File:
[LON-CAPA] /
loncom /
interface /
lontiny.pm
Revision
1.7:
download - view:
text,
annotated -
select for diffs
Tue Aug 10 15:28:14 2021 UTC (3 years, 1 month ago) by
raeburn
Branches:
MAIN
CVS tags:
HEAD
- Bug 6907
- Deep-linking when user has an existing LON-CAPA session, need to support
case where role change is not needed, but course session update needed to
enforce link protection (lti-based or key-based access control).
1: # The LearningOnline Network with CAPA
2: # Extract domain, courseID, and symb from a shortened URL,
3: # and switch role to a role in designated course.
4: #
5: # $Id: lontiny.pm,v 1.7 2021/08/10 15:28:14 raeburn Exp $
6: #
7: # Copyright Michigan State University Board of Trustees
8: #
9: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
10: #
11: # LON-CAPA is free software; you can redistribute it and/or modify
12: # it under the terms of the GNU General Public License as published by
13: # the Free Software Foundation; either version 2 of the License, or
14: # (at your option) any later version.
15: #
16: # LON-CAPA is distributed in the hope that it will be useful,
17: # but WITHOUT ANY WARRANTY; without even the implied warranty of
18: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19: # GNU General Public License for more details.
20: #
21: # You should have received a copy of the GNU General Public License
22: # along with LON-CAPA; if not, write to the Free Software
23: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24: #
25: # /home/httpd/html/adm/gpl.txt
26: #
27: # http://www.lon-capa.org/
28: #
29:
30: package Apache::lontiny;
31:
32: use strict;
33: use Apache::Constants qw(:common :http);
34: use Apache::lonnet;
35: use Apache::loncommon;
36: use Apache::lonhtmlcommon;
37: use Apache::lonroles;
38: use Apache::lonuserstate;
39: use Apache::lonnavmaps;
40: use Apache::lonlocal;
41: use LONCAPA qw(:DEFAULT :match);
42:
43: sub handler {
44: my $r = shift;
45: my %user;
46: my $handle = &Apache::lonnet::check_for_valid_session($r,undef,\%user);
47: if ($handle ne '') {
48: my $lonidsdir=$r->dir_config('lonIDsDir');
49: &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
50: if ($r->uri =~ m{^/tiny/($match_domain)/(\w+)$}) {
51: my ($cdom,$key) = ($1,$2);
52: if (&Apache::lonnet::domain($cdom) ne '') {
53: my $configuname = &Apache::lonnet::get_domainconfiguser($cdom);
54: my $tinyurl;
55: my ($result,$cached)=&Apache::lonnet::is_cached_new('tiny',$cdom."\0".$key);
56: if (defined($cached)) {
57: $tinyurl = $result;
58: } else {
59: my %currtiny = &Apache::lonnet::get('tiny',[$key],$cdom,$configuname);
60: if ($currtiny{$key} ne '') {
61: $tinyurl = $currtiny{$key};
62: &Apache::lonnet::do_cache_new('tiny',$cdom."\0".$key,$currtiny{$key},600);
63: }
64: }
65: if ($tinyurl) {
66: my ($cnum,$symb) = split(/\&/,$tinyurl);
67: if ($cnum =~ /^$match_courseid$/) {
68: my $chome = &Apache::lonnet::homeserver($cnum,$cdom);
69: if ($chome ne 'no_host') {
70: # Check for ltoken or linkkey
71: my $newlauncher = &launch_check($r->uri,$symb,$cnum,$cdom);
72: if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
73: my ($map,$resid,$url) = &Apache::lonnet::decode_symb($symb);
74: if (&Apache::lonnet::is_on_map($url)) {
75: my $realuri;
76: if ((&Apache::lonnet::EXT('resource.0.hiddenresource',$symb) =~ /^yes$/i) &&
77: (!$env{'request.role.adv'})) {
78: $env{'user.error.msg'}=$r->uri.':bre:1:1:Access to resource denied';
79: return HTTP_NOT_ACCEPTABLE;
80: }
81: if ((&Apache::lonnet::EXT('resource.0.encrypturl',$symb) =~ /^yes$/i) &&
82: (!$env{'request.role.adv'})) {
83: $realuri = &Apache::lonenc::encrypted(&Apache::lonnet::clutter($url));
84: if (($url =~ /\.sequence$/) &&
85: ($env{'course.'.$env{'request.course.id'}.'.type'} ne 'Placement')) {
86: $realuri .= '?navmap=1';
87: } else {
88: $realuri .= '?symb='.&Apache::lonenc::encrypted($symb);
89: }
90: } else {
91: $realuri = &Apache::lonnet::clutter($url);
92: if (($url =~ /\.sequence$/) &&
93: ($env{'course.'.$env{'request.course.id'}.'.type'} ne 'Placement')) {
94: $realuri .= '?navmap=1';
95: } else {
96: $realuri .= '?symb='.$symb;
97: }
98: }
99: my $update;
100: # Check if course needs to be re-initialized
101: if ($newlauncher) {
102: $update = 1;
103: } else {
104: my $loncaparev = $r->dir_config('lonVersion');
105: my ($result,@reinit) = &Apache::loncommon::needs_coursereinit($loncaparev);
106: if ($result eq 'update') {
107: $update = 1;
108: } elsif (!-e $env{'request.course.fn'}.'.db') {
109: $update = 1;
110: } elsif (!$env{'request.role.adv'}) {
111: my $navmap = Apache::lonnavmaps::navmap->new();
112: if (ref($navmap)) {
113: my $res = $navmap->getBySymb($symb);
114: if (ref($res)) {
115: my ($enc_in_bighash,$enc_in_parm);
116: $enc_in_bighash = $res->encrypted();
117: if (&Apache::lonnet::EXT('resource.0.encrypturl',$symb) =~ /^yes$/i) {
118: $enc_in_parm = 1;
119: }
120: if ($enc_in_bighash ne $enc_in_parm) {
121: $update = 1;
122: }
123: }
124: }
125: }
126: }
127: if ($update) {
128: my ($furl,$ferr)=
129: &Apache::lonuserstate::readmap($cdom.'/'.$cnum);
130: if ($ferr) {
131: $env{'user.error.msg'}=$r->uri.':bre:0:0:Course not initialized';
132: $env{'user.reinit'} = 1;
133: return HTTP_NOT_ACCEPTABLE;
134: }
135: }
136: my $host = $r->headers_in->get('Host');
137: if (!$host) {
138: $r->internal_redirect($realuri);
139: return OK;
140: } else {
141: my $protocol = 'http';
142: if ($r->get_server_port == 443) {
143: $protocol = 'https';
144: }
145: my $location = $protocol.'://'.$host.$realuri;
146: $r->headers_out->set(Location => $location);
147: return REDIRECT;
148: }
149: }
150: } else {
151: my %crsenv = &Apache::lonnet::coursedescription("$cdom/$cnum");
152: my @possroles = ('in','ta','ep','st','cr','ad');
153: if ($crsenv{'type'} eq 'Community') {
154: unshift(@possroles,'co');
155: } else {
156: unshift(@possroles,'cc');
157: }
158: my %roleshash = &Apache::lonnet::get_my_roles($env{'user.uname'},
159: $env{'user.domain'},
160: 'userroles',undef,
161: \@possroles,[$cdom],1);
162: my (%possroles,$hassection);
163: if (keys(%roleshash)) {
164: foreach my $entry (keys(%roleshash)) {
165: if ($entry =~ /^\Q$cnum:$cdom:\E([^:]+):([^:]*)$/) {
166: $possroles{$1} = $2;
167: if ($2 ne '') {
168: $hassection = 1;
169: }
170: }
171: }
172: }
173: my @allposs = keys(%possroles);
174: if ($env{'request.lti.login'}) {
175: &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'});
176: if ($env{'request.lti.target'} eq '') {
177: if ($env{'form.ltitarget'} eq 'iframe') {
178: &Apache::lonnet::appenv({'request.lti.target' => 'iframe'});
179: delete($env{'form.ltitarget'});
180: }
181: }
182: if ($env{'form.selectrole'}) {
183: foreach my $role (@allposs) {
184: my $newrole = "$role./$cdom/$cnum";
185: if ($possroles{$allposs[0]} ne '') {
186: $newrole .= "/$possroles{$role}";
187: }
188: if ($env{"form.$newrole"}) {
189: my $destination .= '/adm/roles?selectrole=1&'.$newrole.'=1'.
190: '&destinationurl='.&HTML::Entities::encode($r->uri);
191: if ($env{'form.ltitarget'} eq 'iframe') {
192: $destination .= '<itarget=iframe';
193: }
194: &do_redirect($r,$destination);
195: return OK;
196: }
197: }
198: }
199: }
200: if (@allposs == 0) {
201: &show_roles($r,\%crsenv,\%possroles);
202: } elsif (@allposs == 1) {
203: my $newrole = "$allposs[0]./$cdom/$cnum";
204: $newrole = "$allposs[0]./$cdom/$cnum";
205: if ($possroles{$allposs[0]} ne '') {
206: $newrole .= "/$possroles{$allposs[0]}";
207: }
208: my $destination .= '/adm/roles?selectrole=1&'.$newrole.'=1'.
209: '&destinationurl='.&HTML::Entities::encode($r->uri);
210: &do_redirect($r,$destination);
211: } elsif (keys(%possroles) > 1) {
212: if (grep(/^(cc|co)$/,@allposs)) {
213: my $newrole;
214: if (exists($possroles{'cc'})) {
215: $newrole = 'cc';
216: } else {
217: $newrole = 'co';
218: }
219: $newrole .= "./$cdom/$cnum";
220: my $destination .= '/adm/roles?selectrole=1&'.$newrole.'=1'.
221: '&destinationurl='.&HTML::Entities::encode($r->uri);
222: &do_redirect($r,$destination);
223: } else {
224: my $hascustom;
225: if (grep(/^cr\//,@allposs)) {
226: $hascustom = 1;
227: }
228: &show_roles($r,\%crsenv,\%possroles,$hassection,$hascustom);
229: }
230: }
231: return OK;
232: }
233: }
234: }
235: }
236: }
237: }
238: &generic_error($r);
239: return OK;
240: } else {
241: return FORBIDDEN;
242: }
243: }
244:
245: sub launch_check {
246: my ($linkuri,$symb,$cnum,$cdom) = @_;
247: &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['ltoken','linkkey']);
248: my ($linkprotector,$linkproturi,$linkkey,$newlauncher);
249: if ($env{'form.ltoken'}) {
250: my %link_info = &Apache::lonnet::tmpget($env{'form.ltoken'});
251: &Apache::lonnet::tmpdel($env{'form.ltoken'});
252: delete($env{'form.ltoken'});
253: if ($link_info{'linkprot'}) {
254: ($linkprotector,$linkproturi) = split(/:/,$link_info{'linkprot'},2);
255: if ($env{'user.linkprotector'}) {
256: my @protectors = split(/,/,$env{'user.linkprotector'});
257: unless (grep(/^\Q$linkprotector\E$/,@protectors)) {
258: push(@protectors,$linkprotector);
259: @protectors = sort { $a <=> $b } @protectors;
260: &Apache::lonnet::appenv({'user.linkprotector' => join(',',@protectors)});
261: }
262: } else {
263: &Apache::lonnet::appenv({'user.linkprotector' => $linkprotector });
264: }
265: if ($env{'user.linkproturi'}) {
266: my @proturis = split(/,/,$env{'user.linkproturi'});
267: unless(grep(/^\Q$linkproturi\E$/,@proturis)) {
268: push(@proturis,$linkproturi);
269: @proturis = sort(@proturis);
270: &Apache::lonnet::appenv({'user.linkproturi' => join(',',@proturis)});
271: }
272: } else {
273: &Apache::lonnet::appenv({'user.linkproturi' => $linkproturi});
274: }
275: }
276: } elsif ($env{'form.linkkey'}) {
277: $linkkey = $env{'form.linkkey'};
278: my $keyedlinkuri = $linkuri;
279: if ($env{'user.deeplinkkey'}) {
280: my @linkkeys = split(/,/,$env{'user.deeplinkkey'});
281: unless (grep(/^\Q$linkkey\E$/,@linkkeys)) {
282: push(@linkkeys,$linkkey);
283: &Apache::lonnet::appenv({'user.deeplinkkey' => join(',',sort(@linkkeys))});
284: }
285: } else {
286: &Apache::lonnet::appenv({'user.deeplinkkey' => $linkkey});
287: }
288: if ($env{'user.keyedlinkuri'}) {
289: my @keyeduris = split(/,/,$env{'user.keyedlinkuri'});
290: unless (grep(/^\Q$keyedlinkuri\E$/,@keyeduris)) {
291: push(@keyeduris,$keyedlinkuri);
292: &Apache::lonnet::appenv({'user.keyedlinkuri' => join(',',sort(@keyeduris))});
293: }
294: } else {
295: &Apache::lonnet::appenv({'user.keyedlinkuri' => $keyedlinkuri});
296: }
297: delete($env{'form.linkkey'});
298: }
299: if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
300: my $currdeeplinklogin = $env{'request.deeplink.login'};
301: if ($linkprotector || $linkkey) {
302: my $deeplink;
303: if ($symb =~ /\.(page|sequence)$/) {
304: my $mapname = &Apache::lonnet::deversion((&Apache::lonnet::decode_symb($symb))[2]);
305: my $navmap = Apache::lonnavmaps::navmap->new();
306: if (ref($navmap)) {
307: $deeplink = $navmap->get_mapparam(undef,$mapname,'0.deeplink');
308: }
309: } else {
310: $deeplink = &Apache::lonnet::EXT('resource.0.deeplink',$symb);
311: }
312: if ($deeplink ne '') {
313: my $disallow;
314: my ($state,$others,$listed,$scope,$protect) = split(/,/,$deeplink);
315: if (($protect ne 'none') && ($protect ne '')) {
316: my ($acctype,$item) = split(/:/,$protect);
317: if ($acctype =~ /lti(c|d)$/) {
318: unless ($linkprotector.':'.$linkproturi eq $item.$1.':'.$linkuri) {
319: $disallow = 1;
320: }
321: } elsif ($acctype eq 'key') {
322: unless ($linkkey eq $item) {
323: $disallow = 1;
324: }
325: }
326: }
327: if ($disallow) {
328: if ($currdeeplinklogin eq $linkuri) {
329: &Apache::lonnet::delenv('request.deeplink.login');
330: }
331: } else {
332: unless ($currdeeplinklogin eq $linkuri) {
333: if ($linkprotector) {
334: &Apache::lonnet::appenv({'request.linkprot' => $linkprotector.':'.$linkproturi});
335: } elsif ($linkkey) {
336: &Apache::lonnet::appenv({'request.linkkey' => $linkkey});
337: }
338: $newlauncher = 1;
339: }
340: &Apache::lonnet::appenv({'request.deeplink.login' => $linkuri});
341: }
342: }
343: } else {
344: &Apache::lonnet::appenv({'request.deeplink.login' => $linkuri});
345: }
346: } else {
347: &Apache::lonnet::appenv({'request.deeplink.login' => $linkuri});
348: if ($linkprotector) {
349: &Apache::lonnet::appenv({'request.linkprot' => $linkprotector.':'.$linkproturi});
350: } elsif ($linkkey) {
351: &Apache::lonnet::appenv({'request.linkkey' => $linkkey});
352: }
353: }
354: return $newlauncher;
355: }
356:
357: sub do_redirect {
358: my ($r,$destination) = @_;
359: my $windowname = 'loncapaclient';
360: if ($env{'request.lti.login'}) {
361: $windowname .= 'lti';
362: }
363: my $header = '<meta HTTP-EQUIV="Refresh" CONTENT="0; url='.$destination.'" />';
364: my $args = {'bread_crumbs' => [{'href' => '','text' => 'Role initialization'},],};
365: &Apache::loncommon::content_type($r,'text/html');
366: $r->send_http_header;
367: $r->print(&Apache::loncommon::start_page('Valid link',$header,$args).
368: &Apache::lonhtmlcommon::scripttag('self.name="'.$windowname.'";').
369: '<h1>'.&mt('Welcome').'</h1>'.
370: '<p>'.&mt('Welcome to the Learning[_1]Online[_2] Network with CAPA. Please wait while your session is being set up.','<i>','</i>').'</p><p>'.
371: '<a href="'.$destination.'">'.&mt('Continue').'</a></p>'.
372: &Apache::loncommon::end_page());
373: return;
374: }
375:
376: sub show_roles {
377: my ($r,$crsenv,$possroles,$hassection,$hascustom) = @_;
378: &Apache::loncommon::content_type($r,'text/html');
379: $r->send_http_header;
380: my ($crsdesc,$crstype,$cdom,$cnum,$header,$title,$preamble,$datatable,$js,$args);
381: if (ref($crsenv) eq 'HASH') {
382: $crsdesc = $crsenv->{'description'};
383: $crstype = $crsenv->{'type'};
384: $cdom = $crsenv->{'domain'};
385: $cnum = $crsenv->{'num'};
386: }
387: if ($crstype eq '') {
388: $crstype = 'Course';
389: }
390: my $lc_crstype = lc($crstype);
391: if ($crsdesc ne '') {
392: $header = &mt("The page you requested belongs to the following $lc_crstype: [_1]",
393: '<i>'.$crsdesc.'</i>');
394: }
395: if (ref($possroles) eq 'HASH') {
396: if (keys(%{$possroles}) > 0) {
397: $args = {'bread_crumbs' => [{'href' => '','text' => "Choose role in $lc_crstype"},],};
398: $title = 'Choose a role'; #Do not localize.
399: if ($crstype eq 'Community') {
400: $preamble = &mt('You have the following active roles in this community:');
401: } else {
402: $preamble = &mt('You have the following active roles in this course:');
403: }
404: $datatable = '<form name="" action="/adm/roles">'.
405: '<input type="hidden" name="newrole" value="" />'.
406: '<input type="hidden" name="selectrole" value="1" />'.
407: '<input type="hidden" name="destinationurl" value="'.$r->uri.'" />'.
408: &Apache::loncommon::start_data_table().
409: &Apache::loncommon::start_data_table_header_row().
410: '<th></th><th>'.&mt('User role').'</th>';
411: if ($hassection) {
412: $datatable .= '<th>'.&mt('Section').'</th>';
413: }
414: if ($hascustom) {
415: $datatable .= '<th>'.&mt('Information').'</th>';
416: }
417: $datatable .= &Apache::loncommon::end_data_table_header_row();
418: my @available = sort(keys(%{$possroles}));
419: foreach my $role ('ad','in','ta','ep','st','cr') {
420: foreach my $key (@available) {
421: if ($key =~ m{^$role($|/)}) {
422: my $trolecode = "$key./$cdom/$cnum";
423: my $rolename = &Apache::lonnet::plaintext($key,$crstype,$cdom.'_'.$cnum);
424: my $sec = $possroles->{$key};
425: if ($sec ne '') {
426: $trolecode .= '/'.$sec;
427: }
428: my $buttonname=$trolecode;
429: $buttonname=~s/\W//g;
430: $datatable .= &Apache::loncommon::start_data_table_row().
431: '<td><input name="'.$buttonname.'" type="button" value="'.
432: &mt('Select').'" onclick="javascript:enterrole(this.form,'.
433: "'$trolecode','$buttonname'".');" /></td>';
434: if ($key =~ /^cr\//) {
435: my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$key);
436: $datatable .= '<td><span class="LC_nobreak">'.$rolename.'</span></td>';
437: if ($hassection) {
438: $datatable .= '<td>'.$sec.'</td>';
439: }
440: $datatable.= '<td><span class="LC_fontsize_small LC_cusr_emph">'.
441: &mt('Custom role defined by [_1]',$rauthor.':'.$rdomain).
442: '</td>';
443: } else {
444: if ($hassection) {
445: $datatable .= '<td>'.$rolename.'</td>';
446: if ($hascustom) {
447: $datatable .= '<td colspan="2">'.$sec.'</td>';
448: } else {
449: $datatable .= '<td>'.$sec.'</td>';
450: }
451: } elsif ($hascustom) {
452: $datatable .= '<td colspan="2">'.$rolename.'</td>';
453: } else {
454: $datatable .= '<td>'.$rolename.'</td>';
455: }
456: }
457: $datatable .= &Apache::loncommon::end_data_table_row();
458: }
459: }
460: }
461: $datatable .= &Apache::loncommon::end_data_table().
462: '</form>';
463: my $standby = &mt('Role selected. Please stand by.');
464: $js = <<"ENDJS";
465: <script type="text/javascript">
466: // <![CDATA[
467:
468: active=true;
469:
470: function enterrole (thisform,rolecode,buttonname) {
471: if (active) {
472: active=false;
473: document.title='$standby';
474: window.status='$standby';
475: thisform.newrole.value=rolecode;
476: thisform.submit();
477: } else {
478: alert('$standby');
479: }
480: }
481:
482: // ]]>
483: </script>
484: ENDJS
485: } else {
486: $title = 'No active role';
487: $preamble = &mt("You have no active roles in this $lc_crstype so the page is currently unavailable to you.");
488: $args = {'bread_crumbs' => [{'href' => '','text' => 'Role status'},],};
489: }
490: }
491: &Apache::loncommon::content_type($r,'text/html');
492: $r->send_http_header;
493: $r->print(&Apache::loncommon::start_page($title,$js,$args).
494: '<h3>'.$header.'</h3>'.
495: '<div>'.$preamble.'</div>'.
496: $datatable.
497: &Apache::loncommon::end_page());
498: return;
499: }
500:
501: sub generic_error {
502: my ($r) = @_;
503: my $continuelink;
504: unless ($env{'request.lti.login'}) {
505: my $linktext;
506: if ($env{'user.adv'}) {
507: $linktext = &mt('Continue to your roles page');
508: } else {
509: $linktext = &mt('Continue to your courses page');
510: }
511: $continuelink='<a href="/adm/roles">'.$linktext.'</a>';
512: }
513: my $msg = &mt('The page you requested does not exist.');
514: &Apache::loncommon::content_type($r,'text/html');
515: $r->send_http_header;
516: my $args = {'bread_crumbs' => [{'href' => '','text' => 'Link status'},],};
517: $r->print(&Apache::loncommon::start_page('Invalid URL',undef,$args).
518: '<div class="LC_error">'.$msg.'</div>'.
519: '<p>'.$continuelink.'</p>'.
520: &Apache::loncommon::end_page());
521: return;
522: }
523:
524: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>