[LON-CAPA-cvs] cvs: loncom /interface/spreadsheet lonspreadsheet.pm
raeburn
raeburn at source.lon-capa.org
Mon Sep 26 08:15:39 EDT 2011
raeburn Mon Sep 26 12:15:39 2011 EDT
Modified files:
/loncom/interface/spreadsheet lonspreadsheet.pm
Log:
- Replace permission checking based on role (e.g., student) with
checking based on privileges.
- In cases where /adm/classcalc is requested, but role's privileges
prevent display:
- internal redirection to /adm/studentcalc, if current grading mechansim
is spreadsheet.
- internal redirection to /adm/quickgrades otherwise.
Index: loncom/interface/spreadsheet/lonspreadsheet.pm
diff -u loncom/interface/spreadsheet/lonspreadsheet.pm:1.58 loncom/interface/spreadsheet/lonspreadsheet.pm:1.59
--- loncom/interface/spreadsheet/lonspreadsheet.pm:1.58 Fri Dec 3 21:33:56 2010
+++ loncom/interface/spreadsheet/lonspreadsheet.pm Mon Sep 26 12:15:39 2011
@@ -1,5 +1,5 @@
#
-# $Id: lonspreadsheet.pm,v 1.58 2010/12/03 21:33:56 www Exp $
+# $Id: lonspreadsheet.pm,v 1.59 2011/09/26 12:15:39 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -218,15 +218,39 @@
$r->uri.":opa:0:0:Cannot modify spreadsheet";
return HTTP_NOT_ACCEPTABLE;
}
+ my ($sheettype) = ($r->uri=~/\/(\w+)$/);
my $courseid = $env{'request.course.id'};
+
+ ##
+ ## Check permissions
+ my $allowed_to_edit = &Apache::lonnet::allowed('mgr',
+ $env{'request.course.id'});
+ # Only those instructors/tas/whatevers with complete access
+ # (not section restricted) are able to modify spreadsheets.
+ my $allowed_to_view = &Apache::lonnet::allowed('vgr',
+ $env{'request.course.id'});
+ if (! $allowed_to_view) {
+ $allowed_to_view = &Apache::lonnet::allowed('vgr',
+ $env{'request.course.id'}.'/'.$env{'request.course.sec'});
+ # Those who are restricted by section are allowed to view.
+ # The routines in lonstatistics which decide which students'
+ # will be shown take care of the restriction by section.
+ }
+
#
- # Do not allow students to continue if standard or external grading is in
- # effect.
+ # Do not allow users without vgr or mgr priv to continue unless
+ # grading type is set to spreadsheet.
#
- if ($env{'request.role'} =~ /^st\./) {
- if ($env{'course.'.$courseid.'.grading'} eq 'standard' ||
- $env{'course.'.$courseid.'.grading'} eq 'external' ) {
- return HTTP_NOT_ACCEPTABLE;
+
+ if ((!$allowed_to_view) && (!$allowed_to_edit)) {
+ if ($env{'course.'.$courseid.'.grading'} eq 'spreadsheet') {
+ if ($sheettype ne 'studentcalc') {
+ $r->internal_redirect('/adm/studentcalc');
+ return OK;
+ }
+ } else {
+ $r->internal_redirect('/adm/quickgrades');
+ return OK;
}
}
#
@@ -244,7 +268,6 @@
}
#
# Determine basic information about the spreadsheet
- my ($sheettype) = ($r->uri=~/\/(\w+)$/);
#
my $symb = undef;
$symb = $env{'form.usymb'} if (exists($env{'form.usymb'}));
@@ -267,29 +290,13 @@
$env{'request.course.id'});
}
- ##
- ## Check permissions
- my $allowed_to_edit = &Apache::lonnet::allowed('mgr',
- $env{'request.course.id'});
- # Only those instructors/tas/whatevers with complete access
- # (not section restricted) are able to modify spreadsheets.
- my $allowed_to_view = &Apache::lonnet::allowed('vgr',
- $env{'request.course.id'});
- if (! $allowed_to_view) {
- $allowed_to_view = &Apache::lonnet::allowed('vgr',
- $env{'request.course.id'}.'/'.$env{'request.course.sec'});
- # Those who are restricted by section are allowed to view.
- # The routines in lonstatistics which decide which students'
- # will be shown take care of the restriction by section.
- }
#
# Only those able to view others grades will be allowed to continue
# if they are not requesting their own.
if ($sheettype eq 'classcalc') {
- if (! $allowed_to_view) {
- $env{'user.error.msg'}=
- $r->uri.":vgr:0:0:Access Permission Denied";
- return HTTP_NOT_ACCEPTABLE;
+ if (!$allowed_to_view) {
+ $r->internal_redirect('/adm/studentcalc');
+ return OK;
}
}
if ((($name ne $env{'user.name'} ) ||
More information about the LON-CAPA-cvs
mailing list