--- loncom/interface/spreadsheet/lonspreadsheet.pm 2003/06/18 19:44:22 1.11 +++ loncom/interface/spreadsheet/lonspreadsheet.pm 2003/09/05 01:06:45 1.23 @@ -1,5 +1,5 @@ # -# $Id: lonspreadsheet.pm,v 1.11 2003/06/18 19:44:22 matthew Exp $ +# $Id: lonspreadsheet.pm,v 1.23 2003/09/05 01:06:45 matthew Exp $ # # Copyright Michigan State University Board of Trustees # @@ -54,6 +54,8 @@ built-in functions. package Apache::lonspreadsheet; use strict; +use warnings FATAL=>'all'; +no warnings 'uninitialized'; use Apache::classcalc(); use Apache::studentcalc(); use Apache::assesscalc(); @@ -165,9 +167,13 @@ END } $load_dialog .= '>'.$sheetfilename."\n"; } - $load_dialog .= " \n\n"; + $load_dialog .= "\n \n\n"; # $result .=< + File Dialogs + --> @@ -180,6 +186,9 @@ END
+ END return ($result,$message); } @@ -214,11 +223,19 @@ sub handler { $r->uri.":opa:0:0:Cannot modify spreadsheet"; return HTTP_NOT_ACCEPTABLE; } + my $courseid = $ENV{'request.course.id'}; + # + # Do not allow students to continue if standard grading is in effect. + if ($ENV{'request.role'} =~ /^st\./) { + if ($ENV{'course.'.$courseid.'.grading'} eq 'standard') { + return HTTP_NOT_ACCEPTABLE; + } + } # # Get query string for limited number of parameters # &Apache::loncommon::get_unprocessed_cgi - ($ENV{'QUERY_STRING'},['sname','sdomain','usymb','filename']); + ($ENV{'QUERY_STRING'},['sname','sdomain','usymb','filename','recalc']); # # Deal with restricted student permissions # @@ -238,32 +255,53 @@ sub handler { $name = $ENV{'form.sname'}; $domain = $ENV{'form.sdomain'}; } - # - # Open page, try to prevent browser cache. - # - $r->content_type('text/html'); - $r->header_out('Cache-control','no-cache'); - $r->header_out('Pragma','no-cache'); - $r->send_http_header; ## ## Check permissions my $allowed_to_edit = &Apache::lonnet::allowed('mgr', $ENV{'request.course.id'}); + # Only those instructors/tas/whatevers with complete access + # (not section restricted) are able to modify spreadsheets. my $allowed_to_view = &Apache::lonnet::allowed('vgr', $ENV{'request.course.id'}); - + if (! $allowed_to_view) { + $allowed_to_view = &Apache::lonnet::allowed('vgr', + $ENV{'request.course.id'}.'/'.$ENV{'request.course.sec'}); + # Those who are restricted by section are allowed to view. + # The routines in lonstatistics which decide which students' + # will be shown take care of the restriction by section. + } # # Only those able to view others grades will be allowed to continue # if they are not requesting their own. - if (($sheettype eq 'classcalc') || - ($name ne $ENV{'user.name'} ) || - ($domain ne $ENV{'user.domain'})) { + if ($sheettype eq 'classcalc') { if (! $allowed_to_view) { - $r->print('

Access Permission Denied

'. - ''); - return OK; + $ENV{'user.error.msg'}= + $r->uri.":vgr:0:0:Access Permission Denied"; + return HTTP_NOT_ACCEPTABLE; + } + } + if ((($name ne $ENV{'user.name'} ) || + ($domain ne $ENV{'user.domain'})) && $sheettype ne 'classcalc') { + # Check that the student is in their section? + if (exists($ENV{'request.course.sec'}) && + $ENV{'request.course.sec'} ne '' ) { + my $stu_sec = &Apache::lonnet::usection($domain,$name, + $ENV{'request.course.id'}); + if ($stu_sec ne $ENV{'request.course.sec'}) { + $ENV{'user.error.msg'}= + $r->uri.":vgr:0:0:Requested student not in your section."; + return HTTP_NOT_ACCEPTABLE; + } } } + + # + # Open page, try to prevent browser cache. + # + $r->content_type('text/html'); + &Apache::loncommon::no_cache($r); + $r->send_http_header; + # # Header.... # @@ -289,7 +327,7 @@ sub handler { edit_text +='Cell Edit Window'; edit_text += '
'; edit_text += '

Cell '+cellname+'

'; - edit_text += '