--- loncom/interface/lonuserutils.pm 2010/09/19 20:18:57 1.123 +++ loncom/interface/lonuserutils.pm 2010/11/15 18:06:15 1.133 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Utility functions for managing LON-CAPA user accounts # -# $Id: lonuserutils.pm,v 1.123 2010/09/19 20:18:57 raeburn Exp $ +# $Id: lonuserutils.pm,v 1.133 2010/11/15 18:06:15 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -47,7 +47,8 @@ sub modifystudent { # this one. If $csec is defined, drop them from all other sections of # this course and add them to section $csec my ($cnum,$cdom) = &get_course_identity($courseid); - my %roles = &Apache::lonnet::dump('roles',$udom,$unam); + my $extra = &Apache::lonnet::freeze_escape({'skipcheck' => 1}); + my %roles = &Apache::lonnet::dump('roles',$udom,$unam,'.',undef,$extra); my ($tmp) = keys(%roles); # Bail out if we were unable to get the students roles return "$1" if ($tmp =~ /^(con_lost|error|no_such_host)/i); @@ -533,6 +534,7 @@ END if (message!='') { message+='\\n'; } + message+='$alert{'section'}'; } if (foundemail==0) { if (message!='') { @@ -587,28 +589,43 @@ END ############################################################### sub upload_manager_javascript_forward_associate { my ($can_assign) = @_; - my $auth_update; + my ($auth_update,$numbuttons,$argreset); if (ref($can_assign) eq 'HASH') { - if (keys(%{$can_assign}) > 1) { + if ($can_assign->{'krb4'} || $can_assign->{'krb5'}) { + $argreset .= " vf.krbarg.value='';\n"; + $numbuttons ++ ; + } + if ($can_assign->{'int'}) { + $argreset .= " vf.intarg.value='';\n"; + $numbuttons ++; + } + if ($can_assign->{'loc'}) { + $argreset .= " vf.locarg.value='';\n"; + $numbuttons ++; + } + if (!$can_assign->{'int'}) { + my $warning = &mt('You may not specify an initial password for each user, as this is only available when new users use LON-CAPA internal authentication.\n'). + &mt('Your current role does not have rights to create users with that authentication type.'); + $auth_update = <<"END"; + // Currently the initial password field is only supported for internal auth + // (see bug 6368). + if (nw==9) { + eval('vf.f'+tf+'.selectedIndex=0;') + alert('$warning'); + } +END + } elsif ($numbuttons > 1) { $auth_update = <<"END"; // If we set the password, make the password form below correspond to // the new value. if (nw==9) { changed_radio('int',document.studentform); set_auth_radio_buttons('int',document.studentform); +$argreset + } + END } - if ($can_assign->{'krb4'} || $can_assign->{'krb5'}) { - $auth_update .= " vf.krbarg.value='';\n"; - } - if ($can_assign->{'int'}) { - $auth_update .= " vf.intarg.value='';\n"; - } - if ($can_assign->{'loc'}) { - $auth_update .= " vf.locarg.value='';\n"; - } - $auth_update .= " - }\n"; } return(< 1) { + if ($can_assign->{'krb4'} || $can_assign->{'krb5'}) { + $argreset .= " vf.krbarg.value='';\n"; + $numbuttons ++ ; + } + if ($can_assign->{'int'}) { + $argreset .= " vf.intarg.value='';\n"; + $numbuttons ++; + } + if ($can_assign->{'loc'}) { + $argreset .= " vf.locarg.value='';\n"; + $numbuttons ++; + } + if (!$can_assign->{'int'}) { + my $warning = &mt('You may not specify an initial password, as this is only available when new users use LON-CAPA internal authentication.\n'). + &mt('Your current role does not have rights to create users with that authentication type.'); + $auth_update = <<"END"; + // Currently the initial password field is only supported for internal auth + // (see bug 6368). + if (tf==8 && nw!=0) { + eval('vf.f'+tf+'.selectedIndex=0;') + alert('$warning'); + } +END + } elsif ($numbuttons > 1) { $auth_update = <<"END"; // initial password specified, pick internal authentication if (tf==8 && nw!=0) { changed_radio('int',document.studentform); set_auth_radio_buttons('int',document.studentform); +$argreset + } + END } - if ($can_assign->{'krb'}) { - $auth_update .= " vf.krbarg.value='';\n"; - } - if ($can_assign->{'int'}) { - $auth_update .= " vf.intarg.value='';\n"; - } - if ($can_assign->{'loc'}) { - $auth_update .= " vf.locarg.value='';\n"; - } - $auth_update .= " - }\n"; } + return(<print($groupwarn.'
'); } } - my (%curr_rules,%got_rules,%alerts); + my (%curr_rules,%got_rules,%alerts,%cancreate); my %customroles = &my_custom_roles($crstype); my @permitted_roles = - &roles_on_upload($context,$setting,$crstype,%customroles); + &roles_on_upload($context,$setting,$crstype,%customroles); + my %longtypes = &Apache::lonlocal::texthash( + official => 'Institutional', + unofficial => 'Non-institutional', + ); + map { $cancreate{$_} = &can_create_user($domain,$context,$_); } keys(%longtypes); # Get new users list foreach my $line (@userdata) { my @secs; my %entries=&Apache::loncommon::record_sep($line); # Determine user name + $entries{$fields{'username'}} =~ s/^\s+|\s+$//g; unless (($entries{$fields{'username'}} eq '') || (!defined($entries{$fields{'username'}}))) { my ($fname, $mname, $lname,$gen) = ('','','',''); @@ -3986,13 +4027,20 @@ sub upfile_drop_add { $gen=$entries{$fields{'gen'}}; } } + if ($entries{$fields{'username'}} ne &LONCAPA::clean_username($entries{$fields{'username'}})) { + my $nowhitespace; + if ($entries{$fields{'username'}} =~ /\s/) { + $nowhitespace = ' - '.&mt('usernames may not contain spaces.'); + } $r->print('
'. &mt('[_1]: Unacceptable username for user [_2] [_3] [_4] [_5]', - ''.$entries{$fields{'username'}}.'',$fname,$mname,$lname,$gen)); + ''.$entries{$fields{'username'}}.'',$fname,$mname,$lname,$gen). + $nowhitespace); next; } else { + $entries{$fields{'domain'}} =~ s/^\s+|\s+$//g; if ($entries{$fields{'domain'}} ne &LONCAPA::clean_domain($entries{$fields{'domain'}})) { $r->print('
'. ''.$entries{$fields{'domain'}}. @@ -4051,6 +4099,7 @@ sub upfile_drop_add { # determine email address my $email=''; if (defined($fields{'email'})) { + $entries{$fields{'email'}} =~ s/^\s+|\s+$//g; if (defined($entries{$fields{'email'}})) { $email=$entries{$fields{'email'}}; unless ($email=~/^[^\@]+\@[^\@]+$/) { $email=''; } @@ -4097,7 +4146,7 @@ sub upfile_drop_add { $role = $defaultrole; } # Clean up whitespace - foreach (\$id,\$fname,\$mname,\$lname,\$gen) { + foreach (\$id,\$fname,\$mname,\$lname,\$gen,\$inststatus) { $$_ =~ s/(\s+$|^\s+)//g; } # check against rules @@ -4106,9 +4155,16 @@ sub upfile_drop_add { my (%rulematch,%inst_results,%idinst_results); my $uhome=&Apache::lonnet::homeserver($username,$userdomain); if ($uhome eq 'no_host') { - next if ($userdomain ne $domain); + if ($userdomain ne $domain) { + $r->print('
'. + &mt('[_1]: The domain specified ([_2]) is different to that of the course.', + ''.$username.'',$userdomain).'
'. + &mt('The user does not already exist, and you may not create a new user in a different domain.')); + next; + } $checkid = 1; $newuser = 1; + my $user = $username.':'.$domain; my $checkhash; my $checks = { 'username' => 1 }; $checkhash->{$username.':'.$domain} = { 'newuser' => 1, }; @@ -4117,9 +4173,26 @@ sub upfile_drop_add { \%got_rules); if (ref($alerts{'username'}) eq 'HASH') { if (ref($alerts{'username'}{$domain}) eq 'HASH') { - next if ($alerts{'username'}{$domain}{$username}); + if ($alerts{'username'}{$domain}{$username}) { + $r->print('
'. + &mt('[_1]: matches the username format at your institution, but is not known to your directory service.',''.$username.'').'
'. + &mt('Consequently, the user was not created.')); + next; + } + } + } + my $usertype = 'unofficial'; + if (ref($rulematch{$user}) eq 'HASH') { + if ($rulematch{$user}{'username'}) { + $usertype = 'official'; } } + unless ($cancreate{$usertype}) { + my $showtype = $longtypes{$usertype}; + $r->print('
'. + &mt('[_1]: The user does not exist, and you are not permitted to create users of type: [_2].',''.$username.'',$showtype)); + next; + } } else { if ($context eq 'course' || $context eq 'author') { if ($userdomain eq $domain ) { @@ -4170,7 +4243,12 @@ sub upfile_drop_add { \%got_rules); if (ref($alerts{'id'}) eq 'HASH') { if (ref($alerts{'id'}{$userdomain}) eq 'HASH') { - next if ($alerts{'id'}{$userdomain}{$id}); + if ($alerts{'id'}{$userdomain}{$id}) { + $r->print(&mt('[_1]: has a student/employee ID matching the format at your institution, but the ID is found by your directory service.', + ''.$username.'').'
'. + &mt('Consequently, the user was not created.')); + next; + } } } } @@ -4265,7 +4343,7 @@ sub upfile_drop_add { } } # end of foreach (@userdata) # Flush the course logs so reverse user roles immediately updated - $r->register_cleanup(\&Apache::lonnet::flushcourselogs()); + $r->register_cleanup(\&Apache::lonnet::flushcourselogs); $r->print("

\n

\n".&mt('Processed [quant,_1,user].',$counts{'user'}). "

\n"); if ($counts{'role'} > 0) { @@ -4757,7 +4835,7 @@ sub update_user_list { $r->print('

'.&mt('Re-enabling will re-activate data for the role.').'

'); } # Flush the course logs so reverse user roles immediately updated - &Apache::lonnet::flushcourselogs(); + $r->register_cleanup(\&Apache::lonnet::flushcourselogs); } if ($env{'form.makedatesdefault'}) { if ($choice eq 'chgdates' || $choice eq 'reenable' || $choice eq 'activate') { @@ -4972,7 +5050,7 @@ sub setsections_javascript { accr => 'A course coordinator role will be added with access to all sections.', acor => 'A coordinator role will be added with access to all sections', inea => 'In each course, each user may only have one student role at a time.', - inec => 'In each community, each user may only have one member role at a time.', + inco => 'In each community, each user may only have one member role at a time.', youh => 'You had selected ', secs => 'sections.', plmo => 'Please modify your selections so they include no more than one section.',