[LON-CAPA-cvs] cvs: loncom /interface/spreadsheet lonspreadsheet.pm

raeburn raeburn at source.lon-capa.org
Mon Sep 26 08:15:39 EDT 2011


raeburn		Mon Sep 26 12:15:39 2011 EDT

  Modified files:              
    /loncom/interface/spreadsheet	lonspreadsheet.pm 
  Log:
  - Replace permission checking based on role (e.g., student) with
    checking based on privileges.
  - In cases where /adm/classcalc is requested, but role's privileges
    prevent display:
     - internal redirection to /adm/studentcalc, if current grading mechansim
       is spreadsheet.
     - internal redirection to /adm/quickgrades otherwise.  
  
  
Index: loncom/interface/spreadsheet/lonspreadsheet.pm
diff -u loncom/interface/spreadsheet/lonspreadsheet.pm:1.58 loncom/interface/spreadsheet/lonspreadsheet.pm:1.59
--- loncom/interface/spreadsheet/lonspreadsheet.pm:1.58	Fri Dec  3 21:33:56 2010
+++ loncom/interface/spreadsheet/lonspreadsheet.pm	Mon Sep 26 12:15:39 2011
@@ -1,5 +1,5 @@
 #
-# $Id: lonspreadsheet.pm,v 1.58 2010/12/03 21:33:56 www Exp $
+# $Id: lonspreadsheet.pm,v 1.59 2011/09/26 12:15:39 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -218,15 +218,39 @@
             $r->uri.":opa:0:0:Cannot modify spreadsheet";
         return HTTP_NOT_ACCEPTABLE; 
     }
+    my ($sheettype) = ($r->uri=~/\/(\w+)$/);
     my $courseid = $env{'request.course.id'};
+
+    ##
+    ## Check permissions
+    my $allowed_to_edit = &Apache::lonnet::allowed('mgr',
+                                                $env{'request.course.id'});
+    # Only those instructors/tas/whatevers with complete access
+    # (not section restricted) are able to modify spreadsheets.
+    my $allowed_to_view =  &Apache::lonnet::allowed('vgr',
+                                                $env{'request.course.id'});
+    if (! $allowed_to_view) {
+        $allowed_to_view = &Apache::lonnet::allowed('vgr',
+                    $env{'request.course.id'}.'/'.$env{'request.course.sec'});
+        # Those who are restricted by section are allowed to view.
+        # The routines in lonstatistics which decide which students'
+        # will be shown take care of the restriction by section.
+    }
+
     #
-    # Do not allow students to continue if standard or external grading is in
-    # effect.
+    # Do not allow users without vgr or mgr priv to continue unless 
+    # grading type is set to spreadsheet. 
     #
-    if ($env{'request.role'} =~ /^st\./) {
-        if ($env{'course.'.$courseid.'.grading'} eq 'standard' ||
-	    $env{'course.'.$courseid.'.grading'} eq 'external' ) {
-            return HTTP_NOT_ACCEPTABLE;
+
+    if ((!$allowed_to_view) && (!$allowed_to_edit)) {
+        if ($env{'course.'.$courseid.'.grading'} eq 'spreadsheet') {
+            if ($sheettype ne 'studentcalc') {
+                $r->internal_redirect('/adm/studentcalc');
+                return OK;
+            }
+        } else {
+            $r->internal_redirect('/adm/quickgrades');
+            return OK;
         }
     }
     #
@@ -244,7 +268,6 @@
     }
     #
     # Determine basic information about the spreadsheet
-    my ($sheettype) = ($r->uri=~/\/(\w+)$/);
     #
     my $symb   = undef;
     $symb = $env{'form.usymb'} if (exists($env{'form.usymb'}));
@@ -267,29 +290,13 @@
                                                     $env{'request.course.id'});
     }
 
-    ##
-    ## Check permissions
-    my $allowed_to_edit = &Apache::lonnet::allowed('mgr',
-                                                $env{'request.course.id'});
-    # Only those instructors/tas/whatevers with complete access
-    # (not section restricted) are able to modify spreadsheets.
-    my $allowed_to_view =  &Apache::lonnet::allowed('vgr',
-                                                $env{'request.course.id'});
-    if (! $allowed_to_view) {
-        $allowed_to_view = &Apache::lonnet::allowed('vgr',
-                    $env{'request.course.id'}.'/'.$env{'request.course.sec'});
-        # Those who are restricted by section are allowed to view.
-        # The routines in lonstatistics which decide which students' 
-        # will be shown take care of the restriction by section.
-    }
     #
     # Only those able to view others grades will be allowed to continue 
     # if they are not requesting their own.
     if ($sheettype eq 'classcalc') {
-        if (! $allowed_to_view) {
-	    $env{'user.error.msg'}=
-		$r->uri.":vgr:0:0:Access Permission Denied";
-	    return HTTP_NOT_ACCEPTABLE; 
+        if (!$allowed_to_view) {
+            $r->internal_redirect('/adm/studentcalc');
+            return OK;
 	}
     }
     if ((($name   ne $env{'user.name'} ) ||




More information about the LON-CAPA-cvs mailing list