[LON-CAPA-cvs] cvs: loncom /interface/spreadsheet lonspreadsheet.pm

matthew lon-capa-cvs@mail.lon-capa.org
Mon, 19 May 2003 15:53:07 -0000


matthew		Mon May 19 11:53:07 2003 EDT

  Modified files:              
    /loncom/interface/spreadsheet	lonspreadsheet.pm 
  Log:
  Minor revision to permissions checking.  Added '$allowed_to_view' and 
  replaced '$editing_is_allowed' with '$allowed_to_edit'. 
  Only present link to parent sheet if the user is allowed to view or edit
  grades.
  
  
Index: loncom/interface/spreadsheet/lonspreadsheet.pm
diff -u loncom/interface/spreadsheet/lonspreadsheet.pm:1.2 loncom/interface/spreadsheet/lonspreadsheet.pm:1.3
--- loncom/interface/spreadsheet/lonspreadsheet.pm:1.2	Mon May 19 10:06:18 2003
+++ loncom/interface/spreadsheet/lonspreadsheet.pm	Mon May 19 11:53:07 2003
@@ -1,5 +1,5 @@
 #
-# $Id: lonspreadsheet.pm,v 1.2 2003/05/19 14:06:18 matthew Exp $
+# $Id: lonspreadsheet.pm,v 1.3 2003/05/19 15:53:07 matthew Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -149,13 +149,19 @@
     $r->header_out('Cache-control','no-cache');
     $r->header_out('Pragma','no-cache');
     $r->send_http_header;
+    ##
+    ## Check permissions
+    my $allowed_to_edit = &Apache::lonnet::allowed('mgr',
+                                                $ENV{'request.course.id'});
+    my $allowed_to_view =  &Apache::lonnet::allowed('vgr',
+                                                $ENV{'request.course.id'});
     #
-    # Check user permissions - only those able to view others grades
-    # will be allowed to continue if they are not requesting their own.
+    # Only those able to view others grades will be allowed to continue 
+    # if they are not requesting their own.
     if (($sheettype eq 'classcalc') || 
         ($name   ne $ENV{'user.name'} ) ||
         ($domain ne $ENV{'user.domain'})) {
-        if (! &Apache::lonnet::allowed('vgr',$ENV{'request.course.id'})) {
+        if (! $allowed_to_view) {
             $r->print('<h1>Access Permission Denied</h1>'.
                       '</form></body></html>');
             return OK;
@@ -216,13 +222,9 @@
               &hiddenfield('usymb'  ,$ENV{'form.usymb'}));
     $r->rflush();
     ##
-    ## Check permissions
-    my $editing_is_allowed = &Apache::lonnet::allowed('mgr',
-                                                $ENV{'request.course.id'});
-    ##
     ## Determine the filename to use
     my $filename = undef;
-    if ($editing_is_allowed) {
+    if ($allowed_to_edit) {
         $filename = $ENV{'form.filename'} if (exists($ENV{'form.filename'}));
         #
         if (exists($ENV{'form.load'}) && exists($ENV{'form.loadfilename'})) {
@@ -239,7 +241,7 @@
         $spreadsheet = Apache::studentcalc->new($name,$domain,$filename,undef);
     } elsif ($sheettype eq 'assesscalc' && 
              defined($symb) && 
-             $editing_is_allowed) {
+             $allowed_to_edit) {
         $spreadsheet = Apache::assesscalc->new($name,$domain,$filename,$symb);
     } else {
         return HTTP_NOT_ACCEPTABLE;
@@ -250,7 +252,7 @@
     }
     ##
     ## Editing/loading/saving
-    if ($editing_is_allowed) {
+    if ($allowed_to_edit) {
         ##
         ## Deal with saving the spreadsheet
         if (exists($ENV{'form.save'}) && 
@@ -322,10 +324,10 @@
     $r->print(&hiddenfield('filename',$filename));
     #
     $r->print($spreadsheet->get_title());
-    $r->print($spreadsheet->parent_link());
-    if (defined($spreadsheet)) {
-        $spreadsheet->display($r);
+    if ($allowed_to_view || $allowed_to_edit) {
+        $r->print($spreadsheet->parent_link());
     }
+    $spreadsheet->display($r);
     $r->print('</form></body></html>');
     return OK;
 }