[LON-CAPA-cvs] cvs: loncom /lonnet/perl lonnet.pm

raeburn lon-capa-cvs-allow@mail.lon-capa.org
Fri, 21 Dec 2007 04:14:24 -0000


raeburn		Thu Dec 20 23:14:24 2007 EDT

  Modified files:              
    /loncom/lonnet/perl	lonnet.pm 
  Log:
  Custom Editor permits 'cst' privilege to be assigned to custom roles (which can be section-specific).
  - need to provide privilege checking in &assignrole() which can check &allowed()
  for section-specific roles.
  
  
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.931 loncom/lonnet/perl/lonnet.pm:1.932
--- loncom/lonnet/perl/lonnet.pm:1.931	Fri Dec  7 19:28:27 2007
+++ loncom/lonnet/perl/lonnet.pm	Thu Dec 20 23:14:24 2007
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.931 2007/12/08 00:28:27 albertel Exp $
+# $Id: lonnet.pm,v 1.932 2007/12/21 04:14:24 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -5250,11 +5250,21 @@
     } else {
         my $cwosec=$url;
         $cwosec=~s/^\/($match_domain)\/($match_courseid)\/.*/$1\/$2/;
-        unless ((&allowed('c'.$role,$cwosec)) || &allowed('c'.$role,$udom)) { 
-           &logthis('Refused assignrole: '.
-             $udom.' '.$uname.' '.$url.' '.$role.' '.$end.' '.$start.' by '.
-		    $env{'user.name'}.' at '.$env{'user.domain'});
-           return 'refused'; 
+        if (!(&allowed('c'.$role,$cwosec)) && !(&allowed('c'.$role,$udom))) {
+            my $refused;
+            if (($env{'request.course.sec'}  ne '') && ($role eq 'st')) {
+                if (!(&allowed('c'.$role,$url))) {
+                    $refused = 1;
+                }
+            } else {
+                $refused = 1;
+            }
+            if ($refused) { 
+                &logthis('Refused assignrole: '.$udom.' '.$uname.' '.$url.
+                         ' '.$role.' '.$end.' '.$start.' by '.
+	  	         $env{'user.name'}.' at '.$env{'user.domain'});
+                return 'refused';
+            }
         }
         $mrole=$role;
     }