--- loncom/interface/loncreateuser.pm 2002/04/04 21:46:44 1.29 +++ loncom/interface/loncreateuser.pm 2002/08/07 18:04:35 1.37 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Create a user # -# $Id: loncreateuser.pm,v 1.29 2002/04/04 21:46:44 matthew Exp $ +# $Id: loncreateuser.pm,v 1.37 2002/08/07 18:04:35 matthew Exp $ # # Copyright Michigan State University Board of Trustees # @@ -47,7 +47,7 @@ # 11/12,11/13,11/15 Scott Harrison # 02/11/02 Matthew Hall # -# $Id: loncreateuser.pm,v 1.29 2002/04/04 21:46:44 matthew Exp $ +# $Id: loncreateuser.pm,v 1.37 2002/08/07 18:04:35 matthew Exp $ ### package Apache::loncreateuser; @@ -68,119 +68,16 @@ BEGIN { $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/; my $krbdefdom=$1; $krbdefdom=~tr/a-z/A-Z/; - $authformnop=(< - -Do not change login data -

-END - $authformkrb=(< - -Kerberos authenticated with domain - -

-END - $authformint=(< - -Internally authenticated (with initial password -) -

-END - $authformfsys=(< - -Filesystem authenticated (with initial password -) -

-END - $authformloc=(< - -Local Authentication with argument - -

-END - $loginscript=(< -function setkrb(vf) { - if (vf.krbdom.value!='') { - vf.login[0].checked=true; - vf.krbdom.value=vf.krbdom.value.toUpperCase(); - vf.intpwd.value=''; - vf.fsyspwd.value=''; - vf.locarg.value=''; - } -} - -function setint(vf) { - if (vf.intpwd.value!='') { - vf.login[1].checked=true; - vf.krbdom.value=''; - vf.fsyspwd.value=''; - vf.locarg.value=''; - } -} - -function setfsys(vf) { - if (vf.fsyspwd.value!='') { - vf.login[2].checked=true; - vf.krbdom.value=''; - vf.intpwd.value=''; - vf.locarg.value=''; - } -} - -function setloc(vf) { - if (vf.locarg.value!='') { - vf.login[3].checked=true; - vf.krbdom.value=''; - vf.intpwd.value=''; - vf.fsyspwd.value=''; - } -} - -function clicknop(vf) { - vf.krbdom.value=''; - vf.intpwd.value=''; - vf.fsyspwd.value=''; - vf.locarg.value=''; -} - -function clickkrb(vf) { - vf.krbdom.value='$krbdefdom'; - vf.intpwd.value=''; - vf.fsyspwd.value=''; - vf.locarg.value=''; -} - -function clickint(vf) { - vf.krbdom.value=''; - vf.fsyspwd.value=''; - vf.locarg.value=''; -} - -function clickfsys(vf) { - vf.krbdom.value=''; - vf.intpwd.value=''; - vf.locarg.value=''; -} - -function clickloc(vf) { - vf.krbdom.value=''; - vf.intpwd.value=''; - vf.fsyspwd.value=''; -} - -ENDLOGINSCRIPT - $generalrule=< -As a general rule, only authors or co-authors should be filesystem -authenticated (which allows access to the server filesystem). -

-END + my %param = ( formname => 'document.cu', + kerb_def_dom => $krbdefdom + ); + $loginscript = &Apache::loncommon::authform_header(%param); + $generalrule = &Apache::loncommon::authform_authorwarning(%param); + $authformnop = &Apache::loncommon::authform_nochange(%param); + $authformkrb = &Apache::loncommon::authform_kerberos(%param); + $authformint = &Apache::loncommon::authform_internal(%param); + $authformfsys = &Apache::loncommon::authform_filesystem(%param); + $authformloc = &Apache::loncommon::authform_local(%param); } # =================================================================== Phase one @@ -188,7 +85,9 @@ END sub phase_one { my $r=shift; my $defdom=$ENV{'user.domain'}; - $r->print(<print(<<"ENDDOCUMENT"); The LearningOnline Network with CAPA @@ -197,8 +96,10 @@ sub phase_one {

Create User, Change User Privileges

+

Username:
-Domain:

+Domain: $domform +

@@ -215,6 +116,10 @@ sub phase_two { $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/; my $krbdefdom=$1; $krbdefdom=~tr/a-z/A-Z/; + my %param = ( formname => 'document.cu', + kerb_def_dom => $krbdefdom + ); + $loginscript = &Apache::loncommon::authform_header(%param); my $defdom=$ENV{'user.domain'}; @@ -224,7 +129,7 @@ sub phase_two { The LearningOnline Network with CAPA -

Personal Data

@@ -304,11 +207,11 @@ ID/Student Number $home_server_list

Login Data

-$generalrule -$authformkrb -$authformint -$authformfsys -$authformloc +

$generalrule

+

$authformkrb

+

$authformint

+

$authformfsys

+

$authformloc

ENDNEWUSER } else { # user already exists $r->print(< END foreach ('firstname','middlename','lastname','generation') { + my $result = &Apache::lonnet::allowed('mau',$ccdomain); + &Apache::lonnet::logthis("allowed: mau, $ccdomain = $result"); if (&Apache::lonnet::allowed('mau',$ccdomain)) { $r->print(<<"END"); @@ -347,65 +252,80 @@ END my ($tmp) = keys(%rolesdump); unless ($tmp =~ /^(con_lost|error)/i) { my $now=time; - $r->print('

Revoke Existing Roles

'. - ''. - ''); + $r->print(< +

Revoke Existing Roles

+
RevokeRoleExtentStartEnd
+ +END foreach my $area (keys(%rolesdump)) { - if ($area!~/^rolesdef/) { - my $role = $rolesdump{$area}; - my $thisrole=$area; - $area=~s/\_\w\w$//; - my ($role_code,$role_end_time,$role_start_time) = - split(/_/,$role); - my $bgcol='ffffff'; - my $allows=0; - if ($area=~/^\/(\w+)\/(\d\w+)/) { - my %coursedata= - &Apache::lonnet::coursedescription($1.'_'.$2); - my $carea='Course: '.$coursedata{'description'}; - $inccourses{$1.'_'.$2}=1; - if (&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) { - $allows=1; - } - # Compute the background color based on $area - $bgcol=$1.'_'.$2; - $bgcol=~s/[^8-9b-e]//g; - $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6); - if ($area=~/^\/(\w+)\/(\d\w+)\/(\w+)/) { + next if ($area =~ /^rolesdef/); + my $role = $rolesdump{$area}; + my $thisrole=$area; + $area =~ s/\_\w\w$//; + my ($role_code,$role_end_time,$role_start_time) = + split(/_/,$role); + my $bgcol='ffffff'; + my $allowed=0; + if ($area =~ /^\/(\w+)\/(\d\w+)/ ) { + my %coursedata= + &Apache::lonnet::coursedescription($1.'_'.$2); + my $carea='Course: '.$coursedata{'description'}; + $inccourses{$1.'_'.$2}=1; + if (&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) { + $allowed=1; + } + # Compute the background color based on $area + $bgcol=$1.'_'.$2; + $bgcol=~s/[^8-9b-e]//g; + $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6); + if ($area=~/^\/(\w+)\/(\d\w+)\/(\w+)/) { $carea.='
Section/Group: '.$3; - } - $area=$carea; - } else { - # Determine if current user is able to revoke privileges - if ($area=~/^\/(\w+)\//) { - if (&Apache::lonnet::allowed('c'.$role_code,$1)) { - $allows=1; - } - } else { - if (&Apache::lonnet::allowed('c'.$role_code,'/')) { - $allows=1; - } - } - } - $r->print('\n"); - } + } + $area=$carea; + } else { + # Determine if current user is able to revoke privileges + if ($area=~ /^\/(\w+)\//) { + if (&Apache::lonnet::allowed('c'.$role_code,$1)) { + $allowed=1; + } + } else { + if (&Apache::lonnet::allowed('c'.$role_code,'/')) { + $allowed=1; + } + } + } + # I have no idea what the hell the above code does + # So the following is a check: + if ($allowed) { + # If we are looking at a co-author role, make sure it is + # for the current users construction space before we let + # them revoke it. + if (($role_code eq 'ca') && + ($ENV{'request.role'} !~ /^dc/)) { + if ($area !~ + /^\/$ENV{'user.domain'}\/$ENV{'user.name'}/) { + $allowed = 0; + } + } + } + my $row = ''; + $row.='\n"; + $r->print($row); } # end of foreach (table building loop) $r->print('
RevokeRoleExtentStartEnd
'); - my $active=1; - $active=0 if (($role_end_time) && ($now>$role_end_time)); - if (($active) && ($allows)) { - $r->print(''); - } else { - $r->print(' '); - } - $r->print(''. - &Apache::lonnet::plaintext($role_code). - ''.$area.''. - ($role_start_time ? localtime($role_start_time) - : ' ' ) - .''. - ($role_end_time ? localtime($role_end_time) - : ' ' ) - ."
'; + my $active=1; + $active=0 if (($role_end_time) && ($now>$role_end_time)); + if (($active) && ($allowed)) { + $row.= ''; + } else { + $row.=' '; + } + $row.= ''.&Apache::lonnet::plaintext($role_code). + ''.$area. + ''.($role_start_time?localtime($role_start_time) + : ' ' ). + ''.($role_end_time ?localtime($role_end_time) + : ' ' ) + ."
'); } # End of unless @@ -413,7 +333,10 @@ END if ($currentauth=~/^krb4:/) { $currentauth=~/^krb4:(.*)/; my $krbdefdom2=$1; - $loginscript=~s/vf\.krbdom\.value='.*?';/vf.krbdom.value='$krbdefdom2';/; + my %param = ( formname => 'document.cu', + kerb_def_dom => $krbdefdom + ); + $loginscript = &Apache::loncommon::authform_header(%param); } # Check for a bad authentication type unless ($currentauth=~/^krb4:/ or @@ -424,23 +347,27 @@ END if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) { $r->print(< + ERROR: This user has an unrecognized authentication scheme ($currentauth). Please specify login data below.

Login Data

-$generalrule -$authformkrb -$authformint -$authformfsys -$authformloc +

$generalrule

+

$authformkrb

+

$authformint

+

$authformfsys

+

$authformloc

ENDBADAUTH } else { # This user is not allowed to modify the users # authentication scheme, so just notify them of the problem $r->print(< + ERROR: This user has an unrecognized authentication scheme ($currentauth). Please alert a domain coordinator of this situation. @@ -452,40 +379,23 @@ ENDBADAUTH my $authform_other=''; if ($currentauth=~/^krb4:/) { $authformcurrent=$authformkrb; - $authform_other=$authformint.$authformfsys.$authformloc; - # embarrassing script hack here - $loginscript=~s/login\[3\]/login\[4\]/; # loc - $loginscript=~s/login\[2\]/login\[3\]/; # fsys - $loginscript=~s/login\[1\]/login\[2\]/; # int - $loginscript=~s/login\[0\]/login\[1\]/; # krb4 + $authform_other="

$authformint

\n". + "

$authformfsys

$authformloc

"; } elsif ($currentauth=~/^internal:/) { $authformcurrent=$authformint; - $authform_other=$authformkrb.$authformfsys.$authformloc; - # embarrassing script hack here - $loginscript=~s/login\[3\]/login\[4\]/; # loc - $loginscript=~s/login\[2\]/login\[3\]/; # fsys - $loginscript=~s/login\[1\]/login\[1\]/; # int - $loginscript=~s/login\[0\]/login\[2\]/; # krb4 + $authform_other="

$authformkrb

". + "

$authformfsys

$authformloc

"; } elsif ($currentauth=~/^unix:/) { $authformcurrent=$authformfsys; - $authform_other=$authformkrb.$authformint.$authformloc; - # embarrassing script hack here - $loginscript=~s/login\[3\]/login\[4\]/; # loc - $loginscript=~s/login\[1\]/login\[3\]/; # int - $loginscript=~s/login\[2\]/login\[1\]/; # fsys - $loginscript=~s/login\[0\]/login\[2\]/; # krb4 + $authform_other="

$authformkrb

". + "

$authformint

$authformloc;

"; } elsif ($currentauth=~/^localauth:/) { $authformcurrent=$authformloc; - $authform_other=$authformkrb.$authformint.$authformfsys; - # embarrassing script hack here - $loginscript=~s/login\[3\]/login\[loc\]/; # loc - $loginscript=~s/login\[2\]/login\[4\]/; # fsys - $loginscript=~s/login\[1\]/login\[3\]/; # int - $loginscript=~s/login\[0\]/login\[2\]/; # krb4 - $loginscript=~s/login\[loc\]/login\[1\]/; # loc + $authform_other="

$authformkrb

". + "

$authformint

$authformfsys

"; } $authformcurrent=< @@ -501,11 +411,13 @@ ENDCURRENTAUTH # Current user has login modification privileges $r->print(< +

Change Current Login Data

-$generalrule -$authformnop -$authformcurrent +

$generalrule

+

$authformnop

+

$authformcurrent

Enter New Login Data

$authform_other ENDOTHERAUTHS @@ -626,17 +538,26 @@ ENDTHREEHEAD my $genpwd=''; if ($ENV{'form.login'} eq 'krb') { $amode='krb4'; - $genpwd=$ENV{'form.krbdom'}; + $genpwd=$ENV{'form.krbarg'}; } elsif ($ENV{'form.login'} eq 'int') { $amode='internal'; - $genpwd=$ENV{'form.intpwd'}; + $genpwd=$ENV{'form.intarg'}; } elsif ($ENV{'form.login'} eq 'fsys') { $amode='unix'; - $genpwd=$ENV{'form.fsyspwd'}; + $genpwd=$ENV{'form.fsysarg'}; } elsif ($ENV{'form.login'} eq 'loc') { $amode='localauth'; $genpwd=$ENV{'form.locarg'}; $genpwd=" " if (!$genpwd); + } elsif (($ENV{'form.login'} eq 'nochange') || + ($ENV{'form.login'} eq '' )) { + # There is no need to tell the user we did not change what they + # did not ask us to change. + # If they are creating a new user but have not specified login + # information this will be caught below. + } else { + $r->print($error.'Invalid login mode or password'.$end); + return; } if ($ENV{'form.makeuser'}) { # Create a new user @@ -654,7 +575,8 @@ ENDNEWUSERHEAD if (lc($desiredhost) eq 'default') { $desiredhost = undef; } else { - my %home_servers = &get_home_servers($ENV{'form.ccdomain'}); + my %home_servers = &Apache::loncommon::get_home_servers + ($ENV{'form.ccdomain'}); if (! exists($home_servers{$desiredhost})) { $r->print($error.'Invalid home server specified'); return; @@ -672,7 +594,8 @@ ENDNEWUSERHEAD $ENV{'form.ccdomain'}); $r->print('
Home server: '.$home.' '. $Apache::lonnet::libserv{$home}); - } elsif ($ENV{'form.login'} ne '') { + } elsif (($ENV{'form.login'} ne 'nochange') && + ($ENV{'form.login'} ne '' )) { # Modify user privileges $r->print(<Change User Privileges @@ -683,9 +606,9 @@ ENDMODIFYUSERHEAD return; } # Only allow authentification modification if the person has authority - if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) { + if (&Apache::lonnet::allowed('mau',$ENV{'form.ccdomain'})) { $r->print('Modifying authentication: '. - &Apache::lonnet::modifyuserauth( + &Apache::lonnet::modifyuserauth( $ENV{'form.ccdomain'},$ENV{'form.ccuname'}, $amode,$genpwd)); $r->print('
Home server: '.&Apache::lonnet::homeserver @@ -934,16 +857,6 @@ ENDTABLE #---------------------------------------------- end functions for &phase_two #--------------------------------- functions for &phase_two and &phase_three -sub get_home_servers { - my $domain = shift; - my %home_servers; - foreach (keys(%Apache::lonnet::libserv)) { - if ($Apache::lonnet::hostdom{$_} eq $domain) { - $home_servers{$_} = $Apache::lonnet::hostname{$_}; - } - } - return %home_servers; -} #--------------------------end of functions for &phase_two and &phase_three