# The LearningOnline Network with CAPA # User Roles Screen # # $Id: lonroles.pm,v 1.83 2004/01/27 22:54:59 albertel Exp $ # # Copyright Michigan State University Board of Trustees # # This file is part of the LearningOnline Network with CAPA (LON-CAPA). # # LON-CAPA is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # LON-CAPA is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with LON-CAPA; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # /home/httpd/html/adm/gpl.txt # # http://www.lon-capa.org/ # # (Directory Indexer # (Login Screen # YEAR=1999 # 5/21/99,5/22,5/25,5/26,5/31,6/2,6/10,7/12,7/14 Gerd Kortemeyer) # 11/23 Gerd Kortemeyer) # YEAR=2000 # 1/14,03/06,06/01,07/22,07/24,07/25, # 09/04,09/06,09/28,09/29,09/30,10/2,10/5,10/26,10/28, # 12/08,12/28, # YEAR=2001 # 01/15/01 Gerd Kortemeyer # 03/02,05/03,05/25,05/30,06/01,07/06,08/06 Gerd Kortemeyer # 12/29 Gerd Kortemeyer # ### package Apache::lonroles; use strict; use Apache::lonnet(); use Apache::lonuserstate(); use Apache::Constants qw(:common); use Apache::File(); use Apache::lonmenu; use Apache::loncommon; use Apache::lonannounce; use Apache::lonlocal; sub redirect_user { my ($r,$title,$url,$msg) = @_; $msg = $title if (! defined($msg)); &Apache::loncommon::content_type($r,'text/html'); &Apache::loncommon::no_cache($r); $r->send_http_header; my $swinfo=&Apache::lonmenu::rawconfig(); my $bodytag=&Apache::loncommon::bodytag('Switching Role'); $r->print (<$title $bodytag

$msg

ENDREDIR return; } sub handler { my $r = shift; my $now=time; my $then=$ENV{'user.login.time'}; my $envkey; # ================================================================== Roles Init if ($ENV{'form.selectrole'}) { if ($ENV{'request.course.id'}) { my %temp=('logout_'.$ENV{'request.course.id'} => time); &Apache::lonnet::put('email_status',\%temp); } &Apache::lonnet::appenv("request.course.id" => '', "request.course.fn" => '', "request.course.uri" => '', "request.course.sec" => '', "request.role" => 'cm', "request.role.adv" => $ENV{'user.adv'}, "request.role.domain" => $ENV{'user.domain'}); foreach $envkey (keys %ENV) { next if ($envkey!~/^user\.role\./); my (undef,undef,$role,@pwhere)=split(/\./,$envkey); my $where=join('.',@pwhere); my $trolecode=$role.'.'.$where; if ($ENV{'form.'.$trolecode}) { my ($tstart,$tend)=split(/\./,$ENV{$envkey}); my $tstatus='is'; if ($tstart) { if ($tstart>$then) { $tstatus='future'; } } if ($tend) { if ($tend<$then) { $tstatus='expired'; } if ($tend<$now) { $tstatus='will_not'; } } if ($tstatus eq 'is') { $where=~s/^\///; my ($cdom,$cnum,$csec)=split(/\//,$where); # check for keyed access if (($role eq 'st') && ($ENV{'course.'.$cdom.'_'.$cnum.'.keyaccess'} eq 'yes')) { unless (&Apache::lonnet::validate_access_key( $ENV{'environment.key.'.$cdom.'_'.$cnum}, $cdom,$cnum)) { # there is no valid key if ($ENV{'form.newkey'}) { # student attempts to register a new key } else { # print form to enter a new key &Apache::loncommon::content_type($r,'text/html'); &Apache::loncommon::no_cache($r); $r->send_http_header; my $swinfo=&Apache::lonmenu::rawconfig(); my $bodytag=&Apache::loncommon::bodytag ('Enter Access Key to Unlock this Course'); $r->print(<Entering Course Access Key $bodytag ENDENTERKEY return OK; } } } my $tadv=0; if (($trolecode!~/^st/) && ($trolecode!~/^ta/) && ($trolecode!~/^cm/)) { $tadv=1; } &Apache::lonnet::appenv( 'request.role' => $trolecode, 'request.role.adv' => $tadv, 'request.role.domain' => $cdom, 'request.course.sec' => $csec); my $msg=&mt('Entering course ...'); if (($cnum) && ($role ne 'ca')) { my ($furl,$ferr)= &Apache::lonuserstate::readmap($cdom.'/'.$cnum); if (($ENV{'form.orgurl'}) && ($ENV{'form.orgurl'}!~/^\/adm\/flip/)) { my $dest=$ENV{'form.orgurl'}; if ( &Apache::lonnet::mod_perl_version() == 2 ) { &Apache::lonnet::cleanenv(); } $r->internal_redirect($dest); return OK; } else { unless ($ENV{'request.course.id'}) { &Apache::lonnet::appenv( "request.course.id" => $cdom.'_'.$cnum); $furl='/adm/roles?tryagain=1'; $msg= '

'. &mt('Could not initialize course at this time.'). '

'.&mt('Please try again.').'

'.$ferr; } # Check to see if the user is a CC entering a course # for the first time my (undef, undef, $role, $courseid) = split(/\./, $envkey); if (substr($courseid, 0, 1) eq '/') { $courseid = substr($courseid, 1); } $courseid =~ s/\//_/; if ($role eq 'cc' && $ENV{'course.' . $courseid . '.course.helper.not.run'}) { $furl = "/adm/helper/course.initialization.helper"; } # # Send the user to the course they selected &redirect_user($r,&mt('Entering Course'), $furl,$msg); return OK; } } # # Send the user to the construction space they selected if ($role =~ /^(au|ca)$/) { my $redirect_url = '/priv/'; if ($role eq 'au') { $redirect_url.=$ENV{'user.name'}; } else { $where =~ /\/(.*)$/; $redirect_url .= $1; } $redirect_url .= '/'; &redirect_user($r,&mt('Entering Construction Space'), $redirect_url); return OK; } } } } } # =============================================================== No Roles Init &Apache::loncommon::content_type($r,'text/html'); &Apache::loncommon::no_cache($r); $r->send_http_header; return OK if $r->header_only; my $swinfo=&Apache::lonmenu::rawconfig(); my $bodytag=&Apache::loncommon::bodytag('User Roles'); my $helptag='

'.&Apache::loncommon::help_open_topic ("General_Intro",&mt("Click here for help")).'

'. &Apache::loncommon::help_open_faq(1,&mt('Click here for FAQ')).'

'. &Apache::loncommon::help_open_bug('',&mt('Click here to report bugs')).'

'; $r->print(< LON-CAPA User Roles $bodytag $helptag
ENDHEADER # ------------------------------------------ Get Error Message from Environment my ($fn,$priv,$nochoose,$error,$msg)=split(/:/,$ENV{'user.error.msg'}); if ($ENV{'user.error.msg'}) { $r->log_reason( "$msg for $ENV{'user.name'} domain $ENV{'user.domain'} access $priv",$fn); } # ------------------------------------------------- Can this user re-init, etc? my $advanced=$ENV{'user.adv'}; &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['tryagain']); my $tryagain=$ENV{'form.tryagain'}; # -------------------------------------------------------- Generate Page Output # --------------------------------------------------------------- Error Header? if ($error) { $r->print("

LON-CAPA Access Control

"); $r->print("

Access  : ".
                  Apache::lonnet::plaintext($priv)."\n");
        $r->print("Resource: $fn\n");
        $r->print("Action  : $msg\n

"); } else { if ($ENV{'user.error.msg'}) { $r->print( '

'. &mt('You need to choose another user role or enter a specific course for this function').'

'); } } # -------------------------------------------------------- Choice or no choice? if ($nochoose) { if ($advanced) { $r->print("

".&mt('Assigned User Roles')."

\n"); } else { $r->print("

".&mt('Sorry ...')."

\n". &mt('This resource might be part of')); if ($ENV{'request.course.id'}) { $r->print(&mt(' another')); } else { $r->print(&mt(' a certain')); } $r->print(&mt(' course.').''); return OK; } } else { if ($advanced) { $r->print(&mt("Your home server is "). $Apache::lonnet::hostname{&Apache::lonnet::homeserver ($ENV{'user.name'},$ENV{'user.domain'})}. "
\n"); $r->print(&mt( "Author and Co-Author roles may not be available on servers other than your home server.")); } else { $r->print("

".&mt('Select a Course to Enter')."

\n"); } if (($ENV{'REDIRECT_QUERY_STRING'}) && ($fn)) { $fn.='?'.$ENV{'REDIRECT_QUERY_STRING'}; } $r->print('

'); $r->print(''); $r->print(''); } if ($ENV{'user.adv'}) { $r->print( '
'.&mt('Show all roles').': print(' checked'); } $r->print('>'); } # ----------------------------------------------------------------------- Table $r->print('
'); unless ($nochoose) { $r->print(''); } $r->print(''."\n"); my (%roletext,%sortrole,%roleclass); foreach $envkey (sort keys %ENV) { my $button = 1; my $switchserver=''; my $roletext; my $sortkey; if ($envkey=~/^user\.role\./) { my (undef,undef,$role,@pwhere)=split(/\./,$envkey); next if (!defined($role) || $role eq ''); my $where=join('.',@pwhere); my $trolecode=$role.'.'.$where; my ($tstart,$tend)=split(/\./,$ENV{$envkey}); my $tremark=''; my $tstatus='is'; my $tpstart=' '; my $tpend=' '; my $tfont='#000000'; if ($tstart) { if ($tstart>$then) { $tstatus='future'; if ($tstart<$now) { $tstatus='will'; } } $tpstart=&Apache::lonlocal::locallocaltime($tstart); } if ($tend) { if ($tend<$then) { $tstatus='expired'; } elsif ($tend<$now) { $tstatus='will_not'; } $tpend=&Apache::lonlocal::locallocaltime($tend); } if ($ENV{'request.role'} eq $trolecode) { $tstatus='selected'; } my $tbg; if (($tstatus eq 'is') || ($tstatus eq 'selected') || ($ENV{'form.showall'})) { if ($tstatus eq 'is') { $tbg='#77FF77'; $tfont='#003300'; } elsif ($tstatus eq 'future') { $tbg='#FFFF77'; $button=0; } elsif ($tstatus eq 'will') { $tbg='#FFAA77'; $tremark.=&mt('Active at next login. '); } elsif ($tstatus eq 'expired') { $tbg='#FF7777'; $tfont='#330000'; $button=0; } elsif ($tstatus eq 'will_not') { $tbg='#AAFF77'; $tremark.=&mt('Expired after logout. '); } elsif ($tstatus eq 'selected') { $tbg='#11CC55'; $tfont='#002200'; $tremark.=&mt('Currently selected. '); } my $trole; if ($role =~ /^cr\//) { my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$role); $tremark.='
'.&mt('Defined by ').$rauthor. &mt(' at ').$rdomain.'.'; $trole=$rrole; } else { $trole=Apache::lonnet::plaintext($role); } my $ttype; my $twhere; my ($tdom,$trest,$tsection)= split(/\//,Apache::lonnet::declutter($where)); # First, Co-Authorship roles if ($role eq 'ca') { my $home = &Apache::lonnet::homeserver($trest,$tdom); my $allowed=0; my @ids=&Apache::lonnet::current_machine_ids(); foreach my $id (@ids) { if ($id eq $home) { $allowed=1; } } if (!$allowed) { $button=0; $switchserver=&Apache::lonnet::escape('http://'. $Apache::lonnet::hostname{$home}. '/adm/login?domain='.$ENV{'user.domain'}. '&username='.$ENV{'user.name'}. '&firsturl=/priv/'.$trest); } #next if ($home eq 'no_host'); $home = $Apache::lonnet::hostname{$home}; $ttype='Construction Space'; $twhere=&mt('User').': '.$trest.'
'.&mt('Domain'). ': '.$tdom.'
'. ' '.&mt('Server').': '.$home; $ENV{'course.'.$tdom.'_'.$trest.'.description'}='ca'; $tremark.=&Apache::lonhtmlcommon::authorbombs('/res/'.$tdom.'/'.$trest.'/'); $sortkey=$role."$trest:$tdom"; } elsif ($role eq 'au') { # Authors my $home = &Apache::lonnet::homeserver ($ENV{'user.name'},$ENV{'user.domain'}); my $allowed=0; my @ids=&Apache::lonnet::current_machine_ids(); foreach my $id (@ids) { if ($id eq $home) { $allowed=1; } } if (!$allowed) { $button=0; $switchserver=&Apache::lonnet::escape('http://'. $Apache::lonnet::hostname{$home}. '/adm/login?domain='.$ENV{'user.domain'}. '&username='.$ENV{'user.name'}. '&firsturl=/priv/'.$ENV{'user.name'}); } #next if ($home eq 'no_host'); $home = $Apache::lonnet::hostname{$home}; $ttype='Construction Space'; $twhere=&mt('Domain').': '.$tdom.'
'.&mt('Server'). ': '.$home; $ENV{'course.'.$tdom.'_'.$trest.'.description'}='ca'; $tremark.=&Apache::lonhtmlcommon::authorbombs('/res/'.$tdom.'/'.$ENV{'user.name'}.'/'); $sortkey=$role; } elsif ($trest) { $ttype='Course'; if ($tsection) { $ttype.='
'.&mt('Section/Group').': '.$tsection; } my $tcourseid=$tdom.'_'.$trest; if ($ENV{'course.'.$tcourseid.'.description'}) { $twhere=$ENV{'course.'.$tcourseid.'.description'}; $sortkey=$role."\0".$tdom."\0".$twhere."\0".$envkey; unless ($twhere eq &mt('Currently not available')) { $twhere.=' '. &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$trest,$tdom,$tfont). ''; } } else { my %newhash=Apache::lonnet::coursedescription ($tcourseid); if (%newhash) { $sortkey=$role."\0".$tdom."\0".$newhash{'description'}. "\0".$envkey; $twhere=$newhash{'description'}. ' '. &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$trest,$tdom,$tfont). ''; } else { $twhere=&mt('Currently not available'); $ENV{'course.'.$tcourseid.'.description'}=$twhere; $sortkey=$role."\0".$tdom."\0".$twhere."\0".$envkey; } } if ($role ne 'st') { $twhere.="
".&mt('Domain').":".$tdom; } } elsif ($tdom) { $ttype='Domain'; $twhere=$tdom; $sortkey=$role.$twhere; } else { $ttype='System'; $twhere=&mt('system wide'); $sortkey=$role.$twhere; } $roletext.=''; unless ($nochoose) { if (!$button) { if ($switchserver) { $roletext.=''; } else { $roletext.=(''); } } elsif ($tstatus eq 'is') { $roletext.=(''); } elsif ($tryagain) { $roletext.= ''; } elsif ($advanced) { $roletext.= ''; } else { $roletext.=''; } } $tremark.=&Apache::lonannounce::showday(time,1, &Apache::lonannounce::readcalendar($tdom.'_'.$trest)); $roletext.=''."\n"; $roletext{$envkey}=$roletext; if (!$sortkey) {$sortkey=$twhere."\0".$envkey;} $sortrole{$sortkey}=$envkey; $roleclass{$envkey}=$ttype; } } } my $doheaders=-1; foreach my $type ('Construction Space','Course','Domain','System') { my $haverole=0; foreach my $which (sort {uc($a) cmp uc($b)} (keys(%sortrole))) { if ($roleclass{$sortrole{$which}} =~ /^\Q$type\E/) { $haverole=1; } } if ($haverole) { $doheaders++; } } foreach my $type ('Construction Space','Course','Domain','System') { my $output; foreach my $which (sort {uc($a) cmp uc($b)} (keys(%sortrole))) { if ($roleclass{$sortrole{$which}} =~ /^\Q$type\E/) { $output.=&mt($roletext{$sortrole{$which}}); } } if ($output) { if ($doheaders > 0) { $r->print("". ""); } $r->print($output); } } my $tremark=''; my $tfont='#003300'; if ($ENV{'request.role'} eq 'cm') { $r->print(''); $tremark=&mt('Currently selected. '); $tfont='#002200'; } else { $r->print(''); } unless ($nochoose) { if ($ENV{'request.role'} ne 'cm') { $r->print(''); } else { $r->print(''); } } $r->print(''."\n"); $r->print('

	'.&mt('Extent'). '	'. &mt('Remark').'
'.&mt('Switch Server').'		'.$trole. '	'.$ttype. '	'.$twhere. '	'.$tpstart. '	'.$tpend. '	'.$tremark. '
".&mt($type)."
	'.&mt('No role specified'). '		'.$tremark. '

'); unless ($nochoose) { $r->print("

\n"); } # ------------------------------------------------------------ Privileges Info if (($advanced) && (($ENV{'user.error.msg'}) || ($error))) { $r->print('

Current Privileges

'); foreach $envkey (sort keys %ENV) { if ($envkey=~/^user\.priv\.$ENV{'request.role'}\./) { my $where=$envkey; $where=~s/^user\.priv\.$ENV{'request.role'}\.//; my $ttype; my $twhere; my ($tdom,$trest,$tsec)= split(/\//,Apache::lonnet::declutter($where)); if ($trest) { if ($ENV{'course.'.$tdom.'_'.$trest.'.description'} eq 'ca') { $ttype='Construction Space'; $twhere='User: '.$trest.', Domain: '.$tdom; } else { $ttype='Course'; $twhere=$ENV{'course.'.$tdom.'_'.$trest.'.description'}; if ($tsec) { $twhere.=' (Section/Group: '.$tsec.')'; } } } elsif ($tdom) { $ttype='Domain'; $twhere=$tdom; } else { $ttype='System'; $twhere='/'; } $r->print("\n

".$ttype.': '.$twhere.'

print('

'. Apache::lonnet::plaintext($prv).$trestr. '

'); } } $r->print('

'); } } } $r->print(&Apache::lonnet::getannounce()); if ($advanced) { $r->print('

This is LON-CAPA '. $r->dir_config('lonVersion').'

'); } $r->print("\n"); return OK; } 1; __END__ =head1 NAME Apache::lonroles - User Roles Screen =head1 SYNOPSIS Invoked by /etc/httpd/conf/srm.conf: PerlAccessHandler Apache::lonacc SetHandler perl-script PerlHandler Apache::lonroles ErrorDocument 403 /adm/login ErrorDocument 500 /adm/errorhandler =head1 OVERVIEW =head2 Choosing Roles C is a handler that allows a user to switch roles in mid-session. LON-CAPA attempts to work with "No Role Specified", the default role that a user has before selecting a role, as widely as possible, but certain handlers for example need specification which course they should act on, etc. Both in this scenario, and when the handler determines via C's C<&allowed> function that a certain action is not allowed, C is used as error handler. This allows the user to select another role which may have permission to do what they were trying to do. C can also be accessed via the B button in the Remote Control. =begin latex \begin{figure} \begin{center} \includegraphics[width=0.45\paperwidth,keepaspectratio]{Sample_Roles_Screen} \caption{\label{Sample_Roles_Screen}Sample Roles Screen} \end{center} \end{figure} =end latex =head2 Role Initialization The privileges for a user are established at login time and stored in the session environment. As a consequence, a new role does not become active till the next login. Handlers are able to query for privileges using C's C<&allowed> function. When a user first logs in, their role is the "common" role, which means that they have the sum of all of their privileges. During a session it might become necessary to choose a particular role, which as a consequence also limits the user to only the privileges in that particular role. =head1 INTRODUCTION This module enables a user to select what role he wishes to operate under (instructor, student, teaching assistant, course coordinator, etc). These roles are pre-established by the actions of upper-level users. This is part of the LearningOnline Network with CAPA project described at http://www.lon-capa.org. =head1 HANDLER SUBROUTINE This routine is called by Apache and mod_perl. =over 4 =item * Roles Initialization (yes/no) =item * Get Error Message from Environment =item * Who is this? =item * Generate Page Output =item * Choice or no choice =item * Table =item * Privileges =back =cut