--- loncom/interface/loncreateuser.pm 2002/08/21 17:18:08 1.40 +++ loncom/interface/loncreateuser.pm 2003/05/10 23:06:52 1.53 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Create a user # -# $Id: loncreateuser.pm,v 1.40 2002/08/21 17:18:08 www Exp $ +# $Id: loncreateuser.pm,v 1.53 2003/05/10 23:06:52 www Exp $ # # Copyright Michigan State University Board of Trustees # @@ -44,10 +44,9 @@ # 2/14,2/17,2/19,2/20,2/21,2/22,2/23,3/2,3/17,3/24,04/12 Gerd Kortemeyer # April Guy Albertelli # 05/10,10/16 Gerd Kortemeyer -# 11/12,11/13,11/15 Scott Harrison # 02/11/02 Matthew Hall # -# $Id: loncreateuser.pm,v 1.40 2002/08/21 17:18:08 www Exp $ +# $Id: loncreateuser.pm,v 1.53 2003/05/10 23:06:52 www Exp $ ### package Apache::loncreateuser; @@ -71,37 +70,59 @@ BEGIN { my %param = ( formname => 'document.cu', kerb_def_dom => $krbdefdom ); - $loginscript = &Apache::loncommon::authform_header(%param); +# no longer static due to configurable kerberos defaults +# $loginscript = &Apache::loncommon::authform_header(%param); $generalrule = &Apache::loncommon::authform_authorwarning(%param); $authformnop = &Apache::loncommon::authform_nochange(%param); - $authformkrb = &Apache::loncommon::authform_kerberos(%param); +# no longer static due to configurable kerberos defaults +# $authformkrb = &Apache::loncommon::authform_kerberos(%param); $authformint = &Apache::loncommon::authform_internal(%param); $authformfsys = &Apache::loncommon::authform_filesystem(%param); $authformloc = &Apache::loncommon::authform_local(%param); } + + +# ==================================================== Figure out author access + +sub authorpriv { + my ($auname,$audom)=@_; + if (($auname ne $ENV{'user.name'}) || + (($audom ne $ENV{'user.domain'}) && + ($audom ne $ENV{'request.role.domain'}))) { return ''; } + unless (&Apache::lonnet::allowed('cca',$audom)) { return ''; } + return 1; +} + # =================================================================== Phase one -sub phase_one { +sub print_username_entry_form { my $r=shift; - my $defdom=$ENV{'user.domain'}; + my $defdom=$ENV{'request.role.domain'}; my @domains = &Apache::loncommon::get_domains(); my $domform = &Apache::loncommon::select_dom_form($defdom,'ccdomain'); my $bodytag =&Apache::loncommon::bodytag( 'Create Users, Change User Privileges'); + my $selscript=&Apache::loncommon::studentbrowser_javascript(); + my $sellink=&Apache::loncommon::selectstudent_link + ('crtuser','ccuname','ccdomain'); $r->print(<<"ENDDOCUMENT"); The LearningOnline Network with CAPA +$selscript $bodytag -
- + +

-Username:
-Domain: $domform + + +
Username: +$sellink
+Domain:$domform

- +
@@ -109,23 +130,26 @@ ENDDOCUMENT } # =================================================================== Phase two -sub phase_two { +sub print_user_modification_page { my $r=shift; my $ccuname=$ENV{'form.ccuname'}; my $ccdomain=$ENV{'form.ccdomain'}; - $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/; - my $krbdefdom=$1; - $krbdefdom=~tr/a-z/A-Z/; + my $defdom=$ENV{'request.role.domain'}; + + my ($krbdef,$krbdefdom) = + &Apache::loncommon::get_kerberos_defaults($defdom); + my %param = ( formname => 'document.cu', - kerb_def_dom => $krbdefdom + kerb_def_dom => $krbdefdom, + kerb_def_auth => $krbdef ); $loginscript = &Apache::loncommon::authform_header(%param); - - my $defdom=$ENV{'user.domain'}; + $authformkrb = &Apache::loncommon::authform_kerberos(%param); $ccuname=~s/\W//g; $ccdomain=~s/\W//g; + my $pjump_def = &Apache::lonhtmlcommon::pjump_javascript_definition(); my $dochead =<<"ENDDOCHEAD"; @@ -138,14 +162,7 @@ sub phase_two { parmwin.close(); } - function pjump(type,dis,value,marker,ret,call) { - parmwin=window.open("/adm/rat/parameter.html?type="+escape(type) - +"&value="+escape(value)+"&marker="+escape(marker) - +"&return="+escape(ret) - +"&call="+escape(call)+"&name="+escape(dis),"LONCAPAparms", - "height=350,width=350,scrollbars=no,menubar=no"); - - } + $pjump_def function dateset() { eval("document.cu."+document.cu.pres_marker.value+ @@ -160,7 +177,7 @@ ENDDOCHEAD 'Create Users, Change User Privileges')); my $forminfo =<<"ENDFORMINFO";
- + @@ -170,7 +187,7 @@ ENDFORMINFO my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain); my %incdomains; my %inccourses; - foreach (%Apache::lonnet::hostdom) { + foreach (values(%Apache::lonnet::hostdom)) { $incdomains{$_}=1; } foreach (keys(%ENV)) { @@ -237,7 +254,7 @@ END foreach ('firstname','middlename','lastname','generation') { if (&Apache::lonnet::allowed('mau',$ccdomain)) { $r->print(<<"END"); - + END } else { $r->print(''.$userenv{$_}.''); @@ -255,7 +272,7 @@ END

Revoke Existing Roles

- + END foreach my $area (keys(%rolesdump)) { next if ($area =~ /^rolesdef/); @@ -266,14 +283,26 @@ END split(/_/,$role); my $bgcol='ffffff'; my $allowed=0; + my $delallowed=0; if ($area =~ /^\/(\w+)\/(\d\w+)/ ) { my %coursedata= &Apache::lonnet::coursedescription($1.'_'.$2); - my $carea='Course: '.$coursedata{'description'}; + my $carea; + if (defined($coursedata{'description'})) { + $carea='Course: '.$coursedata{'description'}. + '
Domain: '.$1; + } else { + $carea='Unavailable course: '.$area; + } $inccourses{$1.'_'.$2}=1; - if (&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) { + if ((&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) || + (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) { $allowed=1; } + if ((&Apache::lonnet::allowed('dro',$1)) || + (&Apache::lonnet::allowed('dro',$ccdomain))) { + $delallowed=1; + } # Compute the background color based on $area $bgcol=$1.'_'.$2; $bgcol=~s/[^8-9b-e]//g; @@ -285,27 +314,27 @@ END } else { # Determine if current user is able to revoke privileges if ($area=~ /^\/(\w+)\//) { - if (&Apache::lonnet::allowed('c'.$role_code,$1)) { + if ((&Apache::lonnet::allowed('c'.$role_code,$1)) || + (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) { $allowed=1; } + if (((&Apache::lonnet::allowed('dro',$1)) || + (&Apache::lonnet::allowed('dro',$ccdomain))) && + ($role_code ne 'dc')) { + $delallowed=1; + } } else { if (&Apache::lonnet::allowed('c'.$role_code,'/')) { $allowed=1; } } } - # I have no idea what the hell the above code does - # So the following is a check: - if ($allowed) { - # If we are looking at a co-author role, make sure it is - # for the current users construction space before we let - # them revoke it. - if (($role_code eq 'ca') && - ($ENV{'request.role'} !~ /^dc/)) { - if ($area !~ - /^\/$ENV{'user.domain'}\/$ENV{'user.name'}/) { - $allowed = 0; - } + if ($role_code eq 'ca') { + $area=~/\/(\w+)\/(\w+)/; + if (&authorpriv($2,$1)) { + $allowed=1; + } else { + $allowed=0; } } my $row = ''; @@ -317,6 +346,12 @@ END } else { $row.=' '; } + $row.='
RevokeRoleExtentStartEnd
RevokeDeleteRoleExtentStartEnd'; + if ($delallowed) { + $row.= ''; + } else { + $row.=' '; + } $row.= ''.&Apache::lonnet::plaintext($role_code). ''.$area. ''.($role_start_time?localtime($role_start_time) @@ -329,21 +364,21 @@ END $r->print('
'); } # End of unless my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain); - if ($currentauth=~/^krb4:/) { - $currentauth=~/^krb4:(.*)/; - my $krbdefdom2=$1; + if ($currentauth=~/^krb(4|5):/) { + $currentauth=~/^krb(4|5):(.*)/; + my $krbdefdom=$1; my %param = ( formname => 'document.cu', kerb_def_dom => $krbdefdom ); $loginscript = &Apache::loncommon::authform_header(%param); } # Check for a bad authentication type - unless ($currentauth=~/^krb4:/ or + unless ($currentauth=~/^krb(4|5):/ or $currentauth=~/^unix:/ or $currentauth=~/^internal:/ or $currentauth=~/^localauth:/ ) { # bad authentication scheme - if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) { + if (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'})) { $r->print(<