--- loncom/interface/groupsort.pm 2015/03/12 02:12:40 1.68.6.7 +++ loncom/interface/groupsort.pm 2016/11/22 15:55:40 1.68.6.8 @@ -2,7 +2,7 @@ # The LON-CAPA group sort handler # Allows for sorting prior to import into RAT. # -# $Id: groupsort.pm,v 1.68.6.7 2015/03/12 02:12:40 raeburn Exp $ +# $Id: groupsort.pm,v 1.68.6.8 2016/11/22 15:55:40 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -32,7 +32,7 @@ package Apache::groupsort; use strict; -use Apache::Constants qw(:common); +use Apache::Constants qw(:common :http); use GDBM_File; use Apache::loncommon; use Apache::lonlocal; @@ -203,16 +203,79 @@ sub handler { $r->send_http_header; return OK if $r->header_only; +# permissions checking + my ($allowed,$canedit,$context,$cid); + if ($env{'form.readfile'} =~ m{^/uploaded/($match_domain)/($match_courseid)/}) { + my ($cdom,$cnum) = ($1,$2); + $cid = $cdom.'_'.$cnum; + $context = 'course'; + if ((&Apache::lonnet::allowed('mdc',$cid)) || + (&Apache::lonnet::allowed('cev',$cid))) { + $allowed = 1; + } + } elsif ($env{'form.readfile'} =~ m{^/res/}) { + $context = 'res'; + if ((&Apache::lonnet::allowed('bre',$env{'form.readfile'})) || + (&Apache::lonnet::allowed('bro',$env{'form.readfile'}))) { + $allowed = 1; + } + } elsif (($env{'form.readfile'} eq '') && ($env{'form.acts'} ne '')) { + $allowed = 1; + } + if ($allowed) { + if ($env{'form.mode'} eq 'rat') { + if (&Apache::lonnet::allowed('are',$env{'request.role.domain'})) { + $canedit = 1; + } + } elsif (($env{'form.mode'} eq 'simple') || ($env{'form.mode'} eq '')) { + if ($context eq 'course') { + if (&Apache::lonnet::allowed('mdc',$cid)) { + $canedit = 1; + } + } elsif (($env{'request.course.id'}) && + (&Apache::lonnet::allowed('mdc',$env{'request.course.id'}))) { + $canedit = 1; + } elsif (&Apache::lonnet::allowed('are',$env{'request.role.domain'})) { + $canedit = 1; + } + } + } + + unless ($allowed) { + if ($context eq 'course') { + if ($env{'request.course.id'} eq $cid) { + $env{'user.error.msg'}= + "/adm/groupsort::0:1:Course environment gone, reinitialize the course"; + } else { + $env{'user.error.msg'}= + "/adm/groupsort:bre:0:0:Cannot view folder contents"; + } + } else { + $env{'user.error.msg'}= + "/adm/groupsort:bre:0:0:Cannot view map contents"; + } + return HTTP_NOT_ACCEPTABLE; + } + # finish_import looks different for graphical or "simple" RAT my $finishimport=''; my $begincondition=''; my $endcondition=''; + my $noedit; + unless ($canedit) { + if ($context eq 'course') { + $noedit = &js_escape(&mt('You do not have rights to edit the course.')); + } else { + $noedit = &js_escape(&mt('You do not have rights to edit map contents.')); + } + } if (($env{'form.readfile'})) { $begincondition='if (eval("document.forms.groupsort.include"+num+".checked")) {'; $endcondition='}'; } if ($env{'form.mode'} eq 'simple' || $env{'form.mode'} eq '') { - $finishimport=(< 1) || ($env{'form.readfile'})) { my %lt=&Apache::lonlocal::texthash( 'fin'=> 'Finalize order of resources', @@ -339,7 +421,7 @@ END if ($env{'form.recover'}) { $r->print(<  + onclick="finish_import()"$disabled />  END } else { @@ -354,7 +436,7 @@ END     + onclick="finish_import()"$disabled /> 
@@ -404,7 +486,7 @@ END $r->print(&Apache::loncommon::start_data_table_row() .""); if (($env{'form.readfile'})) { - $r->print(&checkbox($ctr-1)); + $r->print(&checkbox($ctr-1,$disabled)); } else { $r->print(&movers($clen,$ctr)); } @@ -415,7 +497,7 @@ END $r->print(""); unless (($env{'form.readfile'})) { $r->print("". - &select_box($clen,$ctr). + &select_box($clen,$ctr,$disabled). ""); } $r->print(""); @@ -485,10 +567,10 @@ END # ------------------------------------------ Select box (returns scalar string) sub select_box { - my ($total,$sel) = @_; + my ($total,$sel,$disabled) = @_; my $string; $string = ''.&mt('Include').''; + $disabled.' />'.&mt('Include').''; } 1;