[LON-CAPA-cvs] cvs: loncom /interface/spreadsheet lonspreadsheet.pm
matthew
lon-capa-cvs@mail.lon-capa.org
Mon, 19 May 2003 15:53:07 -0000
matthew Mon May 19 11:53:07 2003 EDT
Modified files:
/loncom/interface/spreadsheet lonspreadsheet.pm
Log:
Minor revision to permissions checking. Added '$allowed_to_view' and
replaced '$editing_is_allowed' with '$allowed_to_edit'.
Only present link to parent sheet if the user is allowed to view or edit
grades.
Index: loncom/interface/spreadsheet/lonspreadsheet.pm
diff -u loncom/interface/spreadsheet/lonspreadsheet.pm:1.2 loncom/interface/spreadsheet/lonspreadsheet.pm:1.3
--- loncom/interface/spreadsheet/lonspreadsheet.pm:1.2 Mon May 19 10:06:18 2003
+++ loncom/interface/spreadsheet/lonspreadsheet.pm Mon May 19 11:53:07 2003
@@ -1,5 +1,5 @@
#
-# $Id: lonspreadsheet.pm,v 1.2 2003/05/19 14:06:18 matthew Exp $
+# $Id: lonspreadsheet.pm,v 1.3 2003/05/19 15:53:07 matthew Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -149,13 +149,19 @@
$r->header_out('Cache-control','no-cache');
$r->header_out('Pragma','no-cache');
$r->send_http_header;
+ ##
+ ## Check permissions
+ my $allowed_to_edit = &Apache::lonnet::allowed('mgr',
+ $ENV{'request.course.id'});
+ my $allowed_to_view = &Apache::lonnet::allowed('vgr',
+ $ENV{'request.course.id'});
#
- # Check user permissions - only those able to view others grades
- # will be allowed to continue if they are not requesting their own.
+ # Only those able to view others grades will be allowed to continue
+ # if they are not requesting their own.
if (($sheettype eq 'classcalc') ||
($name ne $ENV{'user.name'} ) ||
($domain ne $ENV{'user.domain'})) {
- if (! &Apache::lonnet::allowed('vgr',$ENV{'request.course.id'})) {
+ if (! $allowed_to_view) {
$r->print('<h1>Access Permission Denied</h1>'.
'</form></body></html>');
return OK;
@@ -216,13 +222,9 @@
&hiddenfield('usymb' ,$ENV{'form.usymb'}));
$r->rflush();
##
- ## Check permissions
- my $editing_is_allowed = &Apache::lonnet::allowed('mgr',
- $ENV{'request.course.id'});
- ##
## Determine the filename to use
my $filename = undef;
- if ($editing_is_allowed) {
+ if ($allowed_to_edit) {
$filename = $ENV{'form.filename'} if (exists($ENV{'form.filename'}));
#
if (exists($ENV{'form.load'}) && exists($ENV{'form.loadfilename'})) {
@@ -239,7 +241,7 @@
$spreadsheet = Apache::studentcalc->new($name,$domain,$filename,undef);
} elsif ($sheettype eq 'assesscalc' &&
defined($symb) &&
- $editing_is_allowed) {
+ $allowed_to_edit) {
$spreadsheet = Apache::assesscalc->new($name,$domain,$filename,$symb);
} else {
return HTTP_NOT_ACCEPTABLE;
@@ -250,7 +252,7 @@
}
##
## Editing/loading/saving
- if ($editing_is_allowed) {
+ if ($allowed_to_edit) {
##
## Deal with saving the spreadsheet
if (exists($ENV{'form.save'}) &&
@@ -322,10 +324,10 @@
$r->print(&hiddenfield('filename',$filename));
#
$r->print($spreadsheet->get_title());
- $r->print($spreadsheet->parent_link());
- if (defined($spreadsheet)) {
- $spreadsheet->display($r);
+ if ($allowed_to_view || $allowed_to_edit) {
+ $r->print($spreadsheet->parent_link());
}
+ $spreadsheet->display($r);
$r->print('</form></body></html>');
return OK;
}