--- loncom/auth/lonroles.pm 2012/02/08 00:22:15 1.256.2.6.2.1 +++ loncom/auth/lonroles.pm 2021/11/30 15:55:40 1.359 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # User Roles Screen # -# $Id: lonroles.pm,v 1.256.2.6.2.1 2012/02/08 00:22:15 raeburn Exp $ +# $Id: lonroles.pm,v 1.359 2021/11/30 15:55:40 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -128,7 +128,7 @@ package Apache::lonroles; use strict; use Apache::lonnet; use Apache::lonuserstate(); -use Apache::Constants qw(:common); +use Apache::Constants qw(:common REDIRECT); use Apache::File(); use Apache::lonmenu; use Apache::loncommon; @@ -138,46 +138,97 @@ use Apache::lonlocal; use Apache::lonpageflip(); use Apache::lonnavdisplay(); use Apache::loncoursequeueadmin; +use Apache::longroup; +use Apache::lonrss; +use Apache::lonplacementtest; use GDBM_File; use LONCAPA qw(:DEFAULT :match); use HTML::Entities; +my $registered_cleanup; +my $rosterupdates; + +sub start_loading_course { + my ($r,$title) = @_; + &Apache::loncommon::content_type($r,'text/html'); + &Apache::loncommon::no_cache($r); + $r->send_http_header; + my $swinfo=&Apache::lonmenu::rawconfig(); + # Breadcrumbs + my $brcrum = [{'href' => '', + 'text' => $title},]; + my $start_page = &Apache::loncommon::start_page($title,undef, + {'bread_crumbs' => $brcrum, + 'bread_crumbs_nomenu' => 1, + 'links_disabled' => 1}); + $r->print(< +// + +ENDREDIR + return; +} + +sub finish_loading_course { + my ($r,$msg,$url) = @_; + my $link = ''; + my $end_page = &Apache::loncommon::end_page(); + my $js_url = &js_escape($url); + $r->print(< +// a').removeAttr("aria-disabled"); + \$('.isDisabled').removeClass("isDisabled"); + var url = "$js_url"; + \$(location).attr('href',url); +}); + +$link +$end_page +END + return; +} sub redirect_user { - my ($r,$title,$url,$msg,$launch_nav) = @_; + my ($r,$title,$url,$msg) = @_; $msg = $title if (! defined($msg)); &Apache::loncommon::content_type($r,'text/html'); &Apache::loncommon::no_cache($r); $r->send_http_header; - my $swinfo=&Apache::lonmenu::rawconfig(); - my $navwindow; - if ($launch_nav eq 'on') { - $navwindow.=&Apache::lonnavdisplay::launch_win('now',undef,undef, - ($url =~ m-^/adm/whatsnew-)); + + my $start_page; + if ($env{'request.lti.login'}) { + $start_page = &Apache::loncommon::start_page(undef,undef, + {'redirect' => [0,$url],}).$msg; } else { - $navwindow.=&Apache::lonnavmaps::close(); + # Breadcrumbs + my $brcrum = [{'href' => $url, + 'text' => 'Switching Role'},]; + $start_page = &Apache::loncommon::start_page('Switching Role',undef, + {'redirect' => [1,$url], + 'bread_crumbs' => $brcrum,}). + "\n

$msg

"; } - - # Breadcrumbs - my $brcrum = [{'href' => $url, - 'text' => 'Switching Role'},]; - my $start_page = &Apache::loncommon::start_page('Switching Role',undef, - {'redirect' => [1,$url], - 'bread_crumbs' => $brcrum,}); - my $end_page = &Apache::loncommon::end_page(); + my $end_page = &Apache::loncommon::end_page(); # Note to style police: # This must only replace the spaces, nothing else, or it bombs elsewhere. $url=~s/ /\%20/g; $r->print(< -// - -$navwindow -

$msg

$end_page ENDREDIR return; @@ -185,35 +236,36 @@ ENDREDIR sub error_page { my ($r,$error,$dest)=@_; - &Apache::loncommon::content_type($r,'text/html'); - &Apache::loncommon::no_cache($r); - $r->send_http_header; - return OK if $r->header_only; - # Breadcrumbs - my $brcrum = [{'href' => $dest, - 'text' => 'Problems during Course Initialization'},]; - $r->print(&Apache::loncommon::start_page('Problems during Course Initialization', - undef, - {'bread_crumbs' => $brcrum,}) - ); - $r->print( - ''. - '

'.&mt('The following problems occurred:'). - '
'. - $error. - '


'.&mt('Continue').'' + my %lt = &Apache::lonlocal::texthash( + pdc => 'Problems during Course Initialization', + tfp => 'The following problems occurred:', + con => 'Continue', ); - $r->print(&Apache::loncommon::end_page()); + my $end_page = &Apache::loncommon::end_page(); + $dest = &HTML::Entities::encode($dest,'"<>&'); + $r->print(<$lt{'pdc'} +

$lt{'tfp'} +
+$error +


$lt{'con'} +$end_page +END + return; } sub handler { my $r = shift; + # Check for critical messages and redirect if present. + my ($redirect,$url) = &Apache::loncommon::critical_redirect(300,'roles'); + if ($redirect) { + &Apache::loncommon::content_type($r,'text/html'); + $r->header_out(Location => $url); + return REDIRECT; + } + my $now=time; my $then=$env{'user.login.time'}; my $refresh=$env{'user.refresh.time'}; @@ -225,9 +277,140 @@ sub handler { $update = $then; } + my ($norolelist,$blocked_by_ip,$blocked_type,$clientip); + $clientip = &Apache::lonnet::get_requestor_ip($r); + if (($env{'request.course.id'}) && ($env{'request.deeplink.login'})) { + my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + my $crstype = $env{'course.'.$env{'request.course.id'}.'.type'}; + my $deeplink_symb = &Apache::loncommon::deeplink_login_symb($cnum,$cdom); + if ($deeplink_symb) { + my ($menucoll,$deeplinkmenu,$menuref) = &Apache::loncommon::menucoll_in_effect(); + if (ref($menuref) eq 'HASH') { + unless (($menuref->{'role'}) || ($env{'request.role.adv'})) { + foreach my $envkey (keys(%env)) { + next unless ($envkey =~ /^form\./); + if ($envkey =~ m{\./($match_domain)/($match_courseid)(?:/(\w+)|$)}) { + unless (($1 eq $cdom) && ($2 eq $cnum)) { + delete($env{$envkey}); + } + } + } + if ($env{'form.selectrole'}) { + if ($env{'form.switchrole'} =~ m{\./($match_domain)/($match_courseid)(?:/(\w+)|$)}) { + unless (($1 eq $cdom) && ($2 eq $cnum)) { + delete($env{'form.selectrole'}); + delete($env{'form.switchrole'}); + } + } elsif ($env{'form.newrole'} =~ m{\./($match_domain)/($match_courseid)(?:/(\w+)|$)}) { + unless (($1 eq $cdom) && ($2 eq $cnum)) { + delete($env{'form.selectrole'}); + delete($env{'form.newrole'}); + } + } + } + $norolelist = 1; + } + } + } + } + + if ($env{'form.selectrole'}) { + my ($role,$cdom,$cnum,$rest); + if ($env{'form.switchrole'} =~ m{^(co|cc|in|ta|ep|ad|st|cr).*?\./($match_domain)/($match_courseid)(/(\w+)|$)}) { + ($role,$cdom,$cnum,$rest) = ($1,$2,$3,$4); + } elsif ($env{'form.newrole'} =~ m{^(co|cc|in|ta|ep|ad|st|cr).*?\./($match_domain)/($match_courseid)(/(\w+)|$)}) { + ($role,$cdom,$cnum,$rest) = ($1,$2,$3,$4); + } + if ($cdom ne '') { + my ($has_evb,$check_ipaccess,$showrole); + $showrole = 1; + my $checkrole = "cm./$cdom/$cnum"; + if ($rest ne '') { + $checkrole .= "/$rest"; + } + if ((&Apache::lonnet::allowed('evb',undef,undef,$checkrole)) && + ($role ne 'st')) { + $has_evb = 1; + } + unless ($has_evb) { + my @machinedoms = &Apache::lonnet::current_machine_domains(); + my $udom = $env{'user.domain'}; + if ($udom eq $cdom) { + $check_ipaccess = 1; + } elsif (($udom ne '') && (grep(/^\Q$udom\E$/,@machinedoms))) { + $check_ipaccess = 1; + } else { + my $lonhost = $Apache::lonnet::perlvar{'lonHostID'}; + my $internet_names = &Apache::lonnet::get_internet_names($lonhost); + my $cprim = &Apache::lonnet::domain($cdom,'primary'); + my $cintdom = &Apache::lonnet::internet_dom($cprim); + if (($cintdom ne '') && (ref($internet_names) eq 'ARRAY')) { + if (grep(/^\Q$cintdom\E$/,@{$internet_names})) { + $check_ipaccess = 1; + } + } + } + if ($check_ipaccess) { + my ($ipaccessref,$cached)=&Apache::lonnet::is_cached_new('ipaccess',$cdom); + unless (defined($cached)) { + my %domconfig = + &Apache::lonnet::get_dom('configuration',['ipaccess'],$cdom); + $ipaccessref = &Apache::lonnet::do_cache_new('ipaccess',$cdom,$domconfig{'ipaccess'},1800); + } + if (ref($ipaccessref) eq 'HASH') { + foreach my $id (keys(%{$ipaccessref})) { + if (ref($ipaccessref->{$id}) eq 'HASH') { + my $range = $ipaccessref->{$id}->{'ip'}; + if ($range) { + my $type = 'exclude'; + if (&Apache::lonnet::ip_match($clientip,$range)) { + $type = 'include'; + } + if (ref($ipaccessref->{$id}->{'courses'}) eq 'HASH') { + if ($ipaccessref->{$id}->{'courses'}{$cdom.'_'.$cnum}) { + if ($type eq 'include') { + $showrole = 1; + last; + } else { + $showrole = 0; + } + } else { + if ($type eq 'include') { + $showrole = 0; + } else { + $showrole = 1; + } + } + } + } + } + } + } + } + } + unless ($showrole) { + $blocked_by_ip = 1; + $blocked_type = &Apache::loncommon::course_type($cdom.'_'.$cnum); + delete($env{'form.selectrole'}); + delete($env{'form.newrole'}); + } + } + } + + $registered_cleanup=0; + @{$rosterupdates}=(); + &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'}); + +# -------------------------------------------------- Check if setting hot list + my $hotlist; + if ($env{'form.action'} eq 'verify_and_change_rolespref') { + $hotlist = &Apache::lonpreferences::verify_and_change_rolespref($r); + } + # -------------------------------------------------------- Check for new roles my $updateresult; - if ($env{'form.doupdate'}) { + if ($env{'form.state'} eq 'doupdate') { my $show_course=&Apache::loncommon::show_course(); my $checkingtxt; if ($show_course) { @@ -235,26 +418,47 @@ sub handler { } else { $checkingtxt = &mt('Checking for new roles ...'); } - $updateresult = ''.$checkingtxt.''; + $updateresult = $checkingtxt; $updateresult .= &update_session_roles(); &Apache::lonnet::appenv({'user.update.time' => $now}); $update = $now; + &Apache::loncoursequeueadmin::reqauthor_check(); + } + +# -------------------------------------------------- Check for author requests + my $reqauthor; + if ($env{'form.state'} eq 'requestauthor') { + $reqauthor = &Apache::loncoursequeueadmin::process_reqauthor(\$update); } my $envkey; my %dcroles = (); - my $numdc = &check_fordc(\%dcroles,$update,$then); - &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'}); - my $loncaparev = $Apache::lonnet::perlvar{'lonVersion'}; + my %helpdeskroles = (); + my ($numdc,$numhelpdesk,$numadhoc) = + &check_for_adhoc(\%dcroles,\%helpdeskroles,$update,$then); + my $loncaparev = $r->dir_config('lonVersion'); # ================================================================== Roles Init if ($env{'form.selectrole'}) { + if (($env{'request.lti.login'}) && ($env{'request.lti.target'} eq '')) { + if ($env{'form.ltitarget'} eq 'iframe') { + &Apache::lonnet::appenv({'request.lti.target' => 'iframe'}); + delete($env{'form.ltitarget'}); + } + } my $locknum=&Apache::lonnet::get_locks(); if ($locknum) { return 409; } + my $custom_adhoc; if ($env{'form.newrole'}) { $env{'form.'.$env{'form.newrole'}}=1; +# Check if this is a Domain Helpdesk or Domain Helpdesk Assistant role trying to enter a course + if ($env{'form.newrole'} =~ m{^cr/($match_domain)/\1\-domainconfig/\w+\./\1/$match_courseid$}) { + if ($helpdeskroles{$1}) { + $custom_adhoc = 1; + } + } } if ($env{'request.course.id'}) { # Check if user is CC trying to select a course role @@ -276,81 +480,132 @@ sub handler { &Apache::lonnet::put('email_status',\%temp); &Apache::lonnet::delenv('user.state.'.$env{'request.course.id'}); } - &Apache::lonnet::appenv({"request.course.id" => '', - "request.course.fn" => '', - "request.course.uri" => '', - "request.course.sec" => '', - "request.role" => 'cm', - "request.role.adv" => $env{'user.adv'}, - "request.role.domain" => $env{'user.domain'}}); -# Check if user is a DC trying to enter a course or author space and needs privs to be created - if ($numdc > 0) { - foreach my $envkey (keys %env) { -# Is this an ad-hoc Coordinator role? - if (my ($ccrole,$domain,$coursenum) = - ($envkey =~ m-^form\.(cc|co)\./($match_domain)/($match_courseid)$-)) { - if ($dcroles{$domain}) { - &Apache::lonnet::check_adhoc_privs($domain,$coursenum, - $update,$refresh,$now,$ccrole); + &Apache::lonnet::appenv({"request.course.id" => '', + "request.course.fn" => '', + "request.course.uri" => '', + "request.course.sec" => '', + "request.course.tied" => '', + "request.course.timechecked" => '', + "request.role" => 'cm', + "request.role.adv" => $env{'user.adv'}, + "request.role.domain" => $env{'user.domain'}}); +# Check if Domain Helpdesk role trying to enter a course needs privs to be created + if ($env{'form.newrole'} =~ m{^cr/($match_domain)/\1\-domainconfig/(\w+)\./\1/($match_courseid)(?:/(\w+)|$)}) { + my $cdom = $1; + my $rolename = $2; + my $cnum = $3; + my $sec = $4; + if ($custom_adhoc) { + my ($possroles,$description) = &Apache::lonnet::get_my_adhocroles($cdom.'_'.$cnum,1); + if (ref($possroles) eq 'ARRAY') { + if (grep(/^\Q$rolename\E$/,@{$possroles})) { + if (&Apache::lonnet::check_adhoc_privs($cdom,$cnum,$update,$refresh,$now, + "cr/$cdom/$cdom".'-domainconfig/'.$rolename,undef,$sec)) { + &Apache::lonnet::appenv({"environment.internal.$cdom.$cnum.cr/$cdom/$cdom".'-domainconfig/'."$rolename.adhoc" => time}); + } } - last; } -# Is this an ad-hoc CA-role? - if (my ($domain,$user) = - ($envkey =~ m-^form\.ca\./($match_domain)/($match_username)$-)) { - if (($domain eq $env{'user.domain'}) && ($user eq $env{'user.name'})) { - delete($env{$envkey}); - $env{'form.au./'.$domain.'/'} = 1; - my ($server_status,$home) = &check_author_homeserver($user,$domain); - if ($server_status eq 'switchserver') { - my $trolecode = 'au./'.$domain.'/'; - my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode; - $r->internal_redirect($switchserver); + } + } elsif (($numdc > 0) || ($numhelpdesk > 0)) { +# Check if user is a DC trying to enter a course or author space and needs privs to be created +# Check if user is a DH or DA trying to enter a course and needs privs to be created + foreach my $envkey (keys(%env)) { +# Is this an ad-hoc Coordinator role? + if ($numdc) { + if (my ($ccrole,$domain,$coursenum) = + ($envkey =~ m-^form\.(cc|co)\./($match_domain)/($match_courseid)$-)) { + if ($dcroles{$domain}) { + if (&Apache::lonnet::check_adhoc_privs($domain,$coursenum, + $update,$refresh,$now,$ccrole)) { + &Apache::lonnet::appenv({"environment.internal.$domain.$coursenum.$ccrole.adhoc" => time}); + } } last; } - if (my ($castart,$caend) = ($env{'user.role.ca./'.$domain.'/'.$user} =~ /^(\d*)\.(\d*)$/)) { - if (((($castart) && ($castart < $now)) || !$castart) && - ((!$caend) || (($caend) && ($caend > $now)))) { +# Is this an ad-hoc CA-role? + if (my ($domain,$user) = + ($envkey =~ m-^form\.ca\./($match_domain)/($match_username)$-)) { + if (($domain eq $env{'user.domain'}) && ($user eq $env{'user.name'})) { + delete($env{$envkey}); + $env{'form.au./'.$domain.'/'} = 1; my ($server_status,$home) = &check_author_homeserver($user,$domain); if ($server_status eq 'switchserver') { - my $trolecode = 'ca./'.$domain.'/'.$user; + my $trolecode = 'au./'.$domain.'/'; my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode; $r->internal_redirect($switchserver); + return OK; } last; } - } - # Check if author blocked ca-access - my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],$domain,$user); - if ($blocked{'domcoord.author'} eq 'blocked') { - delete($env{$envkey}); - $env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access'; + if (my ($castart,$caend) = ($env{'user.role.ca./'.$domain.'/'.$user} =~ /^(\d*)\.(\d*)$/)) { + if (((($castart) && ($castart < $now)) || !$castart) && + ((!$caend) || (($caend) && ($caend > $now)))) { + my ($server_status,$home) = &check_author_homeserver($user,$domain); + if ($server_status eq 'switchserver') { + my $trolecode = 'ca./'.$domain.'/'.$user; + my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode; + $r->internal_redirect($switchserver); + return OK; + } + last; + } + } + # Check if author blocked ca-access + my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],$domain,$user); + if ($blocked{'domcoord.author'} eq 'blocked') { + delete($env{$envkey}); + $env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access'; + last; + } + if ($dcroles{$domain}) { + my ($server_status,$home) = &check_author_homeserver($user,$domain); + if (($server_status eq 'ok') || ($server_status eq 'switchserver')) { + &Apache::lonnet::check_adhoc_privs($domain,$user,$update, + $refresh,$now,'ca'); + if ($server_status eq 'switchserver') { + my $trolecode = 'ca./'.$domain.'/'.$user; + my $switchserver = '/adm/switchserver?' + .'otherserver='.$home.'&role='.$trolecode; + $r->internal_redirect($switchserver); + return OK; + } + } else { + delete($env{$envkey}); + } + } else { + delete($env{$envkey}); + } last; } - if ($dcroles{$domain}) { - my ($server_status,$home) = &check_author_homeserver($user,$domain); - if (($server_status eq 'ok') || ($server_status eq 'switchserver')) { - &Apache::lonnet::check_adhoc_privs($domain,$user,$update, - $refresh,$now,'ca'); - if ($server_status eq 'switchserver') { - my $trolecode = 'ca./'.$domain.'/'.$user; - my $switchserver = '/adm/switchserver?' - .'otherserver='.$home.'&role='.$trolecode; - $r->internal_redirect($switchserver); + } + if ($numhelpdesk) { +# Is this an ad hoc custom role in a course/community? + if (my ($domain,$rolename,$coursenum,$sec) = ($envkey =~ m{^form\.cr/($match_domain)/\1\-domainconfig/(\w+)\./\1/($match_courseid)(?:/(\w+)|$)})) { + if ($helpdeskroles{$domain}) { + my ($possroles,$description) = &Apache::lonnet::get_my_adhocroles($domain.'_'.$coursenum,1); + if (ref($possroles) eq 'ARRAY') { + if (grep(/^\Q$rolename\E$/,@{$possroles})) { + if (&Apache::lonnet::check_adhoc_privs($domain,$coursenum,$update,$refresh,$now, + "cr/$domain/$domain".'-domainconfig/'.$rolename, + undef,$sec)) { + &Apache::lonnet::appenv({"environment.internal.$domain.$coursenum.cr/$domain/$domain". + '-domainconfig/'."$rolename.adhoc" => time}); + } + } else { + delete($env{$envkey}); + } + } else { + delete($env{$envkey}); } } else { delete($env{$envkey}); } - } else { - delete($env{$envkey}); + last; } - last; } } } - - foreach $envkey (keys %env) { + foreach $envkey (keys(%env)) { next if ($envkey!~/^user\.role\./); my ($where,$trolecode,$role,$tstatus,$tend,$tstart); &Apache::lonnet::role_status($envkey,$update,$refresh,$now,\$role,\$where, @@ -366,30 +621,13 @@ sub handler { my %curr_reqd_hash = &Apache::lonnet::userenvironment($cdom,$cnum,'internal.releaserequired'); if ($curr_reqd_hash{'internal.releaserequired'} ne '') { my ($switchserver,$switchwarning) = - &check_release_required($loncaparev,$cdom.'_'.$cnum,$trolecode,$curr_reqd_hash{'internal.releaserequired'}); + &Apache::loncommon::check_release_required($loncaparev,$cdom.'_'.$cnum,$trolecode, + $curr_reqd_hash{'internal.releaserequired'}); if ($switchwarning ne '' || $switchserver ne '') { &Apache::loncommon::content_type($r,'text/html'); &Apache::loncommon::no_cache($r); $r->send_http_header; - my $end_page=&Apache::loncommon::end_page(); - $r->print(&Apache::loncommon::start_page('Selected course unavailable on this server'). - '

'); - if ($switchwarning) { - $r->print($switchwarning.'
'); - if (&Apache::loncommon::show_course()) { - $r->print(&mt('Display courses')); - } else { - $r->print(&mt('Display roles')); - } - $r->print(''); - } elsif ($switchserver) { - $r->print(&mt('This course requires a newer version of LON-CAPA than is installed on this server.'). - '
'. - ''. - &mt('Switch Server'). - ''); - } - $r->print('

'.&Apache::loncommon::end_page()); + $r->print(&Apache::loncommon::check_release_result($switchwarning,$switchserver)); return OK; } } @@ -435,6 +673,7 @@ sub handler { my $end_page=&Apache::loncommon::end_page(); my $buttontext=&mt('Enter Course'); my $message=&mt('Successfully registered key'); + my $ip = &Apache::lonnet::get_requestor_ip(); my $assignresult= &Apache::lonnet::assign_access_key( $env{'form.newkey'}, @@ -443,7 +682,7 @@ sub handler { $env{'user.domain'}, $env{'user.name'}, &mt('Assigned from [_1] at [_2] for [_3]' - ,$ENV{'REMOTE_ADDR'} + ,$ip ,&Apache::lonlocal::locallocaltime() ,$trolecode) ); @@ -502,7 +741,7 @@ ENDENTERKEY $env{'user.name'}, $env{'user.home'}, "Role ".$trolecode); - + &Apache::lonnet::appenv( {'request.role' => $trolecode, 'request.role.domain' => $cdom, @@ -511,74 +750,273 @@ ENDENTERKEY my $tadv=0; if (($cnum) && ($role ne 'ca') && ($role ne 'aa')) { - my $msg; - my ($furl,$ferr)= - &Apache::lonuserstate::readmap($cdom.'/'.$cnum); + if ($role =~ m{^\Qcr/$cdom/$cdom\E\-domainconfig/(\w+)$}) { + my $rolename = $1; + my %domdef = &Apache::lonnet::get_domain_defaults($cdom); + if (ref($domdef{'adhocroles'}) eq 'HASH') { + if (ref($domdef{'adhocroles'}{$rolename}) eq 'HASH') { + &Apache::lonnet::appenv({'request.role.desc' => $domdef{'adhocroles'}{$rolename}{'desc'}}); + } + } + } + my $crstype = &Apache::loncommon::course_type($cdom.'_'.$cnum); + $crstype = lc($crstype); + my $preamble = '
'. + '
'. + &mt("Please be patient while your $crstype loads"). + '
'. + '
'; + my $closure = < +// + +ENDCLOSE + my $title = &mt("Loading $crstype"); + &start_loading_course($r,$title); + my %prog_state = &Apache::lonhtmlcommon::Create_PrgWin($r,undef,$preamble); + &Apache::lonhtmlcommon::Update_PrgWin($r,\%prog_state,&mt('Loading ...')); + $r->rflush(); + my ($msg,$blockcrit,$critmsg_check); + $critmsg_check = 1; + $blockcrit = &Apache::loncommon::blocking_status('alert',$clientip,$cnum,$cdom,undef,1); + if ($blockcrit) { + my $checkrole = "cm./$cdom/$cnum"; + if ($csec ne '') { + $checkrole .= "/$csec"; + } + unless ((&Apache::lonnet::allowed('evb',undef,undef,$checkrole)) && + ($trolecode !~ m{^st\./$cdom/$cnum})) { + $critmsg_check = 0; + } + } + my ($furl,$ferr)= + &Apache::lonuserstate::readmap($cdom.'/'.$cnum,$critmsg_check); + &Apache::lonhtmlcommon::Update_PrgWin($r,\%prog_state,&mt('Finished!')); + &Apache::lonhtmlcommon::Close_PrgWin($r,\%prog_state); + $r->print($closure); + $r->rflush(); + if ($ferr) { + $furl = '/adm/roles?tryagain=1'; + } else { + &Apache::lonnet::appenv({'request.course.timechecked'=>$now}); + unless (($env{'form.switchrole'}) || + ($env{"environment.internal.$cdom.$cnum.$role.adhoc"})) { + &Apache::lonnet::put('nohist_crslastlogin', + {$env{'user.name'}.':'.$env{'user.domain'}. + ':'.$csec.':'.$role => $now},$cdom,$cnum); + } + if (($env{"environment.internal.$cdom.$cnum.$role.adhoc"}) && + (&Apache::lonnet::allowed('vxc',$cdom.'_'.$cnum))) { + my $owner = $env{'course.'.$cdom.'_'.$cnum.'.internal.courseowner'}; + my @coowners = split(/,/,$env{'course.'.$env{'request.course.id'}.'.internal.co-owners'}); + my %auaccess; + foreach my $user ($owner,@coowners) { + my ($cpname,$cpdom) = split(/:/,$user); + my %auroles = &Apache::lonnet::get_my_roles($cpname,$cpdom,'userroles',undef,['au','ca','aa'],[$cdom]); + foreach my $key (keys(%auroles)) { + my ($auname,$audom,$aurole) = split(/:/,$key); + if ($aurole eq 'au') { + $auaccess{$cpname} = 1; + } else { + $auaccess{$auname} = 1; + } + } + } + &Apache::lonnet::appenv({'request.course.adhocsrcaccess' => join(',',sort(keys(%auaccess))) }); + } + my ($feeds,$syllabus_time); + &Apache::lonrss::advertisefeeds($cnum,$cdom,undef,\$feeds); + &Apache::lonnet::appenv({'request.course.feeds' => $feeds}); + &Apache::lonnet::get_numsuppfiles($cnum,$cdom,1); + unless ($env{'course.'.$cdom.'_'.$cnum.'.updatedsyllabus'}) { + unless (($env{'course.'.$cdom.'_'.$cnum.'.externalsyllabus'}) || + ($env{'course.'.$cdom.'_'.$cnum.'.uploadedsyllabus'})) { + my %syllabus=&Apache::lonnet::dump('syllabus',$cdom,$cnum); + $syllabus_time = $syllabus{'uploaded.lastmodified'}; + if ($syllabus_time) { + &Apache::lonnet::appenv({'request.course.syllabustime' => $syllabus_time}); + } + } + } + } if (($env{'form.orgurl'}) && - ($env{'form.orgurl'}!~/^\/adm\/flip/)) { + ($env{'form.orgurl'}!~/^\/adm\/flip/) && + ($env{'form.orgurl'} ne '/adm/roles')) { my $dest=$env{'form.orgurl'}; if ($env{'form.symb'}) { if ($dest =~ /\?/) { $dest .= '&'; } else { - $dest .= '?' + $dest .= '?'; } $dest .= 'symb='.$env{'form.symb'}; } if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; } &Apache::lonnet::appenv({'request.role.adv'=>$tadv}); + if ($ferr) { + if ($env{'form.orgurl'}) { + $furl .= '&orgurl='.&HTML::Entities::encode($env{'form.orgurl'},'<>&"'); + } + if ($env{'form.symb'}) { + $furl .= '&symb='.&HTML::Entities::encode($env{'form.symb'},'<>&"'); + } + } if (($ferr) && ($tadv)) { - &error_page($r,$ferr,$dest); + &error_page($r,$ferr,$furl); } else { + if ($env{'request.course.id'} eq $cdom.'_'.$cnum) { + if (($env{'form.orgurl'} ne '') && ($env{'form.symb'} ne '')) { + unless (&Apache::lonnet::symbverify($env{'form.symb'},$env{'form.orgurl'})) { + $dest=$env{'form.orgurl'}; + } + } + } if ($dest =~ m{^/adm/coursedocs\?folderpath}) { if ($env{'request.course.id'} eq $cdom.'_'.$cnum) { my $chome = &Apache::lonnet::homeserver($cnum,$cdom); - &update_content_constraints($cdom,$cnum,$chome,$cdom.'_'.$cnum); + &Apache::loncommon::update_content_constraints($cdom,$cnum,$chome, + $cdom.'_'.$cnum); + } + } + if ($ferr) { + if (!$env{'request.course.id'}) { + &Apache::lonnet::appenv( + {"request.course.id" => $cdom.'_'.$cnum}); + $r->print('

'. + &mt('Could not initialize [_1] at this time.', + $env{'course.'.$cdom.'_'.$cnum.'.description'}). + '

'. + '

'. + &mt('Please try again.').'

'. + &Apache::loncommon::end_page()); + } + } else { + if (($env{'request.lti.login'}) && + ($env{'request.lti.rosterid'} || $env{'request.lti.passbackid'})) { + &process_lti($r,$cdom,$cnum); } + $msg = '

'.&mt('Entering [_1] ...', + $env{'course.'.$cdom.'_'.$cnum.'.description'}). + '

'; + &finish_loading_course($r,$msg,$dest); } - $r->internal_redirect($dest); } + $r->rflush(); return OK; } else { if (!$env{'request.course.id'}) { &Apache::lonnet::appenv( {"request.course.id" => $cdom.'_'.$cnum}); - $furl='/adm/roles?tryagain=1'; - $msg='

' - .&mt('Could not initialize [_1] at this time.', - $env{'course.'.$cdom.'_'.$cnum.'.description'}) - .'

' - .'

'.&mt('Please try again.').'

' - .'

'.$ferr.'

'; } if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; } &Apache::lonnet::appenv({'request.role.adv'=>$tadv}); - - if (($ferr) && ($tadv)) { - &error_page($r,$ferr,$furl); + if ($ferr) { + if ($tadv) { + &error_page($r,$ferr,$furl); + } else { + $r->print('

'. + &mt('Could not initialize [_1] at this time.', + $env{'course.'.$cdom.'_'.$cnum.'.description'}). + '

'. + '

'.&mt('Please try again.').'

'. + &Apache::loncommon::end_page()); + } } else { + if (($env{'request.lti.login'}) && + ($env{'request.lti.rosterid'} || $env{'request.lti.passbackid'})) { + &process_lti($r,$cdom,$cnum); + } # Check to see if the user is a CC entering a course # for the first time - my (undef, undef, $role, $courseid) = split(/\./, $envkey); - if (substr($courseid, 0, 1) eq '/') { - $courseid = substr($courseid, 1); - } - $courseid =~ s/\//_/; if ((($role eq 'cc') || ($role eq 'co')) - && ($env{'course.' . $courseid .'.course.helper.not.run'})) { + && ($env{'course.'.$cdom.'_'.$cnum.'.course.helper.not.run'})) { $furl = "/adm/helper/course.initialization.helper"; # Send the user to the course they selected } elsif ($env{'request.course.id'}) { - if ($env{'form.destinationurl'}) { - my $dest = $env{'form.destinationurl'}; - if ($env{'form.destsymb'} ne '') { - my $esc_symb = &HTML::Entities::encode($env{'form.destsymb'},'"<>&'); - $dest .= '?symb='.$esc_symb; + if ((&Apache::loncommon::course_type() eq 'Placement') && + (!$env{'request.role.adv'})) { + my ($score,$incomplete) = + &Apache::lonplacementtest::check_completion(undef,undef,1); + if (($incomplete) && ($incomplete < 100)) { + $msg = '

'.&mt('Entering [_1] ...', + $env{'course.'.$cdom.'_'.$cnum.'.description'}). + '

'; + &finish_loading_course($r,$msg,'/adm/placement'); + $r->rflush(); + return OK; + } + } + my ($dest,$destsymb,$checkenc); + $dest = $env{'form.destinationurl'}; + $destsymb = $env{'form.destsymb'}; + if ($dest ne '') { + if ($env{'form.switchrole'}) { + if ($destsymb ne '') { + if ($destsymb !~ m{^/enc/}) { + unless ($env{'request.role.adv'}) { + $checkenc = 1; + } + } + } + if (($dest =~ m{^\Q/public/$cdom/$cnum/syllabus\E.*(\?|\&)usehttp=1}) || + ($dest =~ m{^\Q/adm/wrapper/ext/\E(?!https:)})) { + if ($ENV{'SERVER_PORT'} == 443) { + my $hostname = $r->hostname(); + unless ((&Apache::lonnet::uses_sts()) || + (&Apache::lonnet::waf_allssl($hostname))) { + if ($hostname ne '') { + $dest = 'http://'.$hostname.$dest; + } + } + } + } + if ($dest =~ m{^/enc/}) { + if ($env{'request.role.adv'}) { + $dest = &Apache::lonenc::unencrypted($dest); + if ($destsymb eq '') { + ($destsymb) = ($dest =~ /(?:\?|\&)symb=([^\&]*)/); + $destsymb = &unescape($destsymb); + } + } + } else { + if ($destsymb eq '') { + ($destsymb) = ($dest =~ /(?:\?|\&)symb=([^\&]+)/); + $destsymb = &unescape($destsymb); + } + unless ($env{'request.role.adv'}) { + $checkenc = 1; + } + } + if (($checkenc) && ($destsymb ne '')) { + my ($encstate,$unencsymb,$res); + $unencsymb = &Apache::lonnet::symbclean($destsymb); + (undef,undef,$res) = &Apache::lonnet::decode_symb($unencsymb); + &Apache::lonnet::symbverify($unencsymb,$res,\$encstate); + if ($encstate) { + if (($dest ne '') && ($dest !~ m{^/enc/})) { + $dest=&Apache::lonenc::encrypted($dest); + } + } + } + } + unless (($dest =~ m{^/enc/}) || ($dest =~ /(\?|\&)symb=.+___\d+___.+/)) { + if (($destsymb ne '') && ($destsymb !~ m{^/enc/})) { + my $esc_symb = &escape($destsymb); + $dest .= (($dest =~/\?/)? '&':'?').'symb='.$esc_symb; + } } - &redirect_user($r, &mt('Entering [_1]', - $env{'course.'.$courseid.'.description'}), - $dest, $msg, - $env{'environment.remotenavmap'}); + if ($env{'form.ttoken'}) { + $dest .= (($dest =~/\?/)? '&':'?').'ttoken='.$env{'form.ttoken'}; + } + unless ($env{'request.lti.login'}) { + $msg = '

'.&mt('Entering [_1] ...', + $env{'course.'.$cdom.'_'.$cnum.'.description'}). + '

'; + } + &finish_loading_course($r,$msg,$dest); + $r->rflush(); return OK; } if (&Apache::lonnet::allowed('whn', @@ -587,31 +1025,68 @@ ENDENTERKEY $env{'request.course.id'}.'/' .$env{'request.course.sec'}) ) { - my $startpage = &courseloadpage($courseid); + my $startpage = &courseloadpage($env{'request.course.id'}); unless ($startpage eq 'firstres') { - $msg = &mt('Entering [_1] ...', - $env{'course.'.$courseid.'.description'}); - &redirect_user($r,&mt('New in course'), - '/adm/whatsnew?refpage=start',$msg, - $env{'environment.remotenavmap'}); + $msg = '

'.&mt('Entering [_1] ...', + $env{'course.'.$cdom.'_'.$cnum.'.description'}). + '

'; + &finish_loading_course($r,$msg,'/adm/whatsnew?refpage=start'); + $r->rflush(); return OK; } } } -# Are we allowed to look at the first resource? - if (($furl !~ m|^/adm/|) || - (($env{'environment.remotenavmap'} eq 'on') && - ($furl =~ m{^/adm/navmaps}))) { -# Guess not ... - $furl=&Apache::lonpageflip::first_accessible_resource(); - } - $msg = &mt('Entering [_1] ...', - $env{'course.'.$courseid.'.description'}); - &redirect_user($r,&mt('Entering [_1]', - $env{'course.'.$courseid.'.description'}), - $furl,$msg, - $env{'environment.remotenavmap'}); + # Are we allowed to look at the first resource? + # + # $furl returned by lonuserstate::readmap() has format: + # $url?symb=escaped($symb). If the resource has the + # encrypturl parameter in effect, the entire string + # $url?symb=escaped($symb) is encrypted as a string + # beginning /enc/. + # + my ($access,$unencfurl,$unencsymb); + if ($furl =~ m{^(.+)(?:\?|\&)symb=([^&]+)(?:$|&)}) { + my ($poss_url,$poss_symb) = ($1,$2); + $unencsymb = &unescape($poss_symb); + $unencfurl = $poss_url; + } elsif ($furl =~ m{^/enc/}) { + my $unenc = &Apache::lonenc::unencrypted($furl); + if ($unenc =~ m{^(.+)(?:\?|\&)symb=([^&]+)(?:$|&)}) { + ($unencfurl,$unencsymb) = ($1,$2); + $unencsymb = &unescape($unencsymb); + } else { + $unencfurl = $unenc; + } + } else { + $unencfurl = $furl; + } + if ($unencsymb) { + my $symb = &Apache::lonnet::symbclean($unencsymb); + if (($symb ne '') && (&Apache::lonnet::symbverify($symb,$unencfurl))) { + $access = &Apache::lonnet::allowed('bre',$unencfurl,$symb); + } else { + $access = &Apache::lonnet::allowed('bre',$unencfurl); + } + } else { + $access = &Apache::lonnet::allowed('bre',$unencfurl); + } + if ((!$access) || ($access eq 'B') || ($access eq 'D')) { + $furl = &Apache::lonpageflip::first_accessible_resource(); + if ($furl eq '') { + $furl = '/adm/navmaps?showOnlyHomework=1'; + } + } + if ($env{'request.lti.login'}) { + undef($msg); + &finish_loading_course($r,$msg,$furl); + } else { + $msg = '

'.&mt('Entering [_1] ...', + $env{'course.'.$cdom.'_'.$cnum.'.description'}). + '

'; + &finish_loading_course($r,$msg,$furl); + } } + $r->rflush(); return OK; } } @@ -620,13 +1095,12 @@ ENDENTERKEY if ($role =~ /^(au|ca|aa)$/) { my $redirect_url = '/priv/'; if ($role eq 'au') { - $redirect_url.=$env{'user.name'}; + $redirect_url.=$env{'user.domain'}.'/'.$env{'user.name'}; } else { - $where =~ /\/(.*)$/; - $redirect_url .= $1; + $redirect_url .= $where; } $redirect_url .= '/'; - &redirect_user($r,&mt('Entering Construction Space'), + &redirect_user($r,&mt('Entering Authoring Space'), $redirect_url); return OK; } @@ -636,6 +1110,18 @@ ENDENTERKEY $redirect_url); return OK; } + if ($role eq 'dh') { + my $redirect_url = '/adm/menu/'; + &redirect_user($r,&mt('Loading Domain Helpdesk Menu'), + $redirect_url); + return OK; + } + if ($role eq 'da') { + my $redirect_url = '/adm/menu/'; + &redirect_user($r,&mt('Loading Domain Helpdesk Assistant Menu'), + $redirect_url); + return OK; + } if ($role eq 'sc') { my $redirect_url = '/adm/grades?command=scantronupload'; &redirect_user($r,&mt('Loading Data Upload Page'), @@ -658,22 +1144,71 @@ ENDENTERKEY my $crumbtext = 'User Roles'; my $pagetitle = 'My Roles'; my $recent = &mt('Recent Roles'); + my $standby = &mt('Role selected. Please stand by.'); my $show_course=&Apache::loncommon::show_course(); if ($show_course) { $crumbtext = 'Courses'; $pagetitle = 'My Courses'; $recent = &mt('Recent Courses'); + $standby = &mt('Course selected. Please stand by.'); + } + if (($norolelist) && ((split(/:/,$env{'user.error.msg'}))[2])) { + $crumbtext = 'Access Denied'; + $pagetitle = 'Unauthorized'; } my $brcrum =[{href=>"/adm/roles",text=>$crumbtext}]; + + my %roles_in_env; + my $showcount = &roles_from_env(\%roles_in_env,$update); + my $swinfo=&Apache::lonmenu::rawconfig(); - my $start_page=&Apache::loncommon::start_page($pagetitle,undef,{bread_crumbs=>$brcrum}); - my $standby=&mt('Role selected. Please stand by.'); - $standby=~s/\n/\\n/g; - my $noscript=''.&mt('Use of LON-CAPA requires Javascript to be enabled in your web browser.').'
'.&mt('As this is not the case, most functionality in the system will be unavailable.').'
'; + my %domdefs=&Apache::lonnet::get_domain_defaults($env{'user.domain'}); + my $cattype = 'std'; + if ($domdefs{'catauth'}) { + $cattype = $domdefs{'catauth'}; + } + my $placementonly; + if ($showcount == 1) { + if ($env{'request.course.id'}) { + if ($env{'course.'.$env{'request.course.id'}.'.type'} eq 'Placement') { + $placementonly = 1; + } + } else { + foreach my $rolecode (keys(%roles_in_env)) { + my ($cid) = ($rolecode =~ m{^\Quser.role.st./\E($match_domain/$match_courseid)(?:/|$)}); + if ($cid) { + my %coursedescription = + &Apache::lonnet::coursedescription($cid,{'one_time' => '1'}); + if ($coursedescription{'type'} eq 'Placement') { + $placementonly = 1; + } + last; + } + } + } + } + my ($start_page,$funcs); + if ($placementonly) { + $start_page=&Apache::loncommon::start_page($pagetitle,undef, + {bread_crumbs=>$brcrum,crstype=>'Placement'}); + } else { + my $crumbsright; + unless (($norolelist) && ((split(/:/,$env{'user.error.msg'}))[2])) { + $funcs = &get_roles_functions($showcount,$cattype); + if ($env{'browser.mobile'}) { + $crumbsright = $funcs; + undef($funcs); + } + } + $start_page=&Apache::loncommon::start_page($pagetitle,undef,{bread_crumbs=>$brcrum, + bread_crumbs_component=>$crumbsright}); + } + &js_escape(\$standby); + my $noscript='
'.&mt('Use of LON-CAPA requires Javascript to be enabled in your web browser.').'
'.&mt('As this is not the case, most functionality in the system will be unavailable.').'
'; $r->print(< +$funcs @@ -693,13 +1228,20 @@ function enterrole (thisform,rolecode,bu thisform.submit(); } else { alert('$standby'); - } + } } -function setToUpdate(thisform) { - thisform.doupdate.value='1'; - thisform.selectrole.value=''; - thisform.submit(); +function rolesView (caller) { + if ((caller == 'showall') || (caller == 'noshowall')) { + document.rolechoice.display.value = caller; + } else { + if ((caller == 'doupdate') || (caller == 'requestauthor') || + (caller == 'queued')) { + document.rolechoice.state.value = caller; + } + } + document.rolechoice.selectrole.value=''; + document.rolechoice.submit(); } // ]]> @@ -762,71 +1304,92 @@ ENDHEADER } } } -# -------------------------------------------------------- Choice or no choice? if ($nochoose) { - $r->print("

".&mt('Sorry ...')."

\n". - &mt('This action is currently not authorized.').''. - &Apache::loncommon::end_page()); - return OK; + $r->print("

".&mt('Sorry ...')."

\n". + &mt('This action is currently not authorized.').''); + if ($error && $norolelist) { + $r->print('

'. + &mt('As your session was launched from a web page external to LON-CAPA some course content may be unavailable, including the resource you were trying to access.'). + '

'. + '

'. + &mt('You may need to login to LON-CAPA directly, or re-launch from a different external system.'). + '

'); + } + $r->print(&Apache::loncommon::end_page()); + return OK; } else { - $r->print($updateresult); + if ($updateresult || $reqauthor || $hotlist) { + my $showresult = '
'; + if ($updateresult) { + $showresult .= &Apache::lonhtmlcommon::confirm_success($updateresult); + } + if ($reqauthor) { + $showresult .= &Apache::lonhtmlcommon::confirm_success($reqauthor); + } + if ($hotlist) { + $showresult .= $hotlist; + } + $showresult .= '
'; + $r->print($showresult); + } elsif ($env{'form.state'} eq 'queued') { + $r->print(&get_queued()); + } if (($ENV{'REDIRECT_QUERY_STRING'}) && ($fn)) { - $fn.='?'.$ENV{'REDIRECT_QUERY_STRING'}; + $fn.='?'.$ENV{'REDIRECT_QUERY_STRING'}; } + my $display = ($env{'form.display'} =~ /^(showall)$/); $r->print('
'); $r->print(''); $r->print(''); $r->print(''); + $r->print(''); + $r->print(''); + if ($blocked_by_ip) { + my $blocked_role = 'student'; + if ($blocked_type eq 'Community') { + $blocked_role = 'member'; + } + $r->print('

'. + &mt('The [_1] you selected is not available for access with a [_2] role from your current IP address: [_3].', + lc($blocked_type),$blocked_role,$clientip). + '

'); + } } $r->rflush(); my (%roletext,%sortrole,%roleclass,%futureroles,%timezones); - my ($countactive,$countfuture,$inrole,$possiblerole) = - &gather_roles($update,$refresh,$now,$reinit,$nochoose,\%roletext,\%sortrole,\%roleclass, - \%futureroles,\%timezones,$loncaparev); + my ($countactive,$countfuture,$inrole,$possiblerole) = + &gather_roles($update,$refresh,$now,$reinit,$nochoose,\%roles_in_env,\%roletext, + \%sortrole,\%roleclass,\%futureroles,\%timezones,$loncaparev); $refresh = $now; &Apache::lonnet::appenv({'user.refresh.time' => $refresh}); - my $updatebutton = &mt('Check for role changes'); - my $show_course=&Apache::loncommon::show_course(); - if ($show_course) { - $updatebutton = &mt('Check for new courses'); - } - my $do_update; - unless (($env{'form.source'} eq 'login') || ($env{'form.doupdate'})) { - $do_update = ''. - ''; - } - if ($env{'user.adv'}) { - my $showall = '