--- loncom/interface/loncreateuser.pm 2001/04/12 19:43:49 1.12 +++ loncom/interface/loncreateuser.pm 2002/02/11 15:37:58 1.25 @@ -1,6 +1,30 @@ -# The LearningOnline Network +# The LearningOnline Network with CAPA # Create a user # +# $Id: loncreateuser.pm,v 1.25 2002/02/11 15:37:58 matthew Exp $ +# +# Copyright Michigan State University Board of Trustees +# +# This file is part of the LearningOnline Network with CAPA (LON-CAPA). +# +# LON-CAPA is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# LON-CAPA is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with LON-CAPA; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# /home/httpd/html/adm/gpl.txt +# +# http://www.lon-capa.org/ +# # (Create a course # (My Desk # @@ -10,6 +34,7 @@ # 5/21/99,5/22,5/25,5/26,5/31,6/2,6/10,7/12,7/14, # 1/14/00,5/29,5/30,6/1,6/29,7/1,11/9 Gerd Kortemeyer) # +# YEAR=2001 # 3/1/1 Gerd Kortemeyer) # # 3/1 Gerd Kortemeyer) @@ -17,13 +42,147 @@ # 2/14 Gerd Kortemeyer) # # 2/14,2/17,2/19,2/20,2/21,2/22,2/23,3/2,3/17,3/24,04/12 Gerd Kortemeyer +# April Guy Albertelli +# 05/10,10/16 Gerd Kortemeyer +# 11/12,11/13,11/15 Scott Harrison +# 02/11/02 Matthew Hall # +# $Id: loncreateuser.pm,v 1.25 2002/02/11 15:37:58 matthew Exp $ +### + package Apache::loncreateuser; use strict; use Apache::Constants qw(:common :http); use Apache::lonnet; +my $loginscript; # piece of javascript used in two separate instances +my $generalrule; +my $authformnop; +my $authformkrb; +my $authformint; +my $authformfsys; +my $authformloc; + +BEGIN { + $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/; + my $krbdefdom=$1; + $krbdefdom=~tr/a-z/A-Z/; + $authformnop=(< + +Do not change login data +

+END + $authformkrb=(< + +Kerberos authenticated with domain + +

+END + $authformint=(< + +Internally authenticated (with initial password +) +

+END + $authformfsys=(< + +Filesystem authenticated (with initial password +) +

+END + $authformloc=(< + +Local Authentication with argument + +

+END + $loginscript=(< +function setkrb(vf) { + if (vf.krbdom.value!='') { + vf.login[0].checked=true; + vf.krbdom.value=vf.krbdom.value.toUpperCase(); + vf.intpwd.value=''; + vf.fsyspwd.value=''; + vf.locarg.value=''; + } +} + +function setint(vf) { + if (vf.intpwd.value!='') { + vf.login[1].checked=true; + vf.krbdom.value=''; + vf.fsyspwd.value=''; + vf.locarg.value=''; + } +} + +function setfsys(vf) { + if (vf.fsyspwd.value!='') { + vf.login[2].checked=true; + vf.krbdom.value=''; + vf.intpwd.value=''; + vf.locarg.value=''; + } +} + +function setloc(vf) { + if (vf.locarg.value!='') { + vf.login[3].checked=true; + vf.krbdom.value=''; + vf.intpwd.value=''; + vf.fsyspwd.value=''; + } +} + +function clicknop(vf) { + vf.krbdom.value=''; + vf.intpwd.value=''; + vf.fsyspwd.value=''; + vf.locarg.value=''; +} + +function clickkrb(vf) { + vf.krbdom.value='$krbdefdom'; + vf.intpwd.value=''; + vf.fsyspwd.value=''; + vf.locarg.value=''; +} + +function clickint(vf) { + vf.krbdom.value=''; + vf.fsyspwd.value=''; + vf.locarg.value=''; +} + +function clickfsys(vf) { + vf.krbdom.value=''; + vf.intpwd.value=''; + vf.locarg.value=''; +} + +function clickloc(vf) { + vf.krbdom.value=''; + vf.intpwd.value=''; + vf.fsyspwd.value=''; +} + +ENDLOGINSCRIPT + $generalrule=< +As a general rule, only authors or co-authors should be filesystem +authenticated (which allows access to the server filesystem). +

+END +} + # =================================================================== Phase one sub phase_one { @@ -62,7 +221,7 @@ sub phase_two { $ccuname=~s/\W//g; $ccdomain=~s/\W//g; - $r->print(< The LearningOnline Network with CAPA @@ -92,99 +251,97 @@ sub phase_two { - -

Create User, Change User Privileges

-
- - - - - - - - - -ENDENHEAD + +ENDDOCHEAD + my $forminfo =<<"ENDFORMINFO"; + + + + + + + + + +ENDFORMINFO my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain); my %incdomains; my %inccourses; - $incdomains{$ENV{'user.domain'}}=1; - map { + foreach (%Apache::lonnet::hostdom) { + $incdomains{$_}=1; + } + foreach (keys(%ENV)) { if ($_=~/^user\.priv\.cm\.\/(\w+)\/(\w+)/) { $inccourses{$1.'_'.$2}=1; } - } %ENV; + } if ($uhome eq 'no_host') { $r->print(<New user $ccuname at $ccdomain - - +$dochead +

Create New User

+$forminfo +

New user "$ccuname" in domain $ccdomain

+ENDNUSER + $r->print(<

Personal Data

-First Name:
-Middle Name:
-Last Name:
-Generation:

+

+ + + + + + + + + +
First Name
Middle Name
Last Name
Generation
+ID/Student Number

-ID/Student Number:

+

Login Data

- -Kerberos authenticated with domain -

- -Internally authenticated (with initial password -) +$generalrule +$authformkrb +$authformint +$authformfsys +$authformloc ENDNUSER - } else { - $r->print('

Existing user '.$ccuname.' at '.$ccdomain.'

'); - + } else { # user already exists + $r->print(<Change User Privileges +$forminfo +

User "$ccuname" in domain $ccdomain

+ENDCHUSER my $rolesdump=&Apache::lonnet::reply( "dump:$ccdomain:$ccuname:roles",$uhome); + # Build up table of user roles to allow revocation of a role. unless ($rolesdump eq 'con_lost') { my $now=time; $r->print('

Revoke Existing Roles

'. ''. ''); - map { + foreach (split(/&/,$rolesdump)) { if ($_!~/^rolesdef\&/) { - my ($area,$role)=split(/=/,$_); my $thisrole=$area; $area=~s/\_\w\w$//; - my ($trole,$tend,$tstart)=split(/_/,$role); + my ($role_code,$role_end_time,$role_start_time)=split(/_/,$role); my $bgcol='ffffff'; my $allows=0; if ($area=~/^\/(\w+)\/(\d\w+)/) { my %coursedata=&Apache::lonnet::coursedescription($1.'_'.$2); my $carea='Course: '.$coursedata{'description'}; $inccourses{$1.'_'.$2}=1; - if (&Apache::lonnet::allowed('c'.$trole,$1.'/'.$2)) { + if (&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) { $allows=1; } + # What follows is an odd computation. It seems the value + # of the $area variable above is used to compute the + # background color. This makes sense, but I can't make + # heads or tail of the computation at this point.. $bgcol=$1.'_'.$2; $bgcol=~s/[^8-9b-e]//g; $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6); @@ -194,50 +351,162 @@ ENDNUSER $area=$carea; } else { if ($area=~/^\/(\w+)\//) { - $incdomains{$1}=1; - if (&Apache::lonnet::allowed('c'.$trole,$1)) { + if (&Apache::lonnet::allowed('c'.$role_code,$1)) { $allows=1; } } else { - if (&Apache::lonnet::allowed('c'.$trole,'/')) { + if (&Apache::lonnet::allowed('c'.$role_code,'/')) { $allows=1; } } } my $active=1; - if (($tend) && ($now>$tend)) { $active=0; } - - $r->print('\n"); + ($role_start_time ? localtime($role_start_time) + : ' ' ) + .'\n"); } - } split(/&/,$rolesdump); + } $r->print('
RevokeRoleExtentStartEnd
'); - if ($active) { - if ($allows) { - $r->print( - ''); - } else { - $r->print(' '); - } + if (($role_end_time) && ($now>$role_end_time)) { $active=0; } + $r->print('
'); + if (!($active) && ($allows)) { + $r->print(''); } else { $r->print(' '); } - $r->print(''.&Apache::lonnet::plaintext($trole). + $r->print(''.&Apache::lonnet::plaintext($role_code). ''.$area.''. - ($tstart?localtime($tstart):' ').''. - ($tend?localtime($tend):' ')."
'. + ($role_end_time ? localtime($role_end_time) + : ' ' ) + ."
'); } + my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain); + if ($currentauth=~/^krb4:/) { + $currentauth=~/^krb4:(.*)/; + my $krbdefdom2=$1; + $loginscript=~s/vf\.krbdom\.value='.*?';/vf.krbdom.value='$krbdefdom2';/; + } + # Here is where we'll have to check against the permissions of the + # user attempting to modify this users data. Only users with + # MAU (Modify Authentication User) permissions should be able to + # make these changes. I think a subroutine would be in order here. + unless ($currentauth=~/^krb4:/ or + $currentauth=~/^unix:/ or + $currentauth=~/^internal:/ or + $currentauth=~/^localauth:/ + ) { + $r->print(< +$loginscript +ERROR: +This user has an unrecognized authentication scheme ($currentauth). +Please specify login data below. +

Login Data

+$generalrule +$authformkrb +$authformint +$authformfsys +$authformloc +END + } + else { + my $authformcurrent=''; + my $authformother=''; + if ($currentauth=~/^krb4:/) { + $authformcurrent=$authformkrb; + $authformother=$authformint.$authformfsys.$authformloc; + # embarrassing script hack here + $loginscript=~s/login\[3\]/login\[4\]/; # loc + $loginscript=~s/login\[2\]/login\[3\]/; # fsys + $loginscript=~s/login\[1\]/login\[2\]/; # int + $loginscript=~s/login\[0\]/login\[1\]/; # krb4 + } + elsif ($currentauth=~/^internal:/) { + $authformcurrent=$authformint; + $authformother=$authformkrb.$authformfsys.$authformloc; + # embarrassing script hack here + $loginscript=~s/login\[3\]/login\[4\]/; # loc + $loginscript=~s/login\[2\]/login\[3\]/; # fsys + $loginscript=~s/login\[1\]/login\[1\]/; # int + $loginscript=~s/login\[0\]/login\[2\]/; # krb4 + } + elsif ($currentauth=~/^unix:/) { + $authformcurrent=$authformfsys; + $authformother=$authformkrb.$authformint.$authformloc; + # embarrassing script hack here + $loginscript=~s/login\[3\]/login\[4\]/; # loc + $loginscript=~s/login\[1\]/login\[3\]/; # int + $loginscript=~s/login\[2\]/login\[1\]/; # fsys + $loginscript=~s/login\[0\]/login\[2\]/; # krb4 + } + elsif ($currentauth=~/^localauth:/) { + $authformcurrent=$authformloc; + $authformother=$authformkrb.$authformint.$authformfsys; + # embarrassing script hack here + $loginscript=~s/login\[3\]/login\[loc\]/; # loc + $loginscript=~s/login\[2\]/login\[4\]/; # fsys + $loginscript=~s/login\[1\]/login\[3\]/; # int + $loginscript=~s/login\[0\]/login\[2\]/; # krb4 + $loginscript=~s/login\[loc\]/login\[1\]/; # loc + } + $authformcurrent=< + +* * * WARNING * * * +* * * WARNING * * * + +$authformcurrent +Changing this value will overwrite existing authentication for the user; you should notify the user of this change. + +END + $r->print(< +$loginscript +

Change Current Login Data

+$generalrule +$authformnop +$authformcurrent +

Enter New Login Data

+$authformother +END + } + } ## End of new user/old user logic + $r->print('

Add Roles

'); +# +# Co-Author +# + + if (&Apache::lonnet::allowed('cca',$ENV{'user.domain'})) { + my $cuname=$ENV{'user.name'}; + my $cudom=$ENV{'user.domain'}; + $r->print(<Construction Space + + + + + + + + + +
ActivateRoleExtentStartEnd
Co-Author$cudom\_$cuname +Set Start Date +Set End Date
+ENDCOAUTH } - $r->print('

Add Roles

System Level

'); # # Domain level # $r->print('

Domain Level

'. ''. ''); - map { + foreach ( sort( keys(%incdomains))) { my $thisdomain=$_; - map { + foreach ('dc','li','dg','au') { if (&Apache::lonnet::allowed('c'.$_,$thisdomain)) { my $plrole=&Apache::lonnet::plaintext($_); $r->print(< ENDDROW } - } ('dc','li','dg','au'); - } sort keys %incdomains; + } + } $r->print('
ActivateRoleExtentStartEnd
'); # # Course level @@ -263,35 +532,39 @@ ENDDROW $r->print('

Course Level

'. ''. ''); - map { + foreach (sort( keys(%inccourses))) { my $thiscourse=$_; - $thiscourse=~s/\_/\//g; + my $protectedcourse=$_; + $thiscourse=~s:_:/:g; my %coursedata=&Apache::lonnet::coursedescription($thiscourse); my $area=$coursedata{'description'}; my $bgcol=$thiscourse; $bgcol=~s/[^8-9b-e]//g; $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6); - map { + foreach ('st','ta','ep','ad','in','cc') { if (&Apache::lonnet::allowed('c'.$_,$thiscourse)) { my $plrole=&Apache::lonnet::plaintext($_); - $r->print(<print(" - + - - - + +"javascript:pjump('date_end','End Date $plrole',document.cu.end_$protectedcourse\_$_.value,'end_$protectedcourse\_$_','cu.pres','dateset')">Set End Date ENDROW - } - } ('st','ta','ep','ad','in','cc'); - } sort keys %inccourses; + } + } $r->print('
ActivateRoleExtentGroup/SectionStartEnd
$plrole $area +"); + if ($_ ne 'cc') { + $r->print(""); + } else { $r->print(" "); } + $r->print(< Set Start Date +"javascript:pjump('date_start','Start Date $plrole',document.cu.start_$protectedcourse\_$_.value,'start_$protectedcourse\_$_','cu.pres','dateset')">Set Start Date Set End Date
'); $r->print(''); $r->print(''); @@ -323,7 +596,14 @@ ENDTHREEHEAD } elsif ($ENV{'form.login'} eq 'int') { $amode='internal'; $genpwd=$ENV{'form.intpwd'}; - } + } elsif ($ENV{'form.login'} eq 'fsys') { + $amode='unix'; + $genpwd=$ENV{'form.fsyspwd'}; + } elsif ($ENV{'form.login'} eq 'loc') { + $amode='localauth'; + $genpwd=$ENV{'form.locarg'}; + if (!$genpwd) { $genpwd=" "; } + } if (($amode) && ($genpwd)) { $r->print('Generating user: '.&Apache::lonnet::modifyuser( $ENV{'form.cdomain'},$ENV{'form.cuname'}, @@ -340,9 +620,44 @@ ENDTHREEHEAD $r->print('Invalid username or domain'); } } + if (!$ENV{'form.makeuser'} and $ENV{'form.login'} ne 'nop') { + $r->print('

Changing User Login Data

'); + if (($ENV{'form.cuname'})&&($ENV{'form.cuname'}!~/\W/)&& + ($ENV{'form.cdomain'})&&($ENV{'form.cdomain'}!~/\W/)) { + my $amode=''; + my $genpwd=''; + if ($ENV{'form.login'} eq 'krb') { + $amode='krb4'; + $genpwd=$ENV{'form.krbdom'}; + } elsif ($ENV{'form.login'} eq 'int') { + $amode='internal'; + $genpwd=$ENV{'form.intpwd'}; + } elsif ($ENV{'form.login'} eq 'fsys') { + $amode='unix'; + $genpwd=$ENV{'form.fsyspwd'}; + } elsif ($ENV{'form.login'} eq 'loc') { + $amode='localauth'; + $genpwd=$ENV{'form.locarg'}; + if (!$genpwd) { $genpwd=" "; } + } + if (($amode) && ($genpwd)) { + $r->print('Modifying authentication: '. + &Apache::lonnet::modifyuserauth( + $ENV{'form.cdomain'},$ENV{'form.cuname'}, + $amode,$genpwd)); + $r->print('
Home server: '.&Apache::lonnet::homeserver + ($ENV{'form.cuname'},$ENV{'form.cdomain'})); + + } else { + $r->print('Invalid login mode or password'); + } + } else { + $r->print('Invalid username or domain'); + } + } my $now=time; $r->print('

Modifying Roles

'); - map { + foreach (keys (%ENV)) { if (($_=~/^form\.rev\:([^\_]+)\_([^\_]+)$/) && ($ENV{$_})) { $r->print('Revoking '.$2.' in '.$1.': '. &Apache::lonnet::assignrole($ENV{'form.cdomain'},$ENV{'form.cuname'}, @@ -359,8 +674,8 @@ ENDTHREEHEAD $ENV{'course.'.$cid.'.home'}).'
'); } } - } keys %ENV; - map { + } + foreach (keys(%ENV)) { if (($_=~/^form\.act\_([^\_]+)\_([^\_]+)\_([^\_]+)$/) && ($ENV{$_})) { my $url='/'.$1.'/'.$2; if ($ENV{'form.sec_'.$1.'_'.$2.'_'.$3}) { @@ -402,7 +717,7 @@ ENDTHREEHEAD &Apache::lonnet::assignrole($ENV{'form.cdomain'},$ENV{'form.cuname'}, $url,$2,$end,$start).'
'); } - } keys %ENV; + } $r->print(''); } @@ -420,6 +735,7 @@ sub handler { (&Apache::lonnet::allowed('cin',$ENV{'request.course.id'})) || (&Apache::lonnet::allowed('ccr',$ENV{'request.course.id'})) || (&Apache::lonnet::allowed('cep',$ENV{'request.course.id'})) || + (&Apache::lonnet::allowed('cca',$ENV{'user.domain'})) || (&Apache::lonnet::allowed('mau',$ENV{'user.domain'}))) { $r->content_type('text/html'); $r->send_http_header;