\.(cc|co)\./($match_domain)/($match_courseid)$}) {
+ my $ccrole = $1;
+ my $tdom = $2;
+ my $trest = $3;
+ my $tcourseid = $tdom.'_'.$trest;
+ my $trolecode = $ccrole.'./'.$tdom.'/'.$trest;
my $twhere;
my $ttype;
- my $tbg='#77FF77';
- my $tfont='#003300';
+ my $tbg='LC_roles_is';
my %newhash=&Apache::lonnet::coursedescription($tcourseid);
if (%newhash) {
$twhere=$newhash{'description'}.
- ' '.
- &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$2,$1,$tfont).
- '';
+ ' '.
+ &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$trest,$tdom).
+ '';
$ttype = $newhash{'type'};
} else {
$twhere=&mt('Currently not available');
$env{'course.'.$tcourseid.'.description'}=$twhere;
}
- my $trole = &Apache::lonnet::plaintext('cc',$ttype);
- $twhere.=" ".&mt('Domain').":".$1;
- $roletext = &build_roletext($trolecode,$1,$2,'is',$tryagain,$advanced,'',$tbg,$tfont,$trole,$twhere,'','','',1,'');
+ my $trole = &Apache::lonnet::plaintext($ccrole,$ttype,$tcourseid);
+ $twhere.=" ".&mt('Domain').":".$tdom;
+ ($roletext,$roletext_end) = &build_roletext($trolecode,$tdom,$trest,'is',$tryagain,$advanced,'',$tbg,$trole,$twhere,'','','',1,'');
}
}
- return ($roletext);
+ return ($roletext,$roletext_end);
}
-sub allcourses_row {
+sub adhoc_roles_row {
my ($dcdom,$rowtype) = @_;
- my $output = '
'.
- '
';
- foreach my $type ('Course') {
- my $selectlink = &courselink($dcdom,$rowtype,$type);
- my $ccrole = &Apache::lonnet::plaintext('cc',$type);
- $output.= ''.$ccrole.''.
- ' '.$selectlink.''.
- ' from '.&mt('Domain').' '.$dcdom.' ';
- }
- $output .= '
'."\n";
+ my $output = &Apache::loncommon::continue_data_table_row()
+ .'
'
+ .&mt('[_1]Ad hoc[_2] roles in domain [_3] --'
+ ,'','',$dcdom)
+ .' ';
+ my $selectcclink = &courselink($dcdom,$rowtype);
+ my $ccrole = &Apache::lonnet::plaintext('co',undef,undef,1);
+ my $carole = &Apache::lonnet::plaintext('ca');
+ my $selectcalink = &coauthorlink($dcdom,$rowtype);
+ $output.=$ccrole.': '.$selectcclink
+ .' | '.$carole.': '.$selectcalink.'
'
+ .&Apache::loncommon::end_data_table_row();
return $output;
}
@@ -1028,29 +1864,6 @@ sub recent_filename {
return 'nohist_recent_'.&escape($area);
}
-sub set_privileges {
- my ($dcdom,$pickedcourse) = @_;
- my $area = '/'.$dcdom.'/'.$pickedcourse;
- my $role = 'cc';
- my $spec = $role.'.'.$area;
- my %userroles = &Apache::lonnet::set_arearole($role,$area,'','',$dcdom,$env{'user.name'});
- my %ccrole = ();
- &Apache::lonnet::standard_roleprivs(\%ccrole,$role,$dcdom,$spec,$pickedcourse,$area);
- my ($author,$adv)= &Apache::lonnet::set_userprivs(\%userroles,\%ccrole);
- &Apache::lonnet::appenv(%userroles);
- &Apache::lonnet::log($env{'user.domain'},
- $env{'user.name'},
- $env{'user.home'},
- "Role ".$role);
- &Apache::lonnet::appenv(
- 'request.role' => $spec,
- 'request.role.domain' => $dcdom,
- 'request.course.sec' => '');
- my $tadv=0;
- if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; }
- &Apache::lonnet::appenv('request.role.adv' => $tadv);
-}
-
sub courseloadpage {
my ($courseid) = @_;
my $startpage;
@@ -1068,6 +1881,909 @@ sub courseloadpage {
return $startpage;
}
+sub update_session_roles {
+ my $then=$env{'user.login.time'};
+ my $refresh=$env{'user.refresh.time'};
+ if (!$refresh) {
+ $refresh = $then;
+ }
+ my $update = $env{'user.update.time'};
+ if (!$update) {
+ $update = $then;
+ }
+ my $now = time;
+ my %roleshash =
+ &Apache::lonnet::get_my_roles('','','userroles',
+ ['active','future','previous'],
+ undef,undef,1);
+ my ($msg,@newsec,$oldsec,$currrole_expired,@changed_roles,
+ %changed_groups,%dbroles,%deletedroles,%allroles,%allgroups,
+ %userroles,%checkedgroup,%crprivs,$hasgroups,%rolechange,
+ %groupchange,%newrole,%newgroup,%customprivchg,%groups_roles,
+ @rolecodes);
+ my @possroles = ('cr','st','ta','ad','ep','in','co','cc');
+ my %courseroles;
+ foreach my $item (keys(%roleshash)) {
+ my ($uname,$udom,$role,$remainder) = split(/:/,$item,4);
+ my ($tstart,$tend) = split(/:/,$roleshash{$item});
+ my ($section,$group,@group_privs);
+ if ($role =~ m{^gr/(\w*)$}) {
+ $role = 'gr';
+ my $priv = $1;
+ next if ($tstart eq '-1');
+ if (&curr_role_status($tstart,$tend,$refresh,$now) eq 'active') {
+ if ($priv ne '') {
+ push(@group_privs,$priv);
+ }
+ }
+ if ($remainder =~ /:/) {
+ (my $additional_privs,$group) =
+ ($remainder =~ /^([\w:]+):([^:]+)$/);
+ if ($additional_privs ne '') {
+ if (&curr_role_status($tstart,$tend,$refresh,$now) eq 'active') {
+ push(@group_privs,split(/:/,$additional_privs));
+ @group_privs = sort(@group_privs);
+ }
+ }
+ } else {
+ $group = $remainder;
+ }
+ } else {
+ $section = $remainder;
+ }
+ my $where = "/$udom/$uname";
+ if ($section ne '') {
+ $where .= "/$section";
+ } elsif ($group ne '') {
+ $where .= "/$group";
+ }
+ my $rolekey = "$role.$where";
+ my $envkey = "user.role.$rolekey";
+ $dbroles{$envkey} = 1;
+ if (($env{'request.role'} eq $rolekey) && ($role ne 'st')) {
+ if (&curr_role_status($tstart,$tend,$refresh,$now) ne 'active') {
+ $currrole_expired = 1;
+ }
+ }
+ if ($env{$envkey} eq '') {
+ my $status_in_db =
+ &curr_role_status($tstart,$tend,$now,$now);
+ &gather_roleprivs(\%allroles,\%allgroups,\%userroles,$where,$role,$tstart,$tend,$status_in_db);
+ if (($role eq 'st') && ($env{'request.role'} =~ m{^\Q$role\E\.\Q/$udom/$uname\E})) {
+ if ($status_in_db eq 'active') {
+ if ($section eq '') {
+ push(@newsec,'none');
+ } else {
+ push(@newsec,$section);
+ }
+ }
+ } else {
+ unless (grep(/^\Q$role\E$/,@changed_roles)) {
+ push(@changed_roles,$role);
+ }
+ if ($status_in_db ne 'previous') {
+ if ($role eq 'gr') {
+ $newgroup{$rolekey} = $status_in_db;
+ if ($status_in_db eq 'active') {
+ unless (ref($courseroles{$udom}) eq 'HASH') {
+ %{$courseroles{$udom}} =
+ &Apache::lonnet::get_my_roles('','','userroles',
+ ['active'],\@possroles,
+ [$udom],1);
+ }
+ &Apache::lonnet::get_groups_roles($udom,$uname,
+ $courseroles{$udom},
+ \@rolecodes,\%groups_roles);
+ }
+ } else {
+ $newrole{$rolekey} = $status_in_db;
+ }
+ }
+ }
+ } else {
+ my ($currstart,$currend) = split(/\./,$env{$envkey});
+ if ($role eq 'gr') {
+ if (&curr_role_status($currstart,$currend,$refresh,$update) ne 'previous') {
+ $hasgroups = 1;
+ }
+ }
+ if (($currstart ne $tstart) || ($currend ne $tend)) {
+ my $status_in_env =
+ &curr_role_status($currstart,$currend,$refresh,$update);
+ my $status_in_db =
+ &curr_role_status($tstart,$tend,$now,$now);
+ if ($status_in_env ne $status_in_db) {
+ if ($status_in_env eq 'active') {
+ if ($role eq 'st') {
+ if ($env{'request.role'} eq $rolekey) {
+ my $switchsection;
+ unless (ref($courseroles{$udom}) eq 'HASH') {
+ %{$courseroles{$udom}} =
+ &Apache::lonnet::get_my_roles('','','userroles',
+ ['active'],
+ \@possroles,[$udom],1);
+ }
+ foreach my $crsrole (keys(%{$courseroles{$udom}})) {
+ if ($crsrole =~ /^\Q$uname\E:\Q$udom\E:st/) {
+ $switchsection = 1;
+ last;
+ }
+ }
+ if ($switchsection) {
+ if ($section eq '') {
+ $oldsec = 'none';
+ } else {
+ $oldsec = $section;
+ }
+ &gather_roleprivs(\%allroles,\%allgroups,\%userroles,$where,$role,$tstart,$tend,$status_in_db);
+ } else {
+ $currrole_expired = 1;
+ next;
+ }
+ }
+ }
+ unless ($rolekey eq $env{'request.role'}) {
+ if ($role eq 'gr') {
+ &Apache::lonnet::delete_env_groupprivs($where,\%courseroles,\@possroles);
+ } else {
+ &Apache::lonnet::delenv("user.priv.$rolekey",undef,[$role]);
+ &Apache::lonnet::delenv("user.priv.cm.$where",undef,['cm']);
+ }
+ &gather_roleprivs(\%allroles,\%allgroups,\%userroles,$where,$role,$tstart,$tend,$status_in_db);
+ }
+ } elsif ($status_in_db eq 'active') {
+ if (($role eq 'st') &&
+ ($env{'request.role'} =~ m{^\Q$role\E\.\Q/$udom/$uname\E})) {
+ if ($section eq '') {
+ push(@newsec,'none');
+ } else {
+ push(@newsec,$section);
+ }
+ } elsif ($role eq 'gr') {
+ unless (ref($courseroles{$udom}) eq 'HASH') {
+ %{$courseroles{$udom}} =
+ &Apache::lonnet::get_my_roles('','','userroles',
+ ['active'],
+ \@possroles,[$udom],1);
+ }
+ &Apache::lonnet::get_groups_roles($udom,$uname,
+ $courseroles{$udom},
+ \@rolecodes,\%groups_roles);
+ }
+ &gather_roleprivs(\%allroles,\%allgroups,\%userroles,$where,$role,$tstart,$tend,$status_in_db);
+ }
+ unless (grep(/^\Q$role\E$/,@changed_roles)) {
+ push(@changed_roles,$role);
+ }
+ if ($role eq 'gr') {
+ $groupchange{"/$udom/$uname"}{$group} = $status_in_db;
+ } else {
+ $rolechange{$rolekey} = $status_in_db;
+ }
+ }
+ } else {
+ if ($role eq 'gr') {
+ unless ($checkedgroup{$where}) {
+ my $status_in_db =
+ &curr_role_status($tstart,$tend,$refresh,$now);
+ if ($tstart eq '-1') {
+ $status_in_db = 'deleted';
+ }
+ unless (ref($courseroles{$udom}) eq 'HASH') {
+ %{$courseroles{$udom}} =
+ &Apache::lonnet::get_my_roles('','','userroles',
+ ['active'],
+ \@possroles,[$udom],1);
+ }
+ if (ref($courseroles{$udom}) eq 'HASH') {
+ foreach my $item (keys(%{$courseroles{$udom}})) {
+ next unless ($item =~ /^\Q$uname\E/);
+ my ($cnum,$cdom,$crsrole,$crssec) = split(/:/,$item);
+ my $area = '/'.$cdom.'/'.$cnum;
+ if ($crssec ne '') {
+ $area .= '/'.$crssec;
+ }
+ my $crsrolekey = $crsrole.'.'.$area;
+ my $currprivs = $env{'user.priv.'.$crsrole.'.'.$area.'.'.$where};
+ $currprivs =~ s/^://;
+ $currprivs =~ s/\&F$//;
+ my @curr_grp_privs = split(/\&F:/,$currprivs);
+ @curr_grp_privs = sort(@curr_grp_privs);
+ my @diffs;
+ if (@group_privs > 0 || @curr_grp_privs > 0) {
+ @diffs = &Apache::loncommon::compare_arrays(\@group_privs,\@curr_grp_privs);
+ }
+ if (@diffs == 0) {
+ last;
+ } else {
+ unless(grep(/^\Qgr\E$/,@rolecodes)) {
+ push(@rolecodes,'gr');
+ }
+ &gather_roleprivs(\%allroles,\%allgroups,
+ \%userroles,$where,$role,
+ $tstart,$tend,$status_in_db);
+ if ($status_in_db eq 'active') {
+ &Apache::lonnet::get_groups_roles($udom,$uname,
+ $courseroles{$udom},
+ \@rolecodes,\%groups_roles);
+ }
+ $changed_groups{$udom.'_'.$uname}{$group} = $status_in_db;
+ last;
+ }
+ }
+ }
+ $checkedgroup{$where} = 1;
+ }
+ } elsif ($role =~ /^cr/) {
+ my $status_in_db =
+ &curr_role_status($tstart,$tend,$refresh,$now);
+ my ($rdummy,$rest) = split(/\//,$role,2);
+ my %currpriv;
+ unless (exists($crprivs{$rest})) {
+ my ($rdomain,$rauthor,$rrole)=split(/\//,$rest);
+ my $homsvr=&Apache::lonnet::homeserver($rauthor,$rdomain);
+ if (&Apache::lonnet::hostname($homsvr) ne '') {
+ my ($rdummy,$roledef)=
+ &Apache::lonnet::get('roles',["rolesdef_$rrole"],
+ $rdomain,$rauthor);
+ if (($rdummy ne 'con_lost') && ($roledef ne '')) {
+ my $i = 0;
+ my @scopes = ('sys','dom','crs');
+ my @privs = split(/\_/,$roledef);
+ foreach my $priv (@privs) {
+ my ($blank,@prv) = split(/:/,$priv);
+ @prv = map { $_ .= (/\&\w+$/ ? '':'&F') } @prv;
+ if (@prv) {
+ $priv = ':'.join(':',sort(@prv));
+ }
+ $crprivs{$rest}{$scopes[$i]} = $priv;
+ $i++;
+ }
+ }
+ }
+ }
+ my $status_in_env =
+ &curr_role_status($currstart,$currend,$refresh,$update);
+ if ($status_in_env eq 'active') {
+ $currpriv{sys} = $env{"user.priv.$rolekey./"};
+ $currpriv{dom} = $env{"user.priv.$rolekey./$udom/"};
+ $currpriv{crs} = $env{"user.priv.$rolekey.$where"};
+ if (keys(%crprivs)) {
+ if (($crprivs{$rest}{sys} ne $currpriv{sys}) ||
+ ($crprivs{$rest}{dom} ne $currpriv{dom})
+ ||
+ ($crprivs{$rest}{crs} ne $currpriv{crs})) {
+ &gather_roleprivs(\%allroles,\%allgroups,
+ \%userroles,$where,$role,
+ $tstart,$tend,$status_in_db);
+ unless (grep(/^\Q$role\E$/,@changed_roles)) {
+ push(@changed_roles,$role);
+ }
+ $customprivchg{$rolekey} = $status_in_env;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ foreach my $envkey (keys(%env)) {
+ next unless ($envkey =~ /^user\.role\./);
+ next if ($dbroles{$envkey});
+ next if ($envkey eq 'user.role.'.$env{'request.role'});
+ my ($currstart,$currend) = split(/\./,$env{$envkey});
+ my $status_in_env =
+ &curr_role_status($currstart,$currend,$refresh,$update);
+ my ($rolekey) = ($envkey =~ /^user\.role\.(.+)$/);
+ my ($role,$rest)=split(m{\./},$rolekey,2);
+ $rest = '/'.$rest;
+ if (&Apache::lonnet::delenv($envkey,undef,[$role])) {
+ if ($status_in_env eq 'active') {
+ if ($role eq 'gr') {
+ &Apache::lonnet::delete_env_groupprivs($rest,\%courseroles,
+ \@possroles);
+ } else {
+ &Apache::lonnet::delenv("user.priv.$rolekey",undef,[$role]);
+ &Apache::lonnet::delenv("user.priv.cm.$rest",undef,['cm']);
+ }
+ unless (grep(/^\Q$role\E$/,@changed_roles)) {
+ push(@changed_roles,$role);
+ }
+ $deletedroles{$rolekey} = 1;
+ }
+ }
+ }
+ if (($oldsec) && (@newsec > 0)) {
+ if (@newsec > 1) {
+ $msg = '
'.&mt('The section has changed for your current role. Log-out and log-in again to select a role for the new section.').'
';
+ } else {
+ my $newrole = $env{'request.role'};
+ if ($newsec[0] eq 'none') {
+ $newrole =~ s{(/[^/])$}{};
+ } elsif ($oldsec eq 'none') {
+ $newrole .= '/'.$newsec[0];
+ } else {
+ $newrole =~ s{([^/]+)$}{$newsec[0]};
+ }
+ my $coursedesc = $env{'course.'.$env{'request.course.id'}.'.description'};
+ my ($curr_role) = ($env{'request.role'} =~ m{^(\w+)\./$match_domain/$match_courseid});
+ my %temp=('logout_'.$env{'request.course.id'} => time);
+ &Apache::lonnet::put('email_status',\%temp);
+ &Apache::lonnet::delenv('user.state.'.$env{'request.course.id'});
+ &Apache::lonnet::appenv({"request.course.id" => '',
+ "request.course.fn" => '',
+ "request.course.uri" => '',
+ "request.course.sec" => '',
+ "request.role" => 'cm',
+ "request.role.adv" => $env{'user.adv'},
+ "request.role.domain" => $env{'user.domain'}});
+ my $rolename = &Apache::loncommon::plainname($curr_role);
+ $msg = ''.
+ ''.
+ ''.
+ ''.
+ &mt('Your section has changed for your current [_1] role in [_2].',$rolename,$coursedesc).' ';
+ my $button = '';
+ if ($newsec[0] eq 'none') {
+ $msg .= &mt('[_1] to continue with your new section-less role.',$button);
+ } else {
+ $msg .= &mt('[_1] to continue with your new role in section ([_2]).',$button,$newsec[0]);
+ }
+ $msg .= '';
+ }
+ } elsif ($currrole_expired) {
+ $msg .= '
';
+ if (&Apache::loncommon::show_course()) {
+ $msg .= &mt('Your role in the current course has expired.');
+ } else {
+ $msg .= &mt('Your current role has expired.');
+ }
+ $msg .= ' '.&mt('However you can continue to use this role until you logout, click the "Re-Select" button, or your session has been idle for more than 24 hours.').'
';
+ }
+ &Apache::lonnet::set_userprivs(\%userroles,\%allroles,\%allgroups,\%groups_roles);
+ my ($curr_is_adv,$curr_role_adv,$curr_author,$curr_role_author);
+ $curr_author = $env{'user.author'};
+ if (($env{'request.role'} =~/^au/) || ($env{'request.role'} =~/^ca/) ||
+ ($env{'request.role'} =~/^aa/)) {
+ $curr_role_author=1;
+ }
+ $curr_is_adv = $env{'user.adv'};
+ $curr_role_adv = $env{'request.role.adv'};
+ if (keys(%userroles) > 0) {
+ foreach my $role (@changed_roles) {
+ unless(grep(/^\Q$role\E$/,@rolecodes)) {
+ push(@rolecodes,$role);
+ }
+ }
+ unless(grep(/^\Qcm\E$/,@rolecodes)) {
+ push(@rolecodes,'cm');
+ }
+ &Apache::lonnet::appenv(\%userroles,\@rolecodes);
+ }
+ my %newenv;
+ if (&Apache::lonnet::is_advanced_user($env{'user.domain'},$env{'user.name'})) {
+ unless ($curr_is_adv) {
+ $newenv{'user.adv'} = 1;
+ }
+ } elsif ($curr_is_adv && !$curr_role_adv) {
+ &Apache::lonnet::delenv('user.adv');
+ }
+ my %authorroleshash =
+ &Apache::lonnet::get_my_roles('','','userroles',['active'],['au','ca','aa']);
+ if (keys(%authorroleshash)) {
+ unless ($curr_author) {
+ $newenv{'user.author'} = 1;
+ }
+ } elsif ($curr_author && !$curr_role_author) {
+ &Apache::lonnet::delenv('user.author');
+ }
+ if ($env{'request.course.id'}) {
+ my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+ my (@activecrsgroups,$crsgroupschanged);
+ if ($env{'request.course.groups'}) {
+ @activecrsgroups = split(/:/,$env{'request.course.groups'});
+ foreach my $item (keys(%deletedroles)) {
+ if ($item =~ m{^gr\./\Q$cdom\E/\Q$cnum\E/(\w+)$}) {
+ if (grep(/^\Q$1\E$/,@activecrsgroups)) {
+ $crsgroupschanged = 1;
+ last;
+ }
+ }
+ }
+ }
+ unless ($crsgroupschanged) {
+ foreach my $item (keys(%newgroup)) {
+ if ($item =~ m{^gr\./\Q$cdom\E/\Q$cnum\E/(\w+)$}) {
+ if ($newgroup{$item} eq 'active') {
+ $crsgroupschanged = 1;
+ last;
+ }
+ }
+ }
+ }
+ if ((ref($changed_groups{$env{'request.course.id'}}) eq 'HASH') ||
+ (ref($groupchange{"/$cdom/$cnum"}) eq 'HASH') ||
+ ($crsgroupschanged)) {
+ my %grouproles = &Apache::lonnet::get_my_roles('','','userroles',
+ ['active'],['gr'],[$cdom],1);
+ my @activegroups;
+ foreach my $item (keys(%grouproles)) {
+ next unless($item =~ /^\Q$cnum\E:\Q$cdom\E/);
+ my $group;
+ my ($crsn,$crsd,$role,$remainder) = split(/:/,$item,4);
+ if ($remainder =~ /:/) {
+ (my $other,$group) = ($remainder =~ /^([\w:]+):([^:]+)$/);
+ } else {
+ $group = $remainder;
+ }
+ if ($group ne '') {
+ push(@activegroups,$group);
+ }
+ }
+ $newenv{'request.course.groups'} = join(':',@activegroups);
+ }
+ }
+ if (keys(%newenv)) {
+ &Apache::lonnet::appenv(\%newenv);
+ }
+ if (!@changed_roles || !(keys(%changed_groups))) {
+ my ($rolesmsg,$groupsmsg);
+ if (!@changed_roles) {
+ if (&Apache::loncommon::show_course()) {
+ $rolesmsg = &mt('No new courses or communities');
+ } else {
+ $rolesmsg = &mt('No role changes');
+ }
+ }
+ if ($hasgroups && !(keys(%changed_groups)) && !(grep(/gr/,@changed_roles))) {
+ $groupsmsg = &mt('No changes in course/community groups');
+ }
+ if (!@changed_roles && !(keys(%changed_groups))) {
+ if (($msg ne '') || ($groupsmsg ne '')) {
+ $msg .= '
';
+ if ($rolesmsg) {
+ $msg .= '
'.$rolesmsg.'
';
+ }
+ if ($groupsmsg) {
+ $msg .= '
'.$groupsmsg.'
';
+ }
+ $msg .= '
';
+ } else {
+ $msg = ' '.$rolesmsg.' ';
+ }
+ return $msg;
+ }
+ }
+ my $changemsg;
+ if (@changed_roles > 0) {
+ if (keys(%newgroup) > 0) {
+ my $groupmsg;
+ my (%curr_groups,%groupdescs,$currcrs);
+ foreach my $item (sort(keys(%newgroup))) {
+ if (&is_active_course($item,$refresh,$update,\%roleshash)) {
+ if ($item =~ m{^gr\./($match_domain/$match_courseid)/(\w+)$}) {
+ my ($cdom,$cnum) = split(/\//,$1);
+ my $group = $2;
+ if ($currcrs ne $cdom.'_'.$cnum) {
+ if ($currcrs) {
+ $groupmsg .= '
';
+ }
+ if ($env{'environment.canrequest.author'}) {
+ unless (&Apache::loncoursequeueadmin::is_active_author()) {
+ my $requestauthor;
+ my ($status,$timestamp) = split(/:/,$env{'environment.requestauthorqueued'});
+ if (($status eq 'approval') || ($status eq 'approved')) {
+ $output .= '
'.&mt('Author role request').' ';
+ if ($status eq 'approval') {
+ $output .= &mt('A request for Authoring Space submitted on [_1] is awaiting approval',
+ &Apache::lonlocal::locallocaltime($timestamp));
+ } elsif ($status eq 'approved') {
+ my %roleshash =
+ &Apache::lonnet::get_my_roles($env{'user.name'},$env{'user.domain'},'userroles',
+ ['active'],['au'],[$env{'user.domain'}]);
+ if (keys(%roleshash)) {
+ $output .= ''.
+ &mt('Your request for an author role has been approved.').' '.
+ &mt('Use the "Check for changes" link to update your list of roles.').
+ '';
+ }
+ }
+ $output .= '
';
+ }
+ }
+ }
+ unless ($output) {
+ if ($env{'environment.canrequest.author'} || $env{'environment.canrequest.official'} ||
+ $env{'environment.canrequest.unofficial'} || $env{'environment.canrequest.community'}) {
+ $output = &mt('No requests for courses, communities or authoring currently queued');
+ } else {
+ $output = &mt('No enrollment requests currently queued awaiting approval');
+ }
+ }
+ return ' ';
+}
+
1;
__END__
@@ -1099,8 +2815,7 @@ course they should act on, etc. Both in
handler determines via C's C<&allowed> function that a certain
action is not allowed, C is used as error handler. This
allows the user to select another role which may have permission to do
-what they were trying to do. C can also be accessed via the
-B button in the Remote Control.
+what they were trying to do.
=begin latex
500 Internal Server Error
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
Please contact the server administrator at
root@localhost to inform them of the time this error occurred,
and the actions you performed just before this error.
More information about this error may be available
in the server error log.