[LON-CAPA-cvs] cvs: loncom /auth roles.tab /interface loncreateuser.pm /lonnet/perl lonnet.pm
albertel
lon-capa-cvs@mail.lon-capa.org
Fri, 17 Jun 2005 21:04:42 -0000
albertel Fri Jun 17 17:04:42 2005 EDT
Modified files:
/loncom/interface loncreateuser.pm
/loncom/lonnet/perl lonnet.pm
/loncom/auth roles.tab
Log:
- bug #4073, DC can revoke CA roles of the same domain of the DC role
(it has been tested so that it continues that AU can't revoke other CA roles (BUG#599))
Index: loncom/interface/loncreateuser.pm
diff -u loncom/interface/loncreateuser.pm:1.103 loncom/interface/loncreateuser.pm:1.104
--- loncom/interface/loncreateuser.pm:1.103 Sun Jun 5 20:07:43 2005
+++ loncom/interface/loncreateuser.pm Fri Jun 17 17:04:40 2005
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Create a user
#
-# $Id: loncreateuser.pm,v 1.103 2005/06/06 00:07:43 albertel Exp $
+# $Id: loncreateuser.pm,v 1.104 2005/06/17 21:04:40 albertel Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -108,10 +108,7 @@
sub authorpriv {
my ($auname,$audom)=@_;
- if (($auname ne $env{'user.name'}) ||
- (($audom ne $env{'user.domain'}) &&
- ($audom ne $env{'request.role.domain'}))) { return ''; }
- unless (&Apache::lonnet::allowed('cca',$audom)) { return ''; }
+ unless (&Apache::lonnet::allowed('cca',$audom.'/'.$auname)) { return ''; }
return 1;
}
@@ -1553,7 +1550,7 @@
(&Apache::lonnet::allowed('cin',$env{'request.course.id'})) ||
(&Apache::lonnet::allowed('ccr',$env{'request.course.id'})) ||
(&Apache::lonnet::allowed('cep',$env{'request.course.id'})) ||
- (&Apache::lonnet::allowed('cca',$env{'request.role.domain'})) ||
+ (&authorpriv($env{'user.name'},$env{'request.role.domain'})) ||
(&Apache::lonnet::allowed('mau',$env{'request.role.domain'}))) {
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.641 loncom/lonnet/perl/lonnet.pm:1.642
--- loncom/lonnet/perl/lonnet.pm:1.641 Fri Jun 17 13:09:59 2005
+++ loncom/lonnet/perl/lonnet.pm Fri Jun 17 17:04:40 2005
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.641 2005/06/17 17:09:59 albertel Exp $
+# $Id: lonnet.pm,v 1.642 2005/06/17 21:04:40 albertel Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -2969,6 +2969,12 @@
# If this is generating or modifying users, exit with special codes
if (':csu:cdc:ccc:cin:cta:cep:ccr:cst:cad:cli:cau:cdg:cca:'=~/\:\Q$priv\E\:/) {
+ if ($priv eq 'cca') {
+ my ($audom,$auname)=split('/',$uri);
+ if (($auname ne $env{'user.name'} && $env{'request.role'} !~ /^dc\./) ||
+ (($audom ne $env{'user.domain'} && $env{'request.role'} !~ /^dc\./) &&
+ ($audom ne $env{'request.role.domain'}))) { return ''; }
+ }
return $thisallowed;
}
#
Index: loncom/auth/roles.tab
diff -u loncom/auth/roles.tab:1.33 loncom/auth/roles.tab:1.34
--- loncom/auth/roles.tab:1.33 Mon Jan 31 17:27:41 2005
+++ loncom/auth/roles.tab Fri Jun 17 17:04:41 2005
@@ -1,6 +1,6 @@
su:s csu&U:sma:mau:cdc&U:dro:psa:adv
dc:s bre:sma:adv
-dc:d cli&UIK:cau&U:cdg&UIK:mau:ccc&U:cin&UIK:cta&UIK:cep&UIK:ccr&UIK:cst&UIK:cad&UIK:csc&UIK:dro:mky:psa:usc
+dc:d cli&UIK:cau&UIK:cca&UIK:cdg&UIK:mau:ccc&U:cin&UIK:cta&UIK:cep&UIK:ccr&UIK:cst&UIK:cad&UIK:csc&UIK:dro:mky:psa:usc
cc:s bre:sma:mcr:vsa:adv:vcl
cc:c cin&IK:cta&IK:cep&IK:ccr&IK:cst&IK:are:cre:ere:vgr:gan:srm:opa:mgr:rin:pch:plc:mdc:usc:vsa:vcl
in:s sma:vgr:mgr:adv:vcl