[LON-CAPA-cvs] cvs: loncom /interface lonwhatsnew.pm

albertel lon-capa-cvs@mail.lon-capa.org
Fri, 06 Jan 2006 21:52:20 -0000


albertel		Fri Jan  6 16:52:20 2006 EDT

  Modified files:              
    /loncom/interface	lonwhatsnew.pm 
  Log:
  - checkallowed now also checks for section based priv
      - set <boxname>_section to section if priv is section scoped
  - need to return HTTP_NOT_AUTHORIZED before sending the http headers
  
  
Index: loncom/interface/lonwhatsnew.pm
diff -u loncom/interface/lonwhatsnew.pm:1.43 loncom/interface/lonwhatsnew.pm:1.44
--- loncom/interface/lonwhatsnew.pm:1.43	Fri Jan  6 16:04:34 2006
+++ loncom/interface/lonwhatsnew.pm	Fri Jan  6 16:52:19 2006
@@ -1,5 +1,5 @@
 #
-# $Id: lonwhatsnew.pm,v 1.43 2006/01/06 21:04:34 albertel Exp $
+# $Id: lonwhatsnew.pm,v 1.44 2006/01/06 21:52:19 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -58,28 +58,36 @@
     my $command = $env{'form.command'};
     my $refpage = $env{'form.refpage'};
 
-    &Apache::loncommon::content_type($r,'text/html');
-    $r->send_http_header;
+    my %checkallowed = ( coursenormalmail => 1,
+			 coursecritmail => 1, );
+    foreach my $perm_check (['whn','whatsnew',1],
+			    ['pch','coursediscussion',1],
+			    ['mgr','handgrading',1],
+			    ['vgr','abovethreshold',1],
+			    ['opa','haserrors',1],
+			    ['mdc','versionchanges',0],
+			    ) {
+	my ($perm,$key,$check_section) = @{ $perm_check };
+	my $scope = $env{'request.course.id'};
+	if (!($checkallowed{$key} = &Apache::lonnet::allowed($perm,$scope))) {
+	    $scope .= '/'.$env{'request.course.sec'};
+	    if ( $check_section ) {
+		$checkallowed{$key} = &Apache::lonnet::allowed($perm,$scope);
+	    }
+	    if ($checkallowed{$key}) {
+		$checkallowed{$key.'_section'} = $env{'request.course.sec'};
+	    }
+	}
+    }
 
-    if ( ! $env{'request.course.fn'} 
-	 ||
-	 (!( &Apache::lonnet::allowed('whn',$env{'request.course.id'})
-	     || &Apache::lonnet::allowed('whn',$env{'request.course.id'}
-					 .'/'.$env{'request.course.sec'})))) {
+    if ( ! $env{'request.course.fn'} || ! $checkallowed{'whatsnew'}) {
         # Not in a course, or no whn priv in course
         $env{'user.error.msg'}="/adm/whatsnew::whn:0:0:Cannot display what's new page";
         return HTTP_NOT_ACCEPTABLE;
     }
 
-    my %checkallowed = (
-             coursediscussion => &Apache::lonnet::allowed('pch',$env{'request.course.id'}),
-             handgrading => &Apache::lonnet::allowed('mgr',$env{'request.course.id'}),
-             abovethreshold => &Apache::lonnet::allowed('vgr',$env{'request.course.id'}),
-             haserrors => &Apache::lonnet::allowed('opa',$env{'request.course.id'}),
-             versionchanges => &Apache::lonnet::allowed('opa',$env{'request.course.id'}),
-             coursenormalmail => 1,
-             coursecritmail => 1,
-    );
+    &Apache::loncommon::content_type($r,'text/html');
+    $r->send_http_header;
 
     $r->print(&display_header($command,\%checkallowed));
 
@@ -87,19 +95,19 @@
     &Apache::lonhtmlcommon::add_breadcrumb
             ({href=>'/adm/whatsnew',
               text=>"Display Action Items"});
-    if (($command eq 'chgthreshold') && (&Apache::lonnet::allowed('vgr',$env{'request.course.id'}))) {
+    if (($command eq 'chgthreshold') && $checkallowed{'abovethreshold'}) {
         &Apache::lonhtmlcommon::add_breadcrumb
             ({href=>'/adm/whatsnew?command=chgthreshold&refpage='.$refpage,
               text=>"Change thresholds"});
         $r->print(&Apache::lonhtmlcommon::breadcrumbs
             (undef,"What's New?",'Course_Action_Items_Thresholds'));
-    } elsif (($command eq 'chginterval') && (&Apache::lonnet::allowed('vgr',$env{'request.course.id'}))) {
+    } elsif (($command eq 'chginterval') && $checkallowed{'versionchanges'} ) {
         &Apache::lonhtmlcommon::add_breadcrumb
             ({href=>'/adm/whatsnew?command=chginterval&refpage='.$refpage,
               text=>"Change interval"});
         $r->print(&Apache::lonhtmlcommon::breadcrumbs
             (undef,"What's New?",'Course_Action_Items_Intervals'));
-    } elsif (($command eq 'chgdisc') && (&Apache::lonnet::allowed('pch',$env{'request.course.id'}))) {
+    } elsif (($command eq 'chgdisc') && $checkallowed{'coursediscussion'}) {
         &Apache::lonhtmlcommon::add_breadcrumb
             ({href=>'/adm/whatsnew?command=chgdisc&refpage='.$refpage,
               text=>"Change discussion display"});
@@ -154,15 +162,15 @@
     my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
     my $crs = $env{'course.'.$env{'request.course.id'}.'.num'};
 
-    if (($command eq 'chgthreshold') && 
-               (&Apache::lonnet::allowed('vgr',$env{'request.course.id'}))) {
+    if (($command eq 'chgthreshold') 
+	&& $checkallowed->{'abovethreshold'}) {
         &display_threshold_config($r,$refpage,$tabbg,\%threshold_titles,
                                                                    $cdom,$crs);
-    } elsif (($command eq 'chginterval') && 
-               (&Apache::lonnet::allowed('opa',$env{'request.course.id'}))) {
+    } elsif (($command eq 'chginterval') 
+	     && $checkallowed->{'versionchanges'}) {
         &display_interval_config($r,$refpage,\%interval_titles);
-    } elsif (($command eq 'chgdisc') && 
-               (&Apache::lonnet::allowed('pch',$env{'request.course.id'}))) {
+    } elsif (($command eq 'chgdisc') 
+	     && $checkallowed->{'coursediscussion'}) {
         &display_discussion_config($r,$refpage);
     } elsif ($command eq 'courseinit') {
         &courseinit_config($r,$refpage,\%initpage);
@@ -202,6 +210,7 @@
 function changeAll(change) {
 END
         foreach my $item (keys(%{$checkallowed})) {
+	    if ($item =~ /_section$/) { next; }
             if ($$checkallowed{$item}) {
                 $scripttag.='document.visible.display_'.$item.'.value=change'.
                             "\n";
@@ -365,6 +374,7 @@
     my @actionorder = ('handgrading','haserrors','abovethreshold','versionchanges','coursediscussion','coursenormalmail','coursecritmail');
 
     foreach my $key (keys(%{$checkallowed})) {
+	if ($key =~ /_section$/) { next; }
         $show{$key} = 0;
         if ($$checkallowed{$key}) {
             unless ($display_settings{$cid.':'.$key} eq 'hide') {
@@ -396,6 +406,7 @@
      &nbsp;&nbsp;<a href="javascript:changeAll('show');">$lt{'shal'}</a>
      <form method="post" name="visible" action="/adm/whatsnew">\n|);
     foreach my $item (keys(%{$checkallowed})) {
+	if ($item =~ /_section$/) { next; }
         if ($$checkallowed{$item}) {
             $r->print('<input type="hidden" name="display_'.$item.'" />'."\n");
         }
@@ -406,6 +417,8 @@
     my $displayed = 0;
     my $totalboxes = 0;
     foreach my $key (keys(%{$checkallowed})) {
+	if ($key =~ /_section$/) { next; }
+	if ($key eq 'whatsnew' ) { next; } # whatsnew check creates no box
         if ($$checkallowed{$key}) {
             $totalboxes ++;
         }
@@ -1416,6 +1429,7 @@
     my %whatsnew_settings;
     my $result;
     foreach my $key (keys(%{$checkallowed})) {
+	if ($key =~ /_section$/) { next; }
         if (exists($env{'form.display_'.$key})) {
             unless ($env{'form.display_'.$key} eq '') {
                 $whatsnew_settings{$cid.':'.$key} = $env{'form.display_'.$key};