[LON-CAPA-cvs] cvs: loncom /interface loncommon.pm loncreateuser.pm
raeburn
lon-capa-cvs-allow@mail.lon-capa.org
Wed, 19 Sep 2007 06:24:27 -0000
This is a MIME encoded message
--raeburn1190183067
Content-Type: text/plain
raeburn Wed Sep 19 02:24:27 2007 EDT
Modified files:
/loncom/interface loncommon.pm loncreateuser.pm
Log:
Phasing out filesystem authentication as a method to which existing users can be switched.
Remove warning about when to use filesystem authentication
Only show authentication options which are assignable given the domain and context (controlled by domain prefs).
Only show select bx for setting home server when creating user if there is more than one library server in the domain.
loncommon::home_server_option_list renamed loncommon:: home_server_form_item - additional options now included
--raeburn1190183067
Content-Type: text/plain
Content-Disposition: attachment; filename="raeburn-20070919022427.txt"
Index: loncom/interface/loncommon.pm
diff -u loncom/interface/loncommon.pm:1.585 loncom/interface/loncommon.pm:1.586
--- loncom/interface/loncommon.pm:1.585 Wed Sep 12 19:32:59 2007
+++ loncom/interface/loncommon.pm Wed Sep 19 02:24:26 2007
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# a pile of common routines
#
-# $Id: loncommon.pm,v 1.585 2007/09/12 23:32:59 raeburn Exp $
+# $Id: loncommon.pm,v 1.586 2007/09/19 06:24:26 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -1511,24 +1511,68 @@
=pod
-=item * home_server_option_list($domain)
+=item * home_server_form_item($domain,$name,$defaultflag)
-returns a string which contains an <option> list to be used in a
-<select> form input. See loncreateuser.pm for an example.
+input: 4 arguments (two required, two optional) -
+ $domain - domain of new user
+ $name - name of form element
+ $default - Value of 'default' causes a default item to be first
+ option, and selected by default.
+ $hide - Value of 'hide' causes hiding of the name of the server,
+ if 1 server found, or default, if 0 found.
+output: returns 1 items:
+(a) form element which contains either:
+ (i) <select name="$name">
+ <option value="$hostid1">$hostid $servers{$hostid}</option>
+ <option value="$hostid2">$hostid $servers{$hostid}</option>
+ </select>
+ form item if there are multiple library servers in $domain, or
+ (ii) an <input type="hidden" name="$name" value="$hostid" /> form item
+ if there is only one library server in $domain.
+
+(b) number of library servers found.
+
+See loncreateuser.pm for example of use.
=cut
#-------------------------------------------
-sub home_server_option_list {
- my $domain = shift;
+sub home_server_form_item {
+ my ($domain,$name,$default,$hide) = @_;
my %servers = &Apache::lonnet::get_servers($domain,'library');
- my $result = '';
- foreach my $hostid (sort(keys(%servers))) {
- $result.=
- '<option value="'.$hostid.'">'.
- $hostid.' '.$servers{$hostid}."</option>\n";
+ my $result;
+ my $numlib = keys(%servers);
+ if ($numlib > 1) {
+ $result .= '<select name="'.$name.'" />'."\n";
+ if ($default) {
+ $result .= '<option value="default" selected>'.&mt('default').
+ '</option>'."\n";
+ }
+ foreach my $hostid (sort(keys(%servers))) {
+ $result.= '<option value="'.$hostid.'">'.
+ $hostid.' '.$servers{$hostid}."</option>\n";
+ }
+ $result .= '</select>'."\n";
+ } elsif ($numlib == 1) {
+ my $hostid;
+ foreach my $item (keys(%servers)) {
+ $hostid = $item;
+ }
+ $result .= '<input type="hidden" name="'.$name.'" value="'.
+ $hostid.'" />';
+ if (!$hide) {
+ $result .= $hostid.' '.$servers{$hostid};
+ }
+ $result .= "\n";
+ } elsif ($default) {
+ $result .= '<input type="hidden" name="'.$name.
+ '" value="default" />';
+ if (!$hide) {
+ $result .= &mt('default');
+ }
+ $result .= "\n";
}
- return $result;
+ return ($result,$numlib);
}
=pod
@@ -1776,11 +1820,17 @@
kerb_def_dom => 'MSU.EDU',
@_,
);
- my $result = '<label>'.&mt('[_1] Do not change login data',
- '<input type="radio" name="login" value="nochange" '.
- 'checked="checked" onclick="'.
+ my ($authnum,%can_assign) = &get_assignable_auth($in{'domain'});
+ my $result;
+ if (keys(%can_assign) == 0) {
+ $result = &mt('Under you current role you are not permitted to change login settings for this user');
+ } else {
+ $result = '<label>'.&mt('[_1] Do not change login data',
+ '<input type="radio" name="login" value="nochange" '.
+ 'checked="checked" onclick="'.
"javascript:changed_radio('nochange',$in{'formname'});".'" />').
'</label>';
+ }
return $result;
}
@@ -1791,64 +1841,132 @@
kerb_def_auth => 'krb4',
@_,
);
- my ($check4,$check5,$krbarg);
+ my ($check4,$check5,$krbcheck,$krbarg,$krbver,$result,$authtype,
+ $autharg,$jscall);
+ my ($authnum,%can_assign) = &get_assignable_auth($in{'domain'});
if ($in{'kerb_def_auth'} eq 'krb5') {
- $check5 = " checked=\"on\"";
+ $check5 = ' checked="on"';
} else {
- $check4 = " checked=\"on\"";
+ $check4 = ' checked="on"';
}
$krbarg = $in{'kerb_def_dom'};
-
- my $krbcheck = "";
- if ( grep/^curr_authtype$/,(keys %in) ) {
- if ($in{'curr_authtype'} =~ m/^krb/) {
- $krbcheck = " checked=\"on\"";
- if ( grep/^curr_autharg$/,(keys %in) ) {
+ if (grep(/^curr_authtype$/,(keys(%in)))) {
+ if ($in{'curr_authtype'} =~ m/^krb(\d+)$/) {
+ $krbver = $1;
+ $krbcheck = ' checked="on"';
+ if ($krbver eq '5') {
+ $check5 = ' checked="on"';
+ $check4 = '';
+ } else {
+ $check4 = ' checked="on"';
+ $check5 = '';
+ }
+ if (grep(/^curr_autharg$/,(keys(%in)))) {
$krbarg = $in{'curr_autharg'};
}
+ if (!$can_assign{'krb4'} && !$can_assign{'krb5'}) {
+ if (grep(/^curr_autharg$/,(keys(%in)))) {
+ $result =
+ &mt('Currently Kerberos authenticated with domain [_1] Version [_2].',
+ $in{'curr_autharg'},$krbver);
+ } else {
+ $result =
+ &mt('Currently Kerberos authenticated, Version [_1].',$krbver);
+ }
+ return $result;
+ }
+ }
+ } else {
+ if ($authnum == 1) {
+ $authtype = '<input type="hidden" name="login" value="krb">';
}
}
-
- my $jscall = "javascript:changed_radio('krb',$in{'formname'});";
- my $result .= &mt
+ if (!$can_assign{'krb4'} && !$can_assign{'krb5'}) {
+ return;
+ }
+ $jscall = "javascript:changed_radio('krb',$in{'formname'});";
+ if ($authtype eq '') {
+ $authtype = '<input type="radio" name="login" value="krb" '.
+ 'onclick="'.$jscall.'" onchange="'.$jscall.'"'.
+ $krbcheck.' />';
+ }
+ if (($can_assign{'krb4'} && $can_assign{'krb5'}) ||
+ ($can_assign{'krb4'} && !$can_assign{'krb5'} &&
+ $in{'curr_authtype'} eq 'krb5') ||
+ (!$can_assign{'krb4'} && $can_assign{'krb5'} &&
+ $in{'curr_authtype'} eq 'krb4')) {
+ $result .= &mt
('[_1] Kerberos authenticated with domain [_2] '.
'[_3] Version 4 [_4] Version 5 [_5]',
- '<label><input type="radio" name="login" value="krb" '.
- 'onclick="'.$jscall.'" onchange="'.$jscall.'"'.$krbcheck.' />',
+ '<label>'.$authtype,
'</label><input type="text" size="10" name="krbarg" '.
'value="'.$krbarg.'" '.
'onchange="'.$jscall.'" />',
'<label><input type="radio" name="krbver" value="4" '.$check4.' />',
'</label><label><input type="radio" name="krbver" value="5" '.$check5.' />',
'</label>');
+ } elsif ($can_assign{'krb4'}) {
+ $result .= &mt
+ ('[_1] Kerberos authenticated with domain [_2] '.
+ '[_3] Version 4 [_4]',
+ '<label>'.$authtype,
+ '</label><input type="text" size="10" name="krbarg" '.
+ 'value="'.$krbarg.'" '.
+ 'onchange="'.$jscall.'" />',
+ '<label><input type="hidden" name="krbver" value="4" />',
+ '</label>');
+ } elsif ($can_assign{'krb5'}) {
+ $result .= &mt
+ ('[_1] Kerberos authenticated with domain [_2] '.
+ '[_3] Version 5 [_4]',
+ '<label>'.$authtype,
+ '</label><input type="text" size="10" name="krbarg" '.
+ 'value="'.$krbarg.'" '.
+ 'onchange="'.$jscall.'" />',
+ '<label><input type="hidden" name="krbver" value="5" />',
+ '</label>');
+ }
return $result;
}
sub authform_internal{
- my %args = (
+ my %in = (
formname => 'document.cu',
kerb_def_dom => 'MSU.EDU',
@_,
);
-
- my $intcheck = "";
- my $intarg = 'value=""';
- if ( grep/^curr_authtype$/,(keys %args) ) {
- if ($args{'curr_authtype'} eq 'int') {
- $intcheck = " checked=\"on\"";
- if ( grep/^curr_autharg$/,(keys %args) ) {
- $intarg = "value=\"$args{'curr_autharg'}\"";
+ my ($intcheck,$intarg,$result,$authtype,$autharg,$jscall);
+ my ($authnum,%can_assign) = &get_assignable_auth($in{'domain'});
+ if (grep(/^curr_authtype$/,(keys(%in)))) {
+ if ($in{'curr_authtype'} eq 'internal:') {
+ if ($can_assign{'int'}) {
+ $intcheck = 'checked="on" ';
+ if (grep(/^curr_autharg$/,(keys(%in)))) {
+ $intarg = $in{'curr_autharg'};
+ }
+ } else {
+ $result = &mt('Currently internally authenticated.');
+ return $result;
}
}
+ } else {
+ if ($authnum == 1) {
+ $authtype = '<input type="hidden" name="login" value="int">';
+ }
}
-
- my $jscall = "javascript:changed_radio('int',$args{'formname'});";
- my $result.=&mt
+ if (!$can_assign{'int'}) {
+ return;
+ }
+ $jscall = "javascript:changed_radio('int',$in{'formname'});";
+ if ($authtype eq '') {
+ $authtype = '<input type="radio" name="login" value="int" '.$intcheck.
+ ' onchange="'.$jscall.'" onclick="'.$jscall.'" />';
+ }
+ $autharg = '<input type="text" size="10" name="intarg" value="'.
+ $intarg.'" onchange="'.$jscall.'" />';
+ $result = &mt
('[_1] Internally authenticated (with initial password [_2])',
- '<label><input type="radio" name="login" value="int" '.$intcheck.
- ' onchange="'.$jscall.'" onclick="'.$jscall.'" />',
- '</label><input type="text" size="10" name="intarg" '.$intarg.
- ' onchange="'.$jscall.'" />');
+ '<label>'.$authtype,'</label>'.$autharg);
return $result;
}
@@ -1858,24 +1976,38 @@
kerb_def_dom => 'MSU.EDU',
@_,
);
-
- my $loccheck = "";
- my $locarg = 'value=""';
- if ( grep/^curr_authtype$/,(keys %in) ) {
- if ($in{'curr_authtype'} eq 'loc') {
- $loccheck = " checked=\"on\"";
- if ( grep/^curr_autharg$/,(keys %in) ) {
- $locarg = "value=\"$in{'curr_autharg'}\"";
+ my ($loccheck,$locarg,$result,$authtype,$autharg,$jscall);
+ my ($authnum,%can_assign) = &get_assignable_auth($in{'domain'});
+ if (grep(/^curr_authtype$/,(keys(%in)))) {
+ if ($in{'curr_authtype'} eq 'localauth:') {
+ if ($can_assign{'loc'}) {
+ $loccheck = 'checked="on" ';
+ if (grep(/^curr_autharg$/,(keys(%in)))) {
+ $locarg = $in{'curr_autharg'};
+ }
+ } else {
+ $result = &mt('Currently using local (institutional) authentication.');
+ return $result;
}
}
+ } else {
+ if ($authnum == 1) {
+ $authtype = '<input type="hidden" name="login" value="loc">';
+ }
}
-
- my $jscall = "javascript:changed_radio('loc',$in{'formname'});";
- my $result.=&mt('[_1] Local Authentication with argument [_2]',
- '<label><input type="radio" name="login" value="loc" '.$loccheck.
- ' onchange="'.$jscall.'" onclick="'.$jscall.'" />',
- '</label><input type="text" size="10" name="locarg" '.$locarg.
- ' onchange="'.$jscall.'" />');
+ if (!$can_assign{'loc'}) {
+ return;
+ }
+ $jscall = "javascript:changed_radio('loc',$in{'formname'});";
+ if ($authtype eq '') {
+ $authtype = '<input type="radio" name="login" value="loc" '.
+ $loccheck.' onchange="'.$jscall.'" onclick="'.
+ $jscall.'" />';
+ }
+ $autharg = '<input type="text" size="10" name="locarg" value="'.
+ $locarg.'" onchange="'.$jscall.'" />';
+ $result = &mt('[_1] Local Authentication with argument [_2]',
+ '<label>'.$authtype,'</label>'.$autharg);
return $result;
}
@@ -1885,16 +2017,85 @@
kerb_def_dom => 'MSU.EDU',
@_,
);
- my $jscall = "javascript:changed_radio('fsys',$in{'formname'});";
- my $result.= &mt
+ my ($fsyscheck,$result,$authtype,$autharg,$jscall);
+ my ($authnum,%can_assign) = &get_assignable_auth($in{'domain'});
+ if (grep(/^curr_authtype$/,(keys(%in)))) {
+ if ($in{'curr_authtype'} eq 'unix:') {
+ if ($can_assign{'fsys'}) {
+ $fsyscheck = 'checked="on" ';
+ } else {
+ $result = &mt('Currently Filesystem Authenticated.');
+ return $result;
+ }
+ }
+ } else {
+ if ($authnum == 1) {
+ $authtype = '<input type="hidden" name="login" value="fsys">';
+ }
+ }
+ if (!$can_assign{'fsys'}) {
+ return;
+ }
+ $jscall = "javascript:changed_radio('fsys',$in{'formname'});";
+ if ($authtype eq '') {
+ $authtype = '<input type="radio" name="login" value="fsys" '.
+ $fsyscheck.' onchange="'.$jscall.'" onclick="'.
+ $jscall.'" />';
+ }
+ $autharg = '<input type="text" size="10" name="fsysarg" value=""'.
+ ' onchange="'.$jscall.'" />';
+ $result = &mt
('[_1] Filesystem Authenticated (with initial password [_2])',
'<label><input type="radio" name="login" value="fsys" '.
- 'onchange="'.$jscall.'" onclick="'.$jscall.'" />',
+ $fsyscheck.'onchange="'.$jscall.'" onclick="'.$jscall.'" />',
'</label><input type="text" size="10" name="fsysarg" value="" '.
'onchange="'.$jscall.'" />');
return $result;
}
+sub get_assignable_auth {
+ my ($dom) = @_;
+ if ($dom eq '') {
+ $dom = $env{'request.role.domain'};
+ }
+ my %can_assign = (
+ krb4 => 1,
+ krb5 => 1,
+ int => 1,
+ loc => 1,
+ );
+ my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$dom);
+ if (ref($domconfig{'usercreation'}) eq 'HASH') {
+ if (ref($domconfig{'usercreation'}{'authtypes'}) eq 'HASH') {
+ my $authhash = $domconfig{'usercreation'}{'authtypes'};
+ my $context;
+ if ($env{'request.role'} =~ /^au/) {
+ $context = 'author';
+ } elsif ($env{'request.role'} =~ /^dc/) {
+ $context = 'domain';
+ } elsif ($env{'request.course.id'}) {
+ $context = 'course';
+ }
+ if ($context) {
+ if (ref($authhash->{$context}) eq 'HASH') {
+ %can_assign = %{$authhash->{$context}};
+ }
+ }
+ }
+ }
+ my $authnum = 0;
+ foreach my $key (keys(%can_assign)) {
+ if ($can_assign{$key}) {
+ $authnum ++;
+ }
+ }
+ if ($can_assign{'krb4'} && $can_assign{'krb5'}) {
+ $authnum --;
+ }
+ return ($authnum,%can_assign);
+}
+
+
###############################################################
## Get Authentication Defaults for Domain ##
###############################################################
@@ -2020,7 +2221,7 @@
# Remove special values from %Keywords.
foreach my $value ('total.count','average.count') {
delete($Keywords{$value}) if (exists($Keywords{$value}));
- }
+ }
return 1;
}
Index: loncom/interface/loncreateuser.pm
diff -u loncom/interface/loncreateuser.pm:1.186 loncom/interface/loncreateuser.pm:1.187
--- loncom/interface/loncreateuser.pm:1.186 Tue Sep 18 19:57:15 2007
+++ loncom/interface/loncreateuser.pm Wed Sep 19 02:24:26 2007
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Create a user
#
-# $Id: loncreateuser.pm,v 1.186 2007/09/18 23:57:15 raeburn Exp $
+# $Id: loncreateuser.pm,v 1.187 2007/09/19 06:24:26 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -68,7 +68,6 @@
use LONCAPA qw(:DEFAULT :match);
my $loginscript; # piece of javascript used in two separate instances
-my $generalrule;
my $authformnop;
my $authformkrb;
my $authformint;
@@ -76,14 +75,18 @@
my $authformloc;
sub initialize_authen_forms {
+ my ($dom,$curr_authtype) = @_;
my ($krbdefdom)=( $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/);
$krbdefdom= uc($krbdefdom);
my %param = ( formname => 'document.cu',
- kerb_def_dom => $krbdefdom
- );
+ kerb_def_dom => $krbdefdom,
+ domain => $dom,
+ );
+ if ($curr_authtype =~ /^(krb4|krb5|internal|localauth|unix):$/) {
+ $param{'curr_authtype'} = $curr_authtype;
+ }
# no longer static due to configurable kerberos defaults
# $loginscript = &Apache::loncommon::authform_header(%param);
- $generalrule = &Apache::loncommon::authform_authorwarning(%param);
$authformnop = &Apache::loncommon::authform_nochange(%param);
# no longer static due to configurable kerberos defaults
# $authformkrb = &Apache::loncommon::authform_kerberos(%param);
@@ -425,7 +428,7 @@
&print_username_entry_form($r,$usermsg);
return;
}
- my ($instsrch,$rulematch,$rules,%inst_results);
+ my ($curr_authtype,$instsrch,$rulematch,$rules,%inst_results);
my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain);
if ($uhome eq 'no_host') {
$instsrch =
@@ -442,6 +445,9 @@
&print_username_entry_form($r,$usercheckmsg);
return;
}
+ } else {
+ $curr_authtype =
+ &Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
}
if ($response) {
$response = '<br />'.$response
@@ -453,7 +459,9 @@
my %param = ( formname => 'document.cu',
kerb_def_dom => $krbdefdom,
- kerb_def_auth => $krbdef
+ kerb_def_auth => $krbdef,
+ curr_authtype => $curr_authtype,
+ domain => $ccdomain,
);
$loginscript = &Apache::loncommon::authform_header(%param);
$authformkrb = &Apache::loncommon::authform_kerberos(%param);
@@ -701,10 +709,6 @@
}
}
if ($uhome eq 'no_host') {
- my $home_server_list=
- '<option value="default" selected>default</option>'."\n".
- &Apache::loncommon::home_server_option_list($ccdomain);
-
my %lt=&Apache::lonlocal::texthash(
'cnu' => "Create New User",
'nu' => "New User",
@@ -742,14 +746,13 @@
$portfolioform = &portfolio_quota($ccuname,$ccdomain);
}
my $genhelp=&Apache::loncommon::help_open_topic('Generation');
- &initialize_authen_forms();
+ &initialize_authen_forms($ccdomain);
$r->print(<<ENDTITLE);
$start_page
$crumbs
-<h1>$lt{'cnu'}</h1>
$response
$forminfo
-<h2>$lt{'nu'} "$ccuname" $lt{'ind'} $ccdomain</h2>
+<h2>$lt{'cnu'} "$ccuname" $lt{'ind'} $ccdomain</h2>
<script type="text/javascript" language="Javascript">
$loginscript
</script>
@@ -772,20 +775,25 @@
$r->print(&Apache::lonhtmlcommon::row_closure(1));
}
$r->print(&Apache::lonhtmlcommon::end_pick_box());
- $r->print(<<ENDNEWUSER);
-<br />
-$lt{'hs'}: <select name="hserver" size="1"> $home_server_list </select>
+ my ($home_server_pick,$numlib) =
+ &Apache::loncommon::home_server_form_item($ccdomain,'hserver',
+ 'default','hide');
+ if ($numlib > 1) {
+ $r->print("
<br />
-<hr />
-<h3>$lt{'lg'}</h3>
-ENDNEWUSER
+$lt{'hs'}: $home_server_pick
+<br />");
+ } else {
+ $r->print($home_server_pick);
+ }
+ $r->print("<hr />\n".'<h3>'.$lt{'lg'}.'</h3>');
my ($fixedauth,$varauth,$authmsg);
if ($rulematch) {
if (ref($rules) eq 'HASH') {
if (ref($rules->{$rulematch}) eq 'HASH') {
my $authtype = $rules->{$rulematch}{'authtype'};
if ($authtype !~ /^(krb4|krb5|int|fsys|loc)$/) {
- $r->print(&set_login());
+ $r->print(&set_login($ccdomain));
} else {
my $authparm = $rules->{$rulematch}{'authparm'};
if ($authtype =~ /^krb(4|5)$/) {
@@ -811,7 +819,7 @@
}
}
} else {
- $r->print(&set_login());
+ $r->print(&set_login($ccdomain));
}
}
if ($authmsg) {
@@ -822,16 +830,15 @@
ENDAUTH
}
} else {
- $r->print(&set_login());
- }
- $r->print(<<ENDPORT);
+ $r->print(&set_login($ccdomain));
+ }
+ $r->print(<<ENDPORT);
<hr />
$portfolioform
ENDPORT
} else { # user already exists
my %lt=&Apache::lonlocal::texthash(
- 'cup' => "Change User Privileges",
- 'usr' => "User",
+ 'cup' => "Change User Privileges for",
'id' => "in domain",
'fn' => "first name",
'mn' => "middle name",
@@ -842,9 +849,8 @@
$r->print(<<ENDCHANGEUSER);
$start_page
$crumbs
-<h1>$lt{'cup'}</h1>
$forminfo
-<h2>$lt{'usr'} "$ccuname" $lt{'id'} "$ccdomain"</h2>
+<h2>$lt{'cup'} "$ccuname" $lt{'id'} "$ccdomain"</h2>
ENDCHANGEUSER
# Get the users information
my %userenv =
@@ -1065,21 +1071,24 @@
$currentauth=~/^krb(4|5):(.*)/;
my $krbdefdom=$2;
my %param = ( formname => 'document.cu',
- kerb_def_dom => $krbdefdom
+ kerb_def_dom => $krbdefdom,
+ domain => $ccdomain,
+ curr_authtype => $currentauth,
);
$loginscript = &Apache::loncommon::authform_header(%param);
}
# Check for a bad authentication type
- if ($currentauth !~ /^(krb4|krb5|unix|internal|localauth):/) {
- # bad authentication scheme
+ if ($currentauth !~ /^(krb4|krb5|unix|internal|localauth):/) {
+ # bad authentication scheme
if (&Apache::lonnet::allowed('mau',$ccdomain)) {
- &initialize_authen_forms();
+ &initialize_authen_forms($ccdomain);
my %lt=&Apache::lonlocal::texthash(
'err' => "ERROR",
'uuas' => "This user has an unrecognized authentication scheme",
'sldb' => "Please specify login data below",
'ld' => "Login Data"
);
+ my $choices = &set_login($ccdomain);
$r->print(<<ENDBADAUTH);
<hr />
<script type="text/javascript" language="Javascript">
@@ -1088,11 +1097,7 @@
<font color='#ff0000'>$lt{'err'}:</font>
$lt{'uuas'} ($currentauth). $lt{'sldb'}.
<h3>$lt{'ld'}</h3>
-<p>$generalrule</p>
-<p>$authformkrb</p>
-<p>$authformint</p>
-<p>$authformfsys</p>
-<p>$authformloc</p>
+$choices
ENDBADAUTH
} else {
# This user is not allowed to modify the user's
@@ -1112,28 +1117,9 @@
} else { # Authentication type is valid
my $authformcurrent='';
my $authform_other='';
- &initialize_authen_forms();
- if ($currentauth=~/^krb(4|5):/) {
- $authformcurrent=$authformkrb;
- $authform_other="<p>$authformint</p>\n".
- "<p>$authformfsys</p><p>$authformloc</p>";
- }
- elsif ($currentauth=~/^internal:/) {
- $authformcurrent=$authformint;
- $authform_other="<p>$authformkrb</p>".
- "<p>$authformfsys</p><p>$authformloc</p>";
- }
- elsif ($currentauth=~/^unix:/) {
- $authformcurrent=$authformfsys;
- $authform_other="<p>$authformkrb</p>".
- "<p>$authformint</p><p>$authformloc;</p>";
- }
- elsif ($currentauth=~/^localauth:/) {
- $authformcurrent=$authformloc;
- $authform_other="<p>$authformkrb</p>".
- "<p>$authformint</p><p>$authformfsys</p>";
- }
- $authformcurrent.=' <i>(will override current values)</i><br />';
+ &initialize_authen_forms($ccdomain,$currentauth);
+ my ($authformcurrent,$authform_other,$can_modify) =
+ &modify_login_block($ccdomain,$currentauth);
if (&Apache::lonnet::allowed('mau',$ccdomain)) {
# Current user has login modification privileges
my %lt=&Apache::lonlocal::texthash(
@@ -1146,12 +1132,17 @@
$loginscript
</script>
<h3>$lt{'ccld'}</h3>
-<p>$generalrule</p>
-<p>$authformnop</p>
-<p>$authformcurrent</p>
-<h3>$lt{'enld'}</h3>
-$authform_other
+<p>$authformnop
ENDOTHERAUTHS
+ if ($can_modify) {
+ $r->print('</p><p>'.$authformcurrent.'</p>');
+ } else {
+ $r->print(' ('.$authformcurrent.')</p>');
+ }
+ if ($authform_other ne '') {
+ $r->print('<h3>'.$lt{'enld'}.'</h3>'."\n".
+ $authform_other);
+ }
} else {
if (&Apache::lonnet::allowed('mau',$env{'request.role.domain'})) {
my %lt=&Apache::lonlocal::texthash(
@@ -1170,7 +1161,7 @@
if (&Apache::lonnet::allowed('mpq',$ccdomain)) {
# Current user has quota modification privileges
$r->print(&portfolio_quota($ccuname,$ccdomain));
- } elsif (&Apache::lonnet::allowed('mpq',$env{'request.role.domain'})) {
+ } elsif (&Apache::lonnet::allowed('mpq',$env{'request.role.domain'})) {
my %lt=&Apache::lonlocal::texthash(
'dska' => "Disk space allocated to user's portfolio files",
'youd' => "You do not have privileges to modify the portfolio quota for this user.",
@@ -1295,16 +1286,85 @@
}
sub set_login {
- my $response = (<<ENDAUTH);
-<p>$generalrule </p>
-<p>$authformkrb </p>
-<p>$authformint </p>
-<p>$authformfsys</p>
-<p>$authformloc </p>
-ENDAUTH
+ my ($dom) = @_;
+ my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$dom);
+ my $response;
+ my ($authnum,%can_assign) =
+ &Apache::loncommon::get_assignable_auth($dom);
+ if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
+ $response .= "<p>$authformkrb </p>\n";
+ }
+ if ($can_assign{'int'}) {
+ $response .= "<p>$authformint </p>\n"
+ }
+ if ($can_assign{'loc'}) {
+ $response .= "<p>$authformloc </p>\n";
+ }
return $response;
}
+sub modify_login_block {
+ my ($dom,$currentauth) = @_;
+ my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$dom);
+ my ($authnum,%can_assign) =
+ &Apache::loncommon::get_assignable_auth($dom);
+ my ($authformcurrent,$authform_other,$show_override_msg);
+ if ($currentauth=~/^krb(4|5):/) {
+ $authformcurrent=$authformkrb;
+ if ($can_assign{'int'}) {
+ $authform_other = "<p>$authformint </p>\n"
+ }
+ if ($can_assign{'loc'}) {
+ $authform_other .= "<p>$authformloc </p>\n";
+ }
+ if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
+ $show_override_msg = 1;
+ }
+ } elsif ($currentauth=~/^internal:/) {
+ $authformcurrent=$authformint;
+ if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
+ $authform_other = "<p>$authformkrb </p>\n"
+ }
+ if ($can_assign{'loc'}) {
+ $authform_other .= "<p>$authformloc </p>\n";
+ }
+ if ($can_assign{'int'}) {
+ $show_override_msg = 1;
+ }
+ } elsif ($currentauth=~/^unix:/) {
+ $authformcurrent=$authformfsys;
+ if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
+ $authform_other = "<p>$authformkrb </p>\n"
+ }
+ if ($can_assign{'int'}) {
+ $authform_other .= "<p>$authformint </p>\n"
+ }
+ if ($can_assign{'loc'}) {
+ $authform_other .= "<p>$authformloc </p>\n";
+ }
+ if ($can_assign{'fsys'}) {
+ $show_override_msg = 1;
+ }
+ } elsif ($currentauth=~/^localauth:/) {
+ $authformcurrent=$authformloc;
+ if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
+ $authform_other = "<p>$authformkrb </p>\n"
+ }
+ if ($can_assign{'int'}) {
+ $authform_other .= "<p>$authformint </p>\n"
+ }
+ if ($can_assign{'loc'}) {
+ $show_override_msg = 1;
+ }
+ }
+ if ($show_override_msg) {
+ $authformcurrent.= ' <span class="LC_cusr_emph">'.
+ &mt('will override current values').
+ '</span><br />';
+ }
+ return ($authformcurrent,$authform_other,$show_override_msg);
+}
+
# ================================================================= Phase Three
sub update_user_data {
my ($r) = @_;
--raeburn1190183067--