--- loncom/interface/lonuserutils.pm 2019/08/22 19:31:20 1.184.4.4
+++ loncom/interface/lonuserutils.pm 2021/08/24 00:22:59 1.184.4.10
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Utility functions for managing LON-CAPA user accounts
#
-# $Id: lonuserutils.pm,v 1.184.4.4 2019/08/22 19:31:20 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.184.4.10 2021/08/24 00:22:59 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -543,13 +543,15 @@ END
case 'krb':
alertmsg = '$alert{'krb'}';
break;
- case 'loc':
case 'int':
alertmsg = '$alert{'ipass'}';
break;
case 'fsys':
alertmsg = '$alert{'ipass'}';
break;
+ case 'loc':
+ alertmsg = '';
+ break;
default:
alertmsg = '';
}
@@ -655,10 +657,12 @@ sub passwd_validation_js {
my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
my ($min,$max,@chars,$numrules,$intargjs,%alert);
$numrules = 0;
+ $min = $Apache::lonnet::passwdmin;
if (ref($passwdconf{'chars'}) eq 'ARRAY') {
if ($passwdconf{'min'} =~ /^\d+$/) {
- $min = $passwdconf{'min'};
- $numrules ++;
+ if ($passwdconf{'min'} > $min) {
+ $min = $passwdconf{'min'};
+ }
}
if ($passwdconf{'max'} =~ /^\d+$/) {
$max = $passwdconf{'max'};
@@ -668,11 +672,11 @@ sub passwd_validation_js {
if (@chars) {
$numrules ++;
}
- } else {
- $min = 7;
+ }
+ if ($min > 0) {
$numrules ++;
}
- if (($min ne '') || ($max ne '') || (@chars > 0)) {
+ if (($min > 0) || ($max ne '') || (@chars > 0)) {
my $alertmsg = &mt('Initial password did not satisfy requirement(s):').'\n\n';
if ($min) {
$alert{'min'} = &mt('minimum [quant,_1,character]',$min).'\n';
@@ -3659,6 +3663,8 @@ END
setSections(formname,'$crstype');
if (seccheck == 'ok') {
opener.document.$callingform.newsecs.value = formname.sections.value;
+ } else {
+ return;
}
END
} else {
@@ -4931,6 +4937,16 @@ sub upfile_drop_add {
my (%userres,%authres,%roleres,%idres);
my $singlesec = '';
if ($role eq 'st') {
+ if (($context eq 'domain') && ($changeauth eq 'Yes') && (!$newuser)) {
+ if ((&Apache::lonnet::allowed('mau',$userdomain)) &&
+ (&Apache::lonnet::homeserver($username,$userdomain) ne 'no_host')) {
+ if ((($amode =~ /^krb4|krb5|internal$/) && $password ne '') ||
+ ($amode eq 'localauth')) {
+ $authresult =
+ &Apache::lonnet::modifyuserauth($userdomain,$username,$amode,$password);
+ }
+ }
+ }
my $sec;
if (ref($userinfo{$i}{'sections'}) eq 'ARRAY') {
if (@secs > 0) {
@@ -4972,16 +4988,16 @@ sub upfile_drop_add {
}
}
}
- if (!$multiple) {
- ($userresult,$authresult,$roleresult,$idresult) =
- &modifyuserrole($context,$setting,
- $changeauth,$cid,$userdomain,$username,
- $id,$amode,$password,$fname,
- $mname,$lname,$gen,$singlesec,
- $env{'form.forceid'},$desiredhost,
- $email,$role,$enddate,$startdate,
- $checkid,$inststatus);
- }
+ }
+ if (!$multiple) {
+ ($userresult,$authresult,$roleresult,$idresult) =
+ &modifyuserrole($context,$setting,
+ $changeauth,$cid,$userdomain,$username,
+ $id,$amode,$password,$fname,
+ $mname,$lname,$gen,$singlesec,
+ $env{'form.forceid'},$desiredhost,
+ $email,$role,$enddate,$startdate,
+ $checkid,$inststatus);
}
}
if ($multiple) {
@@ -5101,7 +5117,11 @@ sub passwdrule_alerts {
my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
$warning = ''.&mt('Password requirement(s) unmet for one or more users:').'';
if ($showrules{'min'}) {
- $warning .= '- '.&mt('minimum [quant,_1,character]',$passwdconf{'min'}).'
';
+ my $min = $passwdconf{'min'};
+ if ($min eq '') {
+ $min = $Apache::lonnet::passwdmin;
+ }
+ $warning .= '- '.&mt('minimum [quant,_1,character]',$min).'
';
}
if ($showrules{'max'}) {
$warning .= '- '.&mt('maximum [quant,_1,character]',$passwdconf{'max'}).'
';
@@ -5993,6 +6013,70 @@ sub can_modify_userinfo {
return %canmodify;
}
+sub can_change_internalpass {
+ my ($uname,$udom,$crstype,$permission) = @_;
+ my $canchange;
+ if (&Apache::lonnet::allowed('mau',$udom)) {
+ $canchange = 1;
+ } elsif ((ref($permission) eq 'HASH') && ($permission->{'mip'}) &&
+ ($udom eq $env{'request.role.domain'})) {
+ unless ($env{'course.'.$env{'request.course.id'}.'.internal.nopasswdchg'}) {
+ my ($cnum,$cdom) = &get_course_identity();
+ if ((&Apache::lonnet::is_course_owner($cdom,$cnum)) && ($udom eq $env{'user.domain'})) {
+ my @userstatuses = ('default');
+ my %userenv = &Apache::lonnet::userenvironment($udom,$uname,'inststatus');
+ if ($userenv{'inststatus'} ne '') {
+ @userstatuses = split(/:/,$userenv{'inststatus'});
+ }
+ my $noupdate = 1;
+ my %passwdconf = &Apache::lonnet::get_passwdconf($cdom);
+ if (ref($passwdconf{'crsownerchg'}) eq 'HASH') {
+ if (ref($passwdconf{'crsownerchg'}{'for'}) eq 'ARRAY') {
+ foreach my $status (@userstatuses) {
+ if (grep(/^\Q$status\E$/,@{$passwdconf{'crsownerchg'}{'for'}})) {
+ undef($noupdate);
+ last;
+ }
+ }
+ }
+ }
+ if ($noupdate) {
+ return;
+ }
+ my %owned = &Apache::lonnet::courseiddump($cdom,'.',1,'.',
+ $env{'user.name'}.':'.$env{'user.domain'},
+ undef,undef,undef,'.');
+ my %roleshash = &Apache::lonnet::get_my_roles($uname,$udom,'userroles',
+ ['active','future']);
+ foreach my $key (keys(%roleshash)) {
+ my ($name,$domain,$role) = split(/:/,$key);
+ if ($role eq 'st') {
+ next if (($name eq $cnum) && ($domain eq $cdom));
+ if ($owned{$domain.'_'.$name}) {
+ if (ref($owned{$domain.'_'.$name}) eq 'HASH') {
+ if ($owned{$domain.'_'.$name}{'nopasswdchg'}) {
+ $noupdate = 1;
+ last;
+ }
+ }
+ } else {
+ $noupdate = 1;
+ last;
+ }
+ } else {
+ $noupdate = 1;
+ last;
+ }
+ }
+ unless ($noupdate) {
+ $canchange = 1;
+ }
+ }
+ }
+ }
+ return $canchange;
+}
+
sub check_usertype {
my ($dom,$uname,$rules,$curr_rules,$got_rules) = @_;
my $usertype;
@@ -6115,10 +6199,16 @@ sub get_permission {
}
}
if ($env{'request.course.id'}) {
- my $user = $env{'user.name'}.':'.$env{'user.domain'};
+ my $user;
+ if (($env{'user.name'} ne '') && ($env{'user.domain'} ne '')) {
+ $user = $env{'user.name'}.':'.$env{'user.domain'};
+ }
if (($user ne '') && ($env{'course.'.$env{'request.course.id'}.'.internal.courseowner'} eq
$user)) {
$permission{'owner'} = 1;
+ if (&Apache::lonnet::allowed('mip',$env{'request.course.id'})) {
+ $permission{'mip'} = 1;
+ }
} elsif (($user ne '') && ($env{'course.'.$env{'request.course.id'}.'.internal.co-owners'} ne '')) {
if (grep(/^\Q$user\E$/,split(/,/,$env{'course.'.$env{'request.course.id'}.'.internal.co-owners'}))) {
$permission{'co-owner'} = 1;