--- loncom/interface/lonfeedback.pm	2005/11/22 16:16:53	1.177
+++ loncom/interface/lonfeedback.pm	2006/02/09 22:11:54	1.180
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Feedback
 #
-# $Id: lonfeedback.pm,v 1.177 2005/11/22 16:16:53 albertel Exp $
+# $Id: lonfeedback.pm,v 1.180 2006/02/09 22:11:54 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -906,16 +906,16 @@ sub build_posting_display {
                             } else {
                                 @{$$namesort{$lastname}{$firstname}} = ("$idx");
                             }
-                            if ($env{'course.'.$env{'request.course.id'}.'.allow_discussion_post_editing'} =~ m/yes/i) {
+                            if (&editing_allowed()) {
                                 if (($env{'user.domain'} eq $contrib{$idx.':senderdomain'}) && ($env{'user.name'} eq $contrib{$idx.':sendername'})) {
                                     $sender.=' <a href="/adm/feedback?editdisc='.
                                          $escsymb.':::'.$idx;
-                                    if ($newpostsflag) {
+                                    if ($$newpostsflag) {
                                         $sender .= '&previous='.$prevread;
                                     }
                                     $sender .= '" '.$target.'>'.&mt('Edit').'</a>';                                             
                                     unless ($seeid) {
-                                        $sender.=" <a href=\"javascript:studentdelete('$escsymb','$idx','$newpostsflag','$prevread')";
+                                        $sender.=" <a href=\"javascript:studentdelete('$escsymb','$idx','$$newpostsflag','$prevread')";
                                         $sender .= '">'.&mt('Delete').'</a>';
                                     }
                                 }
@@ -925,22 +925,22 @@ sub build_posting_display {
                                     unless ($studenthidden) {
 			                $sender.=' <a href="/adm/feedback?unhide='.
 				                $escsymb.':::'.$idx;
-                                        if ($newpostsflag) {
-                                             $sender .= '&previous='.$prevread;
+                                        if ($$newpostsflag) {
+                                            $sender .= '&previous='.$prevread;
                                         }
                                         $sender .= '">'.&mt('Make Visible').'</a>';
                                     }
 			        } else {
 				    $sender.=' <a href="/adm/feedback?hide='.
 				        $escsymb.':::'.$idx;
-                                    if ($newpostsflag) {
+                                    if ($$newpostsflag) {
                                         $sender .= '&previous='.$prevread;
                                     }
                                     $sender .= '">'.&mt('Hide').'</a>';
 			        }                     
 			        $sender.=' <a href="/adm/feedback?deldisc='.
 				        $escsymb.':::'.$idx;
-                                if ($newpostsflag) {
+                                if ($$newpostsflag) {
                                     $sender .= '&previous='.$prevread;
                                 }
                                 $sender .= '">'.&mt('Delete').'</a>';
@@ -976,8 +976,8 @@ sub build_posting_display {
 						 ($env{'request.course.sec'}?'/'.$env{'request.course.sec'}:''))) {
 			    $sender.=' <a href="/adm/feedback?replydisc='.
 			            $escsymb.':::'.$idx;
-                            if ($newpostsflag) {
-                                    $sender .= '&previous='.$prevread;
+                            if ($$newpostsflag) {
+                                $sender .= '&previous='.$prevread;
                             }
                             $sender .= '" '.$target.'>'.&mt('Reply').'</a>';
                         }
@@ -2992,7 +2992,15 @@ sub handler {
 
   &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
          ['hide','unhide','deldisc','postdata','preview','replydisc','editdisc','cmd','symb','onlyunread','allposts','onlyunmark','previous','markread','markonread','markondisp','toggoff','toggon','modifydisp','changes','navtime','navmaps','navurl','sortposts','applysort','rolefilter','statusfilter','sectionpick','posterlist','userpick','attach','origpage','currnewattach','deloldattach','keepold','allversions','export']);
-
+  if ($env{'form.editdisc'}) {
+      if (!(&editing_allowed())) {
+          my $symb=(split(/\:\:\:/,$env{'form.editdisc'}))[0];
+          my ($map,$id,$url)=&Apache::lonnet::decode_symb($symb);
+          my $feedurl=&Apache::lonnet::clutter($url);
+          &redirect_back($r,$feedurl,&mt('Editing not permitted').'<br />',                     '0','0','','',$env{'form.previous'},'','','',);
+          return OK;
+      }
+  } 
   if ($env{'form.discsymb'}) {
       my ($symb,$feedurl) = &get_feedurl_and_clean_symb($env{'form.discsymb'});
       my $readkey = $symb.'_read';
@@ -3187,6 +3195,18 @@ ENDREDIR
       my ($symb,$idx)=split(/\:\:\:/,$entry);
       ($symb,my $feedurl)=&get_feedurl_and_clean_symb($symb);
 
+      my $crs='/'.$env{'request.course.id'};
+      if ($env{'request.course.sec'}) {
+          $crs.='_'.$env{'request.course.sec'};
+      }
+      $crs=~s/\_/\//g;
+      my $seeid=&Apache::lonnet::allowed('rin',$crs);
+
+      if ($env{'form.hide'} && !$seeid && !(&editing_allowed())) {
+          &redirect_back($r,$feedurl,&mt('Deletion not permitted').'<br />',                 '0','0','','',$env{'form.previous'},'','','',);
+          return OK;
+      }
+
       my %contrib=&Apache::lonnet::restore($symb,$env{'request.course.id'},
                           $env{'course.'.$env{'request.course.id'}.'.domain'},
 		          $env{'course.'.$env{'request.course.id'}.'.num'});
@@ -3194,13 +3214,6 @@ ENDREDIR
       my $currenthidden=$contrib{'hidden'};
       my $currentstudenthidden=$contrib{'studenthidden'};
 
-      my $crs='/'.$env{'request.course.id'};
-      if ($env{'request.course.sec'}) {
-	  $crs.='_'.$env{'request.course.sec'};
-      }
-      $crs=~s/\_/\//g;
-      my $seeid=&Apache::lonnet::allowed('rin',$crs);
-
       if ($env{'form.hide'}) {
 	  $currenthidden.='.'.$idx.'.';
 	  unless ($seeid) {
@@ -3347,6 +3360,7 @@ ENDREDIR
 	  $r->send_http_header;
 # Unable to give feedback
 	  &no_redirect_back($r,$feedurl);
+	  return OK;
       }
 # --------------------------------------------------- Print login screen header
       unless ($env{'form.sendit'}) {
@@ -3476,5 +3490,39 @@ sub get_feedurl_and_clean_symb {
     my $feedurl = &get_feedurl($symb);
     return ($symb,$feedurl);
 }
+
+sub editing_allowed {
+    my $can_edit = 0;
+    my $cid = $env{'request.course.id'};
+    my $role = (split(/\./,$env{'request.role'}))[0];
+    my $section = $env{'request.course.sec'};
+    my $allow_editing_config = $env{'course.'.$env{'request.course.id'}.
+                               '.allow_discussion_post_editing'};
+    if ($allow_editing_config =~ m/^\s*yes\s*$/i) {
+        $can_edit = 1;
+    } else {
+        my @editor_roles = split(/,/,$allow_editing_config);
+        if (@editor_roles > 0) {
+            foreach my $editor (@editor_roles) {
+                my ($editor_role,$editor_sec) = split(/:/,$editor);
+                if ($editor_role eq $role) {
+                    if (defined($editor_sec)) {
+                        if (defined($section)) {
+                            if ($editor_sec eq $section) {
+                                $can_edit = 1;
+                                last;
+                            }
+                        }
+                    } else {
+                        $can_edit = 1;
+                        last;
+                    }
+                }
+            }
+        }
+    }
+    return $can_edit;
+}
+
 1;
 __END__