--- loncom/auth/lonroles.pm 2001/12/29 21:09:47 1.33 +++ loncom/auth/lonroles.pm 2004/11/12 15:33:32 1.108 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # User Roles Screen # -# $Id: lonroles.pm,v 1.33 2001/12/29 21:09:47 www Exp $ +# $Id: lonroles.pm,v 1.108 2004/11/12 15:33:32 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -25,22 +25,6 @@ # # http://www.lon-capa.org/ # -# (Directory Indexer -# (Login Screen -# YEAR=1999 -# 5/21/99,5/22,5/25,5/26,5/31,6/2,6/10,7/12,7/14 Gerd Kortemeyer) -# 11/23 Gerd Kortemeyer) -# YEAR=2000 -# 1/14,03/06,06/01,07/22,07/24,07/25, -# 09/04,09/06,09/28,09/29,09/30,10/2,10/5,10/26,10/28, -# 12/08,12/28, -# YEAR=2001 -# 01/15/01 Gerd Kortemeyer -# 02/27/01 Scott Harrison -# 03/02,05/03,05/25,05/30,06/01,07/06,08/06 Gerd Kortemeyer -# 12/21 Scott Harrison -# 12/29 Gerd Kortemeyer -# ### package Apache::lonroles; @@ -52,6 +36,44 @@ use Apache::Constants qw(:common); use Apache::File(); use Apache::lonmenu; use Apache::loncommon; +use Apache::lonhtmlcommon; +use Apache::lonannounce; +use Apache::lonlocal; + +sub redirect_user { + my ($r,$title,$url,$msg,$launch_nav) = @_; + $msg = $title if (! defined($msg)); + &Apache::loncommon::content_type($r,'text/html'); + &Apache::loncommon::no_cache($r); + $r->send_http_header; + my $swinfo=&Apache::lonmenu::rawconfig(); + my $navwindow; + if ($launch_nav eq 'on') { + $navwindow.=&Apache::lonnavmaps::launch_win('now'); + } else { + $navwindow.=&Apache::lonnavmaps::close(); + } + my $bodytag=&Apache::loncommon::bodytag('Switching Role'); +# Note to style police: +# This must only replace the spaces, nothing else, or it bombs elsewhere. + $url=~s/ /\%20/g; + $r->print(<$title + + + +$bodytag + +$navwindow +

$msg

+Continue + + +ENDREDIR + return; +} sub handler { @@ -60,98 +82,241 @@ sub handler { my $now=time; my $then=$ENV{'user.login.time'}; my $envkey; - + my %dcroles = (); + my $numdc = &check_fordc(\%dcroles,$then); # ================================================================== Roles Init - if ($ENV{'form.selectrole'}) { if ($ENV{'request.course.id'}) { my %temp=('logout_'.$ENV{'request.course.id'} => time); &Apache::lonnet::put('email_status',\%temp); + &Apache::lonnet::delenv('user.state.'.$ENV{'request.course.id'}); + } + &Apache::lonnet::appenv("request.course.id" => '', + "request.course.fn" => '', + "request.course.uri" => '', + "request.course.sec" => '', + "request.role" => 'cm', + "request.role.adv" => $ENV{'user.adv'}, + "request.role.domain" => $ENV{'user.domain'}); + +# Check to see if the user is a DC trying to enter a course and needs privs to be created + if ($numdc > 0) { + foreach my $envkey (keys %ENV) { + if ($envkey =~ m-^form\.cc\./(\w+)/(\w+)$-) { + if ($dcroles{$1}) { + unless ($ENV{'user.role.cc./'.$1.'/'.$2}) { + &set_privileges($1,$2); + } + } + last; + } + } } - &Apache::lonnet::appenv("request.course.id" => '', - "request.course.fn" => '', - "request.course.uri" => '', - "request.course.sec" => '', - "request.role" => 'cm'); + foreach $envkey (keys %ENV) { - if ($envkey=~/^user\.role\./) { - my ($dum1,$dum2,$role,@pwhere)=split(/\./,$envkey); - my $where=join('.',@pwhere); - my $trolecode=$role.'.'.$where; + next if ($envkey!~/^user\.role\./); + my ($where,$trolecode,$role,$tstatus,$tend,$tstart); + &role_status($envkey,$then,$now,\$role,\$where,\$trolecode,\$tstatus,\$tstart,\$tend); if ($ENV{'form.'.$trolecode}) { - my ($tstart,$tend)=split(/\./,$ENV{$envkey}); - my $tstatus='is'; - if ($tstart) { - if ($tstart>$then) { - $tstatus='future'; - } - } - if ($tend) { - if ($tend<$then) { $tstatus='expired'; } - if ($tend<$now) { $tstatus='will_not'; } - } - if ($tstatus eq 'is') { - $where=~s/^\///; - my ($cdom,$cnum,$csec)=split(/\//,$where); - &Apache::lonnet::appenv('request.role' => $trolecode, - 'request.course.sec' => $csec); - my $msg='Entering course ...'; - if (($cnum) && ($role ne 'ca')) { - my ($furl,$ferr)= - &Apache::lonuserstate::readmap($cdom.'/'.$cnum); - if (($ENV{'form.orgurl'}) && - ($ENV{'form.orgurl'}!~/^\/adm\/flip/)) { - $r->internal_redirect($ENV{'form.orgurl'}); - return OK; - } else { - unless ($ENV{'request.course.id'}) { - &Apache::lonnet::appenv( - "request.course.id" => $cdom.'_'.$cnum); - $furl='/adm/notfound.html'; - $msg= - '

Could not initialize top-level map.

'; - } - $r->content_type('text/html'); - &Apache::loncommon::no_cache($r); - $r->send_http_header; - my $swinfo=&Apache::lonmenu::rawconfig; - print (<Entering Course - + if ($tstatus eq 'is') { + $where=~s/^\///; + my ($cdom,$cnum,$csec)=split(/\//,$where); +# check for keyed access + if (($role eq 'st') && + ($ENV{'course.'.$cdom.'_'.$cnum.'.keyaccess'} eq 'yes')) { +# who is key authority? + my $authdom=$cdom; + my $authnum=$cnum; + if ($ENV{'course.'.$cdom.'_'.$cnum.'.keyauth'}) { + ($authnum,$authdom)= + split(/\W/,$ENV{'course.'.$cdom.'_'.$cnum.'.keyauth'}); + } +# check with key authority + unless (&Apache::lonnet::validate_access_key( + $ENV{'environment.key.'.$cdom.'_'.$cnum}, + $authdom,$authnum)) { +# there is no valid key + if ($ENV{'form.newkey'}) { +# student attempts to register a new key + &Apache::loncommon::content_type($r,'text/html'); + &Apache::loncommon::no_cache($r); + $r->send_http_header; + my $swinfo=&Apache::lonmenu::rawconfig(); + my $bodytag=&Apache::loncommon::bodytag + ('Verifying Access Key to Unlock this Course'); + my $buttontext=&mt('Enter Course'); + my $message=&mt('Successfully registered key'); + my $assignresult= + &Apache::lonnet::assign_access_key( + $ENV{'form.newkey'}, + $authdom,$authnum, + $cdom,$cnum, + $ENV{'user.domain'}, + $ENV{'user.name'}, + 'Assigned from '.$ENV{'REMOTE_ADDR'}.' at '.localtime().' for '. + $trolecode); + unless ($assignresult eq 'ok') { + $assignresult=~s/^error\:\s*//; + $message=&mt($assignresult). + '
'. + &mt('Logout').''; + $buttontext=&mt('Re-Enter Key'); + } + $r->print(<Verifying Course Access Key - +$bodytag -$msg - - -ENDREDIR +
+ + +$message
+ +
+ +ENDENTEREDKEY + return OK; + } else { +# print form to enter a new key + &Apache::loncommon::content_type($r,'text/html'); + &Apache::loncommon::no_cache($r); + $r->send_http_header; + my $swinfo=&Apache::lonmenu::rawconfig(); + my $bodytag=&Apache::loncommon::bodytag + ('Enter Access Key to Unlock this Course'); + $r->print(<Entering Course Access Key + + +$bodytag + +
+ + + + +
+ +ENDENTERKEY + return OK; + } + } + } + &Apache::lonnet::log($ENV{'user.domain'}, + $ENV{'user.name'}, + $ENV{'user.home'}, + "Role ".$trolecode); + + &Apache::lonnet::appenv( + 'request.role' => $trolecode, + 'request.role.domain' => $cdom, + 'request.course.sec' => $csec); + my $tadv=0; + if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; } + &Apache::lonnet::appenv('request.role.adv' => $tadv); + + my $msg=&mt('Entering course ...'); + + if (($cnum) && ($role ne 'ca')) { + my ($furl,$ferr)= + &Apache::lonuserstate::readmap($cdom.'/'.$cnum); + if (($ENV{'form.orgurl'}) && + ($ENV{'form.orgurl'}!~/^\/adm\/flip/)) { + my $dest=$ENV{'form.orgurl'}; + if ( &Apache::lonnet::mod_perl_version() == 2 ) { + &Apache::lonnet::cleanenv(); + } + $r->internal_redirect($dest); + return OK; + } else { + unless ($ENV{'request.course.id'}) { + &Apache::lonnet::appenv( + "request.course.id" => $cdom.'_'.$cnum); + $furl='/adm/roles?tryagain=1'; + $msg= + '

'. + &mt('Could not initialize course at this time.'). + '

'.&mt('Please try again.').'

'.$ferr; + } + + # Check to see if the user is a CC entering a course + # for the first time + my (undef, undef, $role, $courseid) = split(/\./, $envkey); + if (substr($courseid, 0, 1) eq '/') { + $courseid = substr($courseid, 1); + } + $courseid =~ s/\//_/; + if ($role eq 'cc' && $ENV{'course.' . $courseid . + '.course.helper.not.run'}) { + $furl = "/adm/helper/course.initialization.helper"; + } + # Check to see if the user is a DC selecting a course + if (($numdc > 0) && ($role eq 'cc')) { + my $formaction = '/adm/roles/'; + my ($dcdom,$pickedcourse) = split/_/,$courseid; + if ($ENV{'user.role.dc./'.$dcdom.'/'}) { + &Apache::lonhtmlcommon::store_recent('recent_roles', + $courseid,$formaction); + } + } + # + # Send the user to the course they selected + &redirect_user($r,&mt('Entering Course'), + $furl,$msg, + $ENV{'environment.remotenavmap'}); return OK; - } - } - } - } - } + } + } + # + # Send the user to the construction space they selected + if ($role =~ /^(au|ca)$/) { + my $redirect_url = '/priv/'; + if ($role eq 'au') { + $redirect_url.=$ENV{'user.name'}; + } else { + $where =~ /\/(.*)$/; + $redirect_url .= $1; + } + $redirect_url .= '/'; + &redirect_user($r,&mt('Entering Construction Space'), + $redirect_url); + return OK; + } + if ($role eq 'dc') { + my $redirect_url = '/adm/menu/'; + &redirect_user($r,&mt('Loading Domain Coordinator Menu'), + $redirect_url); + return OK; + } + } + } } - } - + } + # =============================================================== No Roles Init - $r->content_type('text/html'); + &Apache::loncommon::content_type($r,'text/html'); &Apache::loncommon::no_cache($r); $r->send_http_header; return OK if $r->header_only; - my $swinfo=&Apache::lonmenu::rawconfig; + my $swinfo=&Apache::lonmenu::rawconfig(); + my $bodytag=&Apache::loncommon::bodytag('User Roles'); + my $helptag='
'.&Apache::loncommon::help_open_menu('','General Intro','General_Intro','User Roles',1,undef,undef,undef,undef,,&mt("Click here for help")).'
'; $r->print(< LON-CAPA User Roles - + +$bodytag +$helptag
'); + $r->print(''); + return OK; + } +# More than one possible role +# ----------------------------------------------------------------------- Table + unless (($advanced) || ($nochoose)) { + $r->print("

".&mt('Select a Course to Enter')."

\n"); + } + $r->print('
'); + unless ($nochoose) { $r->print(''); } + $r->print(''."\n"); + my $doheaders=-1; + foreach my $type ('Construction Space','Course','Domain','System') { + my $haverole=0; + foreach my $which (sort {uc($a) cmp uc($b)} (keys(%sortrole))) { + if ($roleclass{$sortrole{$which}} =~ /^\Q$type\E/) { + $haverole=1; + } + } + if ($haverole) { $doheaders++; } + } + if ($numdc > 0) { + &select_recent_courses($r,\%roletext); + } + foreach my $type ('Construction Space','Course','Domain','System') { + my $output; + foreach my $which (sort {uc($a) cmp uc($b)} (keys(%sortrole))) { + if ($roleclass{$sortrole{$which}} =~ /^\Q$type\E/) { + $output.=$roletext{$sortrole{$which}}; + if ($sortrole{$which} =~ m-dc\./(\w+)/-) { + if ($dcroles{$1}) { + $output .= &allcourses_row($1); + } + } + } + } + if ($output) { + if ($doheaders > 0) { + $r->print("". + ""); + } + $r->print($output); + } + } my $tremark=''; + my $tfont='#003300'; if ($ENV{'request.role'} eq 'cm') { $r->print(''); - $tremark='Currently selected.'; + $tremark=&mt('Currently selected. '); + $tfont='#002200'; } else { $r->print(''); } unless ($nochoose) { - if ($ENV{'request.role'} ne 'cm') { - $r->print(''); - } else { - $r->print(''); - } + if ($ENV{'request.role'} ne 'cm') { + $r->print(''); + } else { + $r->print(''); + } } - $r->print(''."\n"); + $r->print(''."\n"); $r->print('
 '.&mt('User Role').''.&mt('Extent'). + ''.&mt('Start').''.&mt('End').''. + &mt('Remarks and Calendar Announcements').'
".&mt($type)."
  No role specified'. - ''.$tremark.' 
'.&mt('No role specified'). + ''.$tremark. + ' 
'); unless ($nochoose) { $r->print("\n"); } # ------------------------------------------------------------ Privileges Info - if ($advanced) { - $r->print('

Current Privileges

'); + if (($advanced) && (($ENV{'user.error.msg'}) || ($error))) { + $r->print('

Current Privileges

'); - foreach $envkey (sort keys %ENV) { - if ($envkey=~/^user\.priv\.$ENV{'request.role'}\./) { - my $where=$envkey; - $where=~s/^user\.priv\.$ENV{'request.role'}\.//; - my $ttype; - my $twhere; - my ($tdom,$trest,$tsec)= - split(/\//,Apache::lonnet::declutter($where)); - if ($trest) { - if ($ENV{'course.'.$tdom.'_'.$trest.'.description'} eq 'ca') { - $ttype='Construction Space'; - $twhere='User: '.$trest.', Domain: '.$tdom; - } else { - $ttype='Course'; - $twhere=$ENV{'course.'.$tdom.'_'.$trest.'.description'}; - if ($tsec) { - $twhere.=' (Section/Group: '.$tsec.')'; + foreach $envkey (sort keys %ENV) { + if ($envkey=~/^user\.priv\.$ENV{'request.role'}\./) { + my $where=$envkey; + $where=~s/^user\.priv\.$ENV{'request.role'}\.//; + my $ttype; + my $twhere; + my ($tdom,$trest,$tsec)= + split(/\//,Apache::lonnet::declutter($where)); + if ($trest) { + if ($ENV{'course.'.$tdom.'_'.$trest.'.description'} eq 'ca') { + $ttype='Construction Space'; + $twhere='User: '.$trest.', Domain: '.$tdom; + } else { + $ttype='Course'; + $twhere=$ENV{'course.'.$tdom.'_'.$trest.'.description'}; + if ($tsec) { + $twhere.=' (Section/Group: '.$tsec.')'; + } + } + } elsif ($tdom) { + $ttype='Domain'; + $twhere=$tdom; + } else { + $ttype='System'; + $twhere='/'; + } + $r->print("\n

".$ttype.': '.$twhere.'

    '); + foreach (sort split(/:/,$ENV{$envkey})) { + if ($_) { + my ($prv,$restr)=split(/\&/,$_); + my $trestr=''; + if ($restr ne 'F') { + my $i; + $trestr.=' ('; + for ($i=0;$iprint('
  • '. + Apache::lonnet::plaintext($prv).$trestr. + '
    • '); + } + } + $r->print('
'); + } + } + } + $r->print(&Apache::lonnet::getannounce()); + if ($advanced) { + $r->print('

This is LON-CAPA '. + $r->dir_config('lonVersion').'
'. + ''.&mt('Logout').'

'); + } + $r->print("\n"); + return OK; +} + +sub role_status { + my ($rolekey,$then,$now,$role,$where,$trolecode,$tstatus,$tstart,$tend) = @_; + my @pwhere = (); + if (exists($ENV{$rolekey}) && $ENV{$rolekey} ne '') { + (undef,undef,$$role,@pwhere)=split(/\./,$rolekey); + unless (!defined($$role) || $$role eq '') { + $$where=join('.',@pwhere); + $$trolecode=$$role.'.'.$$where; + ($$tstart,$$tend)=split(/\./,$ENV{$rolekey}); + $$tstatus='is'; + if ($$tstart && $$tstart>$then) { + $$tstatus='future'; + if ($$tstart<$now) { $$tstatus='will'; } + } + if ($$tend) { + if ($$tend<$then) { + $$tstatus='expired'; + } elsif ($$tend<$now) { + $$tstatus='will_not'; } - } - } elsif ($tdom) { - $ttype='Domain'; - $twhere=$tdom; - } else { - $ttype='System'; - $twhere='/'; } - $r->print("\n

".$ttype.': '.$twhere.'

    '); - foreach (sort split(/:/,$ENV{$envkey})) { - if ($_) { - my ($prv,$restr)=split(/\&/,$_); - my $trestr=''; - if ($restr ne 'F') { - my $i; - $trestr.=' ('; - for ($i=0;$iprint('
  • '.Apache::lonnet::plaintext($prv).$trestr. - '
    • '); - } + } + } +} + +sub dc_script { + my $response = (<<"END"); +function setDCchoice(caller) { + var dcname = "dc./"+caller+"/" + document.rolechoice.dcselected.value = caller + document.rolechoice.elements[3].name = dcname + document.rolechoice.submit() +} +END + return $response; +} + +sub check_fordc { + my ($dcroles,$then) = @_; + my $numdc = 0; + if ($ENV{'user.adv'}) { + foreach my $envkey (sort keys %ENV) { + if ($envkey=~/^user\.role\.dc\.\/(\w+)\/$/) { + my $dcdom = $1; + my $livedc = 1; + my ($tstart,$tend)=split(/\./,$ENV{$envkey}); + if ($tstart && $tstart>$then) { $livedc = 0; } + if ($tend && $tend <$then) { $livedc = 0; } + if ($livedc) { + $$dcroles{$dcdom} = $envkey; + $numdc++; + } } - $r->print('
'); } } - } + return $numdc; +} - $r->print("\n"); - return OK; -} +sub courselink { + my ($dcdom) = @_; + my $cb_jscript = &Apache::loncommon::coursebrowser_javascript($dcdom,'dom'); + my $verify_script = <<"END"; + +END + my $courseform=&Apache::loncommon::selectcourse_link + ('rolechoice','dccourse','dcdomain','coursedesc'); + my $hiddenitems = ''. + ''. + ''. + ''; + return $cb_jscript.$verify_script.$courseform.$hiddenitems; +} + + +sub select_recent_courses { + my ($r,$roletext)=@_; + my $advanced = $ENV{'user.adv'}; + my $tryagain = $ENV{'form.tryagain'}; + my %recent=&Apache::lonnet::dump(&recent_filename('recent_roles')); + my $numrecent = 0; + my $roledisplay = ''. + ''. + &mt('Recent courses accessed by DC'). + ''."\n"; + foreach my $courseid (sort keys %recent) { + unless ($courseid =~/^error\:/) { + my ($dom,$crs) = split/_/,$courseid; + $numrecent ++; + my $crskey = 'user.role.cc./'.$dom.'/'.$crs; + $roledisplay.=$$roletext{$crskey}; + } + } + if ($numrecent > 0) { + $r->print("$roledisplay\n"); + } +} + +sub allcourses_row { + my ($dcdom) = @_; + my $ccrole = Apache::lonnet::plaintext('cc'); + my $selectlink = &courselink($dcdom); + my $output = ''. + ''. + ''. + ''. + $ccrole.''.&mt('Course').''. + ''.&mt('All courses').': '. + $selectlink.''. + '
'.&mt('Domain').':'.$dcdom.''. + ''. + &mt('Course Coordinator access to all courses in domain'). + ': '.$dcdom.''."\n"; + return $output; +} + +sub recent_filename { + my $area=shift; + return 'nohist_recent_'.&Apache::lonnet::escape($area); +} + +sub set_privileges { + my ($dcdom,$pickedcourse) = @_; + my $area = '/'.$dcdom.'/'.$pickedcourse; + my $role = 'cc'; + my $spec = $role.'.'.$area; + my $userroles = &Apache::lonnet::set_arearole($role,$area,'','',$dcdom,$ENV{'user.name'}); + my %ccrole = (); + &Apache::lonnet::standard_roleprivs(\%ccrole,$role,$dcdom,$spec,$pickedcourse,$area); + my ($author,$adv)= &Apache::lonnet::set_userprivs(\$userroles,\%ccrole); + my @newprivs = split/\n/,$userroles; + my %newccroles = (); + foreach (@newprivs) { + my ($key,$val) = split/=/,$_; + $newccroles{$key} = $val; + } + &Apache::lonnet::appenv(%newccroles); + &Apache::lonnet::log($ENV{'user.domain'}, + $ENV{'user.name'}, + $ENV{'user.home'}, + "Role ".$role); + &Apache::lonnet::appenv( + 'request.role' => $role, + 'request.role.domain' => $dcdom, + 'request.course.sec' => ''); + my $tadv=0; + if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; } + &Apache::lonnet::appenv('request.role.adv' => $tadv); +} 1; __END__ @@ -436,6 +936,36 @@ Invoked by /etc/httpd/conf/srm.conf: ErrorDocument 500 /adm/errorhandler +=head1 OVERVIEW + +=head2 Choosing Roles + +C is a handler that allows a user to switch roles in +mid-session. LON-CAPA attempts to work with "No Role Specified", the +default role that a user has before selecting a role, as widely as +possible, but certain handlers for example need specification which +course they should act on, etc. Both in this scenario, and when the +handler determines via C's C<&allowed> function that a certain +action is not allowed, C is used as error handler. This +allows the user to select another role which may have permission to do +what they were trying to do. C can also be accessed via the +B button in the Remote Control. + +=begin latex + +\begin{figure} +\begin{center} +\includegraphics[width=0.45\paperwidth,keepaspectratio]{Sample_Roles_Screen} + \caption{\label{Sample_Roles_Screen}Sample Roles Screen} +\end{center} +\end{figure} + +=end latex + +=head2 Role Initialization + +The privileges for a user are established at login time and stored in the session environment. As a consequence, a new role does not become active till the next login. Handlers are able to query for privileges using C's C<&allowed> function. When a user first logs in, their role is the "common" role, which means that they have the sum of all of their privileges. During a session it might become necessary to choose a particular role, which as a consequence also limits the user to only the privileges in that particular role. + =head1 INTRODUCTION This module enables a user to select what role he wishes to