[LON-CAPA-cvs] cvs: loncom /interface/spreadsheet lonspreadsheet.pm
matthew
lon-capa-cvs@mail.lon-capa.org
Thu, 19 Jun 2003 14:52:21 -0000
matthew Thu Jun 19 10:52:21 2003 EDT
Modified files:
/loncom/interface/spreadsheet lonspreadsheet.pm
Log:
Bug 1793: If allowed did not return true for viewing the entire classes
spreadsheet, try it by section. This lets TAs and Instructors assigned
tos specific sections view the course and student level spreadsheets for
their section ONLY. Also check to determine if, at the student level,
the student is enrolled in the section the instructor is limited to.
This prevents TAs from viewing students outside their scope.
Index: loncom/interface/spreadsheet/lonspreadsheet.pm
diff -u loncom/interface/spreadsheet/lonspreadsheet.pm:1.11 loncom/interface/spreadsheet/lonspreadsheet.pm:1.12
--- loncom/interface/spreadsheet/lonspreadsheet.pm:1.11 Wed Jun 18 15:44:22 2003
+++ loncom/interface/spreadsheet/lonspreadsheet.pm Thu Jun 19 10:52:21 2003
@@ -1,5 +1,5 @@
#
-# $Id: lonspreadsheet.pm,v 1.11 2003/06/18 19:44:22 matthew Exp $
+# $Id: lonspreadsheet.pm,v 1.12 2003/06/19 14:52:21 matthew Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -249,21 +249,43 @@
## Check permissions
my $allowed_to_edit = &Apache::lonnet::allowed('mgr',
$ENV{'request.course.id'});
+ # Only those instructors/tas/whatevers with complete access
+ # (not section restricted) are able to modify spreadsheets.
my $allowed_to_view = &Apache::lonnet::allowed('vgr',
$ENV{'request.course.id'});
-
+ if (! $allowed_to_view) {
+ $allowed_to_view = &Apache::lonnet::allowed('vgr',
+ $ENV{'request.course.id'}.'/'.$ENV{'request.course.sec'});
+ # Those who are restricted by section are allowed to view.
+ # The routines in lonstatistics which decide which students'
+ # will be shown take care of the restriction by section.
+ }
#
# Only those able to view others grades will be allowed to continue
# if they are not requesting their own.
- if (($sheettype eq 'classcalc') ||
- ($name ne $ENV{'user.name'} ) ||
- ($domain ne $ENV{'user.domain'})) {
+ if ($sheettype eq 'classcalc') {
if (! $allowed_to_view) {
$r->print('<h1>Access Permission Denied</h1>'.
'</form></body></html>');
return OK;
}
}
+ if ((($name ne $ENV{'user.name'} ) ||
+ ($domain ne $ENV{'user.domain'})) && $sheettype ne 'classcalc') {
+ # Check that the student is in their section?
+ if (exists($ENV{'request.course.sec'}) &&
+ $ENV{'request.course.sec'} ne '' ) {
+ my $stu_sec = &Apache::lonnet::usection($domain,$name,
+ $ENV{'request.course.id'});
+ if ($stu_sec ne $ENV{'request.course.sec'}) {
+ $r->print
+ ('<h1>The student requested is not in your section.</h1>'.
+ '</form></body></html>');
+ return OK;
+ }
+ }
+ }
+
#
# Header....
#
@@ -376,7 +398,8 @@
}
$r->print('<table><tr><td>'.$spreadsheet->html_header().'</td>'.
'<td valign="bottom">'.$html."</td></tr></table>\n");
- $r->print(<<END);
+ if ($action_message ne '') {
+ $r->print(<<END);
<table>
<tr><td valign="top"><b>Last Action:</b></td>
<td> </td>
@@ -384,6 +407,7 @@
</tr>
</table>
END
+ }
$r->rflush();
} else {
$r->print('<table><tr><td>'.$spreadsheet->html_header().