[LON-CAPA-cvs] cvs: loncom /lonnet/perl lonnet.pm
raeburn
lon-capa-cvs-allow@mail.lon-capa.org
Fri, 21 Dec 2007 04:14:24 -0000
raeburn Thu Dec 20 23:14:24 2007 EDT
Modified files:
/loncom/lonnet/perl lonnet.pm
Log:
Custom Editor permits 'cst' privilege to be assigned to custom roles (which can be section-specific).
- need to provide privilege checking in &assignrole() which can check &allowed()
for section-specific roles.
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.931 loncom/lonnet/perl/lonnet.pm:1.932
--- loncom/lonnet/perl/lonnet.pm:1.931 Fri Dec 7 19:28:27 2007
+++ loncom/lonnet/perl/lonnet.pm Thu Dec 20 23:14:24 2007
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.931 2007/12/08 00:28:27 albertel Exp $
+# $Id: lonnet.pm,v 1.932 2007/12/21 04:14:24 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -5250,11 +5250,21 @@
} else {
my $cwosec=$url;
$cwosec=~s/^\/($match_domain)\/($match_courseid)\/.*/$1\/$2/;
- unless ((&allowed('c'.$role,$cwosec)) || &allowed('c'.$role,$udom)) {
- &logthis('Refused assignrole: '.
- $udom.' '.$uname.' '.$url.' '.$role.' '.$end.' '.$start.' by '.
- $env{'user.name'}.' at '.$env{'user.domain'});
- return 'refused';
+ if (!(&allowed('c'.$role,$cwosec)) && !(&allowed('c'.$role,$udom))) {
+ my $refused;
+ if (($env{'request.course.sec'} ne '') && ($role eq 'st')) {
+ if (!(&allowed('c'.$role,$url))) {
+ $refused = 1;
+ }
+ } else {
+ $refused = 1;
+ }
+ if ($refused) {
+ &logthis('Refused assignrole: '.$udom.' '.$uname.' '.$url.
+ ' '.$role.' '.$end.' '.$start.' by '.
+ $env{'user.name'}.' at '.$env{'user.domain'});
+ return 'refused';
+ }
}
$mrole=$role;
}