[LON-CAPA-cvs] cvs: loncom /interface coursecatalog.pm loncommon.pm loncreatecourse.pm loncreateuser.pm lonmsgdisplay.pm lonrequestcourse.pm lonuserutils.pm /lonnet/perl lonnet.pm
raeburn
raeburn at source.lon-capa.org
Mon Aug 7 16:22:55 EDT 2017
raeburn Mon Aug 7 20:22:55 2017 EDT
Modified files:
/loncom/interface coursecatalog.pm loncommon.pm loncreatecourse.pm
loncreateuser.pm lonmsgdisplay.pm
lonrequestcourse.pm lonuserutils.pm
/loncom/lonnet/perl lonnet.pm
Log:
- Trust Settings
Check if action is permissible based on trust settings for:
catalog, domroles, enroll, reqcrs, msg, othcoau, or coaurem for current context.
-------------- next part --------------
Index: loncom/interface/coursecatalog.pm
diff -u loncom/interface/coursecatalog.pm:1.92 loncom/interface/coursecatalog.pm:1.93
--- loncom/interface/coursecatalog.pm:1.92 Mon Feb 20 18:29:22 2017
+++ loncom/interface/coursecatalog.pm Mon Aug 7 20:22:12 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler for displaying the course catalog interface
#
-# $Id: coursecatalog.pm,v 1.92 2017/02/20 18:29:22 raeburn Exp $
+# $Id: coursecatalog.pm,v 1.93 2017/08/07 20:22:12 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -57,7 +57,8 @@
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
['sortby','showdom']);
- my $codedom = &Apache::lonnet::default_login_domain();
+ my $serverdefdom = &Apache::lonnet::default_login_domain();
+ my $codedom = $serverdefdom;
if (($env{'user.domain'} ne '') && ($env{'user.domain'} ne 'public')) {
$codedom = $env{'user.domain'};
@@ -74,9 +75,20 @@
$env{'form.showdom'} = '';
}
}
- my $domdesc = &Apache::lonnet::domain($codedom,'description');
+ my $domdesc = &Apache::lonnet::domain($serverdefdom,'description');
&Apache::lonhtmlcommon::clear_breadcrumbs();
-
+ if (&Apache::lonnet::notcallable('catalog',$codedom)) {
+ my $serverdomdesc = &Apache::lonnet::domain($serverdefdom,'description');
+ $r->print(&Apache::loncommon::start_page('Course/Community Catalog'));
+ &Apache::lonhtmlcommon::add_breadcrumb
+ ({href=>"/adm/coursecatalog",
+ text=>"Course/Community Catalog"});
+ $r->print(&Apache::lonhtmlcommon::breadcrumbs('Course/Community Catalog'));
+ $r->print('<div>'.&mt('Access to catalog LON-CAPA courses/communities unavailable for: "[_1]" on servers run by: "[_2]".',
+ $domdesc,$serverdomdesc).'</div>');
+ $r->print(&Apache::loncommon::end_page());
+ return OK;
+ }
my %domconfig =
&Apache::lonnet::get_dom('configuration',['coursecategories'],$codedom);
my $knownuser = &user_is_known();
Index: loncom/interface/loncommon.pm
diff -u loncom/interface/loncommon.pm:1.1286 loncom/interface/loncommon.pm:1.1287
--- loncom/interface/loncommon.pm:1.1286 Thu Aug 3 16:22:09 2017
+++ loncom/interface/loncommon.pm Mon Aug 7 20:22:13 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# a pile of common routines
#
-# $Id: loncommon.pm,v 1.1286 2017/08/03 16:22:09 raeburn Exp $
+# $Id: loncommon.pm,v 1.1287 2017/08/07 20:22:13 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -10137,7 +10137,16 @@
$allow_blank = 0;
$domform = &select_dom_form($currdom,'srchdomain',$allow_blank,1,undef,[$currdom]);
} else {
- $domform = &select_dom_form($currdom,'srchdomain',$allow_blank,1);
+ my $defdom = $env{'request.role.domain'};
+ my ($trustedref,$untrustedref);
+ if (($context eq 'requestcrs') || ($context eq 'course')) {
+ ($trustedref,$untrustedref) = &Apache::lonnet::trusted_domains('enroll',$defdom);
+ } elsif ($context eq 'author') {
+ ($trustedref,$untrustedref) = &Apache::lonnet::trusted_domains('othcoau',$defdom);
+ } elsif ($context eq 'domain') {
+ ($trustedref,$untrustedref) = &Apache::lonnet::trusted_domains('domroles',$defdom);
+ }
+ $domform = &select_dom_form($currdom,'srchdomain',$allow_blank,1,undef,$trustedref,$untrustedref);
}
my $srchinsel = ' <select name="srchin">';
@@ -16201,8 +16210,36 @@
$reqauthor{'author'}{'timestamp'};
}
}
+ my ($types,$typename) = &course_types();
+ if (ref($types) eq 'ARRAY') {
+ my @options = ('approval','validate','autolimit');
+ my $optregex = join('|', at options);
+ my (%willtrust,%trustchecked);
+ foreach my $type (@{$types}) {
+ my $dom_str = $env{'environment.reqcrsotherdom.'.$type};
+ if ($dom_str ne '') {
+ my $updatedstr = '';
+ my @possdomains = split(',',$dom_str);
+ foreach my $entry (@possdomains) {
+ my ($extdom,$extopt) = split(':',$entry);
+ unless ($trustchecked{$extdom}) {
+ $willtrust{$extdom} = &Apache::lonnet::will_trust('reqcrs',$domain,$extdom);
+ $trustchecked{$extdom} = 1;
+ }
+ if ($willtrust{$extdom}) {
+ $updatedstr .= $entry.',';
+ }
+ }
+ $updatedstr =~ s/,$//;
+ if ($updatedstr) {
+ $userenv{'reqcrsotherdom.'.$type} = $updatedstr;
+ } else {
+ delete($userenv{'reqcrsotherdom.'.$type});
+ }
+ }
+ }
+ }
}
-
$env{'user.environment'} = "$lonids/$cookie.id";
if (tie(my %disk_env,'GDBM_File',"$lonids/$cookie.id",
Index: loncom/interface/loncreatecourse.pm
diff -u loncom/interface/loncreatecourse.pm:1.165 loncom/interface/loncreatecourse.pm:1.166
--- loncom/interface/loncreatecourse.pm:1.165 Wed Jan 18 20:15:50 2017
+++ loncom/interface/loncreatecourse.pm Mon Aug 7 20:22:13 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Create a course
#
-# $Id: loncreatecourse.pm,v 1.165 2017/01/18 20:15:50 raeburn Exp $
+# $Id: loncreatecourse.pm,v 1.166 2017/08/07 20:22:13 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -106,7 +106,8 @@
$course_home .= qq{>$server $host_servers{$server}</option>};
}
$course_home .= "\n</select>\n";
- my $domform = &Apache::loncommon::select_dom_form($defdom,'ccdomain');
+ my ($trustedref,$untrustedref) = &Apache::lonnet::trusted_domains('enroll',$defdom);
+ my $domform = &Apache::loncommon::select_dom_form($defdom,'ccdomain',undef,undef,undef,$trustedref,$untrustedref);
my $cloneform=&Apache::loncommon::select_dom_form
($env{'request.role.domain'},'clonedomain').
&Apache::loncommon::selectcourse_link
Index: loncom/interface/loncreateuser.pm
diff -u loncom/interface/loncreateuser.pm:1.443 loncom/interface/loncreateuser.pm:1.444
--- loncom/interface/loncreateuser.pm:1.443 Thu Aug 3 16:22:09 2017
+++ loncom/interface/loncreateuser.pm Mon Aug 7 20:22:13 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Create a user
#
-# $Id: loncreateuser.pm,v 1.443 2017/08/03 16:22:09 raeburn Exp $
+# $Id: loncreateuser.pm,v 1.444 2017/08/07 20:22:13 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -886,7 +886,15 @@
(!(($env{'form.action'} eq 'singleuser') && ($context eq 'domain') &&
(!&Apache::lonnet::allowed('mau',$env{'request.role.domain'}))))) {
my $defdom=$env{'request.role.domain'};
- my $domform = &Apache::loncommon::select_dom_form($defdom,'srchdomain');
+ my ($trustedref,$untrustedref);
+ if ($context eq 'course') {
+ ($trustedref,$untrustedref) = &Apache::lonnet::trusted_domains('enroll',$defdom);
+ } elsif ($context eq 'author') {
+ ($trustedref,$untrustedref) = &Apache::lonnet::trusted_domains('othcoau',$defdom);
+ } elsif ($context eq 'domain') {
+ ($trustedref,$untrustedref) = &Apache::lonnet::trusted_domains('domroles',$defdom);
+ }
+ my $domform = &Apache::loncommon::select_dom_form($defdom,'srchdomain',undef,undef,undef,$trustedref,$untrustedref);
my %lt=&Apache::lonlocal::texthash(
'enro' => 'Enroll one student',
'enrm' => 'Enroll one member',
@@ -1476,8 +1484,10 @@
if ($env{'request.role.domain'} eq $ccdomain) {
$r->print(&build_tools_display($ccuname,$ccdomain,'requestcourses'));
} else {
- $r->print(&coursereq_externaluser($ccuname,$ccdomain,
- $env{'request.role.domain'}));
+ if (&Apache::lonnet::will_trust('reqcrs',$ccdomain,$env{'request.role.domain'})) {
+ $r->print(&coursereq_externaluser($ccuname,$ccdomain,
+ $env{'request.role.domain'}));
+ }
}
$r->print(&Apache::loncommon::end_data_table());
}
@@ -6129,10 +6139,11 @@
} elsif ($curr_types eq '') {
$add_domtitle = &mt('Users in other domain:');
}
+ my ($trustedref,$untrustedref) = &Apache::lonnet::trusted_domains('enroll',$cdom);
$output .= &Apache::loncommon::start_data_table_row()
.'<td colspan="2"><span class="LC_nobreak">'.$add_domtitle.'</span><br />'
.&Apache::loncommon::select_dom_form('','selfenroll_newdom',
- $includeempty,$showdomdesc,'','','',$readonly)
+ $includeempty,$showdomdesc,'',$trustedref,$untrustedref,$readonly)
.'<input type="hidden" name="selfenroll_types_total" value="'.$num.'" />'
.'</td>'.&Apache::loncommon::end_data_table_row()
.&Apache::loncommon::end_data_table();
Index: loncom/interface/lonmsgdisplay.pm
diff -u loncom/interface/lonmsgdisplay.pm:1.184 loncom/interface/lonmsgdisplay.pm:1.185
--- loncom/interface/lonmsgdisplay.pm:1.184 Wed Mar 15 20:58:12 2017
+++ loncom/interface/lonmsgdisplay.pm Mon Aug 7 20:22:13 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Routines for messaging display
#
-# $Id: lonmsgdisplay.pm,v 1.184 2017/03/15 20:58:12 raeburn Exp $
+# $Id: lonmsgdisplay.pm,v 1.185 2017/08/07 20:22:13 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -2756,7 +2756,7 @@
$cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
}
if ($env{'form.send'}) {
- if (!$env{'form.multiforward'}) {
+ if (!$env{'form.multiforward'}) {
if ($group eq '') {
&printheader($r,'','Messages being sent.');
} else {
@@ -2786,6 +2786,8 @@
my $mode = $env{'form.sendmode'};
my (%toaddr,$tos,$cc,$bcc,$broadcast);
+ my (%willtrust,%trustchecked,%disallowed);
+ my $serverdefdom = &Apache::lonnet::default_login_domain();
if ($mode eq 'group') {
if (defined($env{'form.courserecips'})) {
@@ -2795,9 +2797,17 @@
foreach my $dest (@to) {
my ($user,$domain) = split(/:/, $dest);
if (($user ne '') && ($domain ne '')) {
- my $rec = $user.":".$domain;
- $toaddr{$rec} = '';
- $broadcast->{$rec} = '';
+ unless ($trustchecked{$domain}) {
+ $willtrust{$domain} = &Apache::lonnet::will_trust('msg',$serverdefdom,$domain);
+ $trustchecked{$domain} = 1;
+ }
+ if ($willtrust{$domain}) {
+ my $rec = $user.":".$domain;
+ $toaddr{$rec} = '';
+ $broadcast->{$rec} = '';
+ } else {
+ $disallowed{'to'}{$user.":".$domain} = 1;
+ }
}
}
}
@@ -2808,22 +2818,47 @@
if ($txt) {
$rec =~ s/^\s+//;
$rec =~ s/\s+$//;
- $toaddr{$rec}.=$txt."\n";
- $broadcast->{$rec} = '';
+ my ($recuname,$recudom) = split(/:/,$rec);
+ unless ($trustchecked{$recudom}) {
+ $willtrust{$recudom} = &Apache::lonnet::will_trust('msg',$serverdefdom,$recudom);
+ $trustchecked{$recudom} = 1;
+ }
+ if ($willtrust{$recudom}) {
+ $toaddr{$rec}.=$txt."\n";
+ $broadcast->{$rec} = '';
+ } else {
+ $disallowed{'to'}{$rec} = 1;
+ }
}
}
} else {
if (($env{'form.recuname'} ne '') && ($env{'form.recdomain'} ne '')) {
- $toaddr{$env{'form.recuname'}.':'.$env{'form.recdomain'}}='';
- $tos->{$env{'form.recuname'}.':'.$env{'form.recdomain'}}='';
+ unless ($trustchecked{$env{'form.recdomain'}}) {
+ $willtrust{$env{'form.recdomain'}} = &Apache::lonnet::will_trust('msg',$serverdefdom,$env{'form.recdomain'});
+ $trustchecked{$env{'form.recdomain'}} = 1;
+ }
+ if ($willtrust{$env{'form.recdomain'}}) {
+ $toaddr{$env{'form.recuname'}.':'.$env{'form.recdomain'}}='';
+ $tos->{$env{'form.recuname'}.':'.$env{'form.recdomain'}}='';
+ } else {
+ $disallowed{'to'}{$env{'form.recuname'}.':'.$env{'form.recdomain'}};
+ }
}
}
if ($env{'form.additionalrec_to'}) {
foreach my $rec (split(/\s*,\s*/,$env{'form.additionalrec_to'})) {
my ($auname,$audom)=split(/:/,$rec);
if (($auname ne "") && ($audom ne "")) {
- $toaddr{$auname.':'.$audom}='';
- $tos->{$auname.':'.$audom}='';
+ unless ($trustchecked{$audom}) {
+ $willtrust{$audom} = &Apache::lonnet::will_trust('msg',$serverdefdom,$audom);
+ $trustchecked{$audom} = 1;
+ }
+ if ($willtrust{$audom}) {
+ $toaddr{$auname.':'.$audom}='';
+ $tos->{$auname.':'.$audom}='';
+ } else {
+ $disallowed{'to'}{$auname.':'.$audom};
+ }
}
}
}
@@ -2833,8 +2868,16 @@
foreach my $rec (@toreplies) {
my ($auname,$audom)=split(/:/,$rec);
if (($auname ne "") && ($audom ne "")) {
- $toaddr{$auname.':'.$audom}='';
- $tos->{$auname.':'.$audom}='';
+ unless ($trustchecked{$audom}) {
+ $willtrust{$audom} = &Apache::lonnet::will_trust('msg',$serverdefdom,$audom);
+ $trustchecked{$audom} = 1;
+ }
+ if ($willtrust{$audom}) {
+ $toaddr{$auname.':'.$audom}='';
+ $tos->{$auname.':'.$audom}='';
+ } else {
+ $disallowed{'to'}{$auname.':'.$audom};
+ }
}
}
}
@@ -2842,9 +2885,17 @@
foreach my $rec (split(/\s*,\s*/,$env{'form.additionalrec_cc'})) {
my ($auname,$audom)=split(/:/,$rec);
if (($auname ne "") && ($audom ne "")) {
- $toaddr{$auname.':'.$audom}='';
if (!defined($tos->{$auname.':'.$audom})) {
- $cc->{$auname.':'.$audom}='';
+ unless ($trustchecked{$audom}) {
+ $willtrust{$audom} = &Apache::lonnet::will_trust('msg',$serverdefdom,$audom);
+ $trustchecked{$audom} = 1;
+ }
+ if ($willtrust{$audom}) {
+ $toaddr{$auname.':'.$audom}='';
+ $cc->{$auname.':'.$audom}='';
+ } else {
+ $disallowed{'cc'}{$auname.':'.$audom};
+ }
}
}
}
@@ -2855,9 +2906,17 @@
foreach my $rec (@ccreplies) {
my ($auname,$audom)=split(/:/,$rec);
if (($auname ne "") && ($audom ne "")) {
- $toaddr{$auname.':'.$audom}='';
if (!defined($tos->{$auname.':'.$audom})) {
- $cc->{$auname.':'.$audom}='';
+ unless ($trustchecked{$audom}) {
+ $willtrust{$audom} = &Apache::lonnet::will_trust('msg',$serverdefdom,$audom);
+ $trustchecked{$audom} = 1;
+ }
+ if ($willtrust{$audom}) {
+ $toaddr{$auname.':'.$audom}='';
+ $cc->{$auname.':'.$audom}='';
+ } else {
+ $disallowed{'cc'}{$auname.':'.$audom} = 1;
+ }
}
}
}
@@ -2868,9 +2927,17 @@
foreach my $rec (@groupreplies) {
my ($auname,$audom)=split(/:/,$rec);
if (($auname ne "") && ($audom ne "")) {
- $toaddr{$auname.':'.$audom}='';
if (!defined($tos->{$auname.':'.$audom})) {
- $broadcast->{$auname.':'.$audom}='';
+ unless ($trustchecked{$audom}) {
+ $willtrust{$audom} = &Apache::lonnet::will_trust('msg',$serverdefdom,$audom);
+ $trustchecked{$audom} = 1;
+ }
+ if ($willtrust{$audom}) {
+ $toaddr{$auname.':'.$audom}='';
+ $broadcast->{$auname.':'.$audom}='';
+ } else {
+ $disallowed{'to'}{$auname.':'.$audom} = 1;
+ }
}
}
}
@@ -2879,10 +2946,18 @@
foreach my $rec (split(/\s*,\s*/,$env{'form.additionalrec_bcc'})) {
my ($auname,$audom)=split(/:/,$rec);
if (($auname ne "") && ($audom ne "")) {
- $toaddr{$auname.':'.$audom}='';
- if ((!defined($tos->{$auname.':'.$audom})) &&
+ if ((!defined($tos->{$auname.':'.$audom})) &&
(!defined($cc->{$auname.':'.$audom}))) {
- $bcc->{$auname.':'.$audom}='';
+ unless ($trustchecked{$audom}) {
+ $willtrust{$audom} = &Apache::lonnet::will_trust('msg',$serverdefdom,$audom);
+ $trustchecked{$audom} = 1;
+ }
+ if ($willtrust{$audom}) {
+ $toaddr{$auname.':'.$audom}='';
+ $bcc->{$auname.':'.$audom}='';
+ } else {
+ $disallowed{'bcc'}{$auname.':'.$audom} = 1;
+ }
}
}
}
@@ -2902,42 +2977,42 @@
} else {
$savemsg=&Apache::lonfeedback::clear_out_html($env{'form.message'});
}
- my %reciphash = (
- to => $tos,
- cc => $cc,
- bcc => $bcc,
- );
- if ($mode eq 'group') {
- if ($group eq '') {
- $reciphash{'course_broadcast'} = $broadcast;
- } else {
- if ($env{'form.groupmail'} eq 'cc') {
- $reciphash{'group_cc_broadcast'} = $broadcast;
+ my ($recipid, @recusers, @recudoms, %permresults);
+ if (keys(%toaddr) > 0) {
+ my %reciphash = (
+ to => $tos,
+ cc => $cc,
+ bcc => $bcc,
+ );
+ if ($mode eq 'group') {
+ if ($group eq '') {
+ $reciphash{'course_broadcast'} = $broadcast;
} else {
- $reciphash{'group_bcc_broadcast'} = $broadcast;
+ if ($env{'form.groupmail'} eq 'cc') {
+ $reciphash{'group_cc_broadcast'} = $broadcast;
+ } else {
+ $reciphash{'group_bcc_broadcast'} = $broadcast;
+ }
}
}
- }
- my ($recipid,$recipstatus) =
- &Apache::lonmsg::store_recipients($msgsubj,$env{'user.name'},
- $env{'user.domain'},\%reciphash);
- if ($recipstatus ne 'ok') {
- &Apache::lonnet::logthis('Failed to store To, Bcc and Cc recipients for '.$env{'user.name'}.':'.$env{'user.domain'});
- }
- if ($env{'form.attachment'}) {
- if (length($env{'form.attachment'})<131072) {
- $attachmenturl=&Apache::lonnet::userfileupload('attachment',undef,'feedback/'.$now);
- } else {
- $r->print('<p><span class="LC_warning">'.&mt('Attachment not included - exceeded permitted length').'</span><br /></p>');
- }
- } elsif ($env{'form.multiforward'}) {
- if ($env{'form.attachmenturl'} ne '') {
- $attachmenturl = $env{'form.attachmenturl'};
+ ($recipid,my $recipstatus) =
+ &Apache::lonmsg::store_recipients($msgsubj,$env{'user.name'},
+ $env{'user.domain'},\%reciphash);
+ if ($recipstatus ne 'ok') {
+ &Apache::lonnet::logthis('Failed to store To, Bcc and Cc recipients for '.$env{'user.name'}.':'.$env{'user.domain'});
+ }
+ if ($env{'form.attachment'}) {
+ if (length($env{'form.attachment'})<131072) {
+ $attachmenturl=&Apache::lonnet::userfileupload('attachment',undef,'feedback/'.$now);
+ } else {
+ $r->print('<p><span class="LC_warning">'.&mt('Attachment not included - exceeded permitted length').'</span><br /></p>');
+ }
+ } elsif ($env{'form.multiforward'}) {
+ if ($env{'form.attachmenturl'} ne '') {
+ $attachmenturl = $env{'form.attachmenturl'};
+ }
}
}
- my @recusers;
- my @recudoms;
- my %permresults;
foreach my $address (sort(keys(%toaddr))) {
my ($recuname,$recdomain)=split(/\:/,$address);
my $msgtxt = $savemsg;
@@ -3075,6 +3150,23 @@
$r->print($message);
}
}
+ if (keys(%disallowed)) {
+ if ((ref($disallowed{'to'}) eq 'HASH') && (keys(%{$disallowed{'to'}}) > 0)) {
+ $r->print(&mt("The following recipients were excluded because the user's domain does not accept messages from server's domain:").'<ul><li>'.
+ join("</li><li>\n",sort(keys(%{$disallowed{'to'}}))).
+ '</li><ul><br />');
+ }
+ if (ref($disallowed{'cc'}) eq 'HASH') {
+ $r->print(&mt("The following CCs were excluded because the user's domain does not accept messages from server's domain:").'<ul><li>'.
+ join("</li><li>\n",sort(keys(%{$disallowed{'cc'}}))).
+ '</li><ul><br />');
+ }
+ if (ref($disallowed{'bcc'}) eq 'HASH') {
+ $r->print(&mt("The following BCCs were excluded because the user's domain does not accept messages from server's domain:").'<ul><li>'.
+ join("</li><li>\n",sort(keys(%{$disallowed{'bcc'}}))).
+ '</li><ul><br />');
+ }
+ }
} else {
&printheader($r,'','Messages cancelled.');
return 'cancelled';
Index: loncom/interface/lonrequestcourse.pm
diff -u loncom/interface/lonrequestcourse.pm:1.99 loncom/interface/lonrequestcourse.pm:1.100
--- loncom/interface/lonrequestcourse.pm:1.99 Mon Sep 5 01:46:08 2016
+++ loncom/interface/lonrequestcourse.pm Mon Aug 7 20:22:13 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Request a course
#
-# $Id: lonrequestcourse.pm,v 1.99 2016/09/05 01:46:08 raeburn Exp $
+# $Id: lonrequestcourse.pm,v 1.100 2017/08/07 20:22:13 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -2121,14 +2121,15 @@
}
}
}
- for (my $i=0; $i<$persontotal; $i++) {
+ my ($trustedref,$untrustedref) = &Apache::lonnet::trusted_domains('enroll',$dom);
+ for (my $i=0; $i<$persontotal; $i++) {
my @linkargs = map { 'person_'.$i.'_'.$_ } (@items);
my $linkargstr = join("','", at linkargs);
my $uname_form = '<input type="text" name="person_'.$i.'_uname" value="" size="20" />';
my $onchange = 'javascript:fix_domain('."'$formname','person_".$i."_dom',".
"'person_".$i."_hidedom','person_".$i."_uname'".');';
my $udom_form = &Apache::loncommon::select_dom_form($dom,'person_'.$i.'_dom','',
- 1,$onchange).
+ 1,$onchange,undef,$trustedref,$untrustedref).
'<input type="hidden" name="person_'.$i.'_hidedom" value="" />';
my %form_elems;
foreach my $item (@items) {
@@ -3352,18 +3353,23 @@
return $env{'user.domain'};
}
}
- my @possible_doms;
+ my (@possible_doms,%willtrust,%trustchecked);
foreach my $type (@{$types}) {
my $dom_str = $env{'environment.reqcrsotherdom.'.$type};
if ($dom_str ne '') {
my @domains = split(',',$dom_str);
foreach my $entry (@domains) {
my ($extdom,$extopt) = split(':',$entry);
- if ($extdom eq $env{'request.role.domain'}) {
- return $extdom;
- }
- unless(grep(/^\Q$extdom\E$/, at possible_doms)) {
- push(@possible_doms,$extdom);
+ unless ($trustchecked{$extdom}) {
+ $willtrust{$extdom} = &Apache::lonnet::will_trust('reqcrs',$env{'user.domain'},$extdom);
+ }
+ if ($willtrust{$extdom}) {
+ if ($extdom eq $env{'request.role.domain'}) {
+ return $extdom;
+ }
+ unless(grep(/^\Q$extdom\E$/, at possible_doms)) {
+ push(@possible_doms,$extdom);
+ }
}
}
}
@@ -4597,7 +4603,6 @@
owner => $courseinfo{'internal.courseowner'},
releaserequired => $courseinfo{'internal.releaserequired'},
type => $courseinfo{'type'},
- };
}
}
Index: loncom/interface/lonuserutils.pm
diff -u loncom/interface/lonuserutils.pm:1.184 loncom/interface/lonuserutils.pm:1.185
--- loncom/interface/lonuserutils.pm:1.184 Fri Jul 7 02:50:41 2017
+++ loncom/interface/lonuserutils.pm Mon Aug 7 20:22:13 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Utility functions for managing LON-CAPA user accounts
#
-# $Id: lonuserutils.pm,v 1.184 2017/07/07 02:50:41 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.185 2017/08/07 20:22:13 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -943,8 +943,14 @@
&Apache::lonhtmlcommon::row_closure();
}
+ my ($trustedref,$untrustedref);
+ if ($context eq 'course') {
+ ($trustedref,$untrustedref) = &Apache::lonnet::trusted_domains('enroll',$defdom);
+ } elsif ($context eq 'author') {
+ ($trustedref,$untrustedref) = &Apache::lonnet::trusted_domains('othcoau',$defdom);
+ }
$Str .= &Apache::lonhtmlcommon::row_title(&mt('Default domain'))
- .&Apache::loncommon::select_dom_form($defdom,'defaultdomain',undef,1)
+ .&Apache::loncommon::select_dom_form($defdom,'defaultdomain',undef,1,undef,$trustedref,$untrustedref)
.&Apache::lonhtmlcommon::row_closure();
$Str .= &Apache::lonhtmlcommon::row_title(&mt('Starting and Ending Dates'))
@@ -4138,17 +4144,19 @@
$fieldstype{$field.'_choice'} = 'scalar';
}
&Apache::loncommon::store_course_settings('enrollment_upload',\%fieldstype);
- my ($cid,$crstype,$setting);
+ my ($cid,$crstype,$setting,$crsdom);
if ($context eq 'domain') {
$setting = $env{'form.roleaction'};
}
if ($env{'request.course.id'} ne '') {
$cid = $env{'request.course.id'};
$crstype = &Apache::loncommon::course_type();
+ $crsdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
} elsif ($setting eq 'course') {
if (&Apache::lonnet::is_course($env{'form.dcdomain'},$env{'form.dccourse'})) {
$cid = $env{'form.dcdomain'}.'_'.$env{'form.dccourse'};
$crstype = &Apache::loncommon::course_type($cid);
+ $crsdom = $env{'form.dcdomain'};
}
}
my ($startdate,$enddate) = &get_dates_from_form();
@@ -4159,7 +4167,43 @@
my $defdom=$env{'request.role.domain'};
my $domain;
if ($env{'form.defaultdomain'} ne '') {
- $domain = $env{'form.defaultdomain'};
+ if (($context eq 'course') || ($setting eq 'course')) {
+ unless ($env{'form.defaultdomain'} eq $crsdom) {
+ if (&Apache::lonnet::will_trust('enroll',$crsdom,$env{'form.defaultdomain'})) {
+ $domain = $env{'form.defaultdomain'};
+ } else {
+ $r->print('<span class="LC_error">'.&mt('Error').
+ &mt('Enrollment of users not permitted for specified default domain: [_1].',
+ &Apache::lonnet::domain($env{'form.defaultdomain'},'description')).'</span>');
+ $r->print(&Apache::loncommon::end_page());
+ }
+ return;
+ }
+ } elsif ($context eq 'author') {
+ unless ($env{'form.defaultdomain'} eq $defdom) {
+ if ((&Apache::lonnet::will_trust('othcoau',$defdom,$env{'form.defaultdomain'})) &&
+ (&Apache::lonnet::will_trust('coremau',$env{'form.defaultdomain'},$defdom))) {
+ $domain = $env{'form.defaultdomain'};
+ } else {
+ $r->print('<span class="LC_error">'.&mt('Error').
+ &mt('Addition of users not permitted for specified default domain: [_1].',
+ &Apache::lonnet::domain($env{'form.defaultdomain'},'description')).'</span>');
+ $r->print(&Apache::loncommon::end_page());
+ }
+ return;
+ }
+ } elsif (($context eq 'domain') && ($setting eq 'domain')) {
+ unless ($env{'form.defaultdomain'} eq $defdom) {
+ if (&Apache::lonnet::will_trust('domroles',$defdom,$env{'form.defaultdomain'})) {
+ $domain = $env{'form.defaultdomain'};
+ } else {
+ $r->print('<span class="LC_error">'.&mt('Error').
+ &mt('Addition of users not permitted for specified default domain: [_1].',
+ &Apache::lonnet::domain($env{'form.defaultdomain'},'description')).'</span>');
+ $r->print(&Apache::loncommon::end_page());
+ }
+ }
+ }
} else {
$domain = $defdom;
}
@@ -4343,6 +4387,7 @@
# Get new users list
my (%existinguser,%userinfo,%disallow,%rulematch,%inst_results,%alerts,%checkuname);
my $counter = -1;
+ my (%willtrust,%trustchecked);
foreach my $line (@userdata) {
$counter ++;
my @secs;
@@ -4390,6 +4435,28 @@
'"<b>'.$entries{$fields{'domain'}}.'</b>"',
$fname,$mname,$lname,$gen);
next;
+ } elsif ($entries{$fields{'domain'}} ne $domain) {
+ my $possdom = $entries{$fields{'domain'}};
+ if ($context eq 'course' || $setting eq 'course') {
+ unless ($trustchecked{$possdom}) {
+ $willtrust{$possdom} = &Apache::lonnet::will_trust('enroll',$domain,$possdom);
+ $trustchecked{$possdom} = 1;
+ }
+ } elsif ($context eq 'author') {
+ unless ($trustchecked{$possdom}) {
+ $willtrust{$possdom} = &Apache::lonnet::will_trust('othcoau',$domain,$possdom);
+ }
+ if ($willtrust{$possdom}) {
+ $willtrust{$possdom} = &Apache::lonnet::will_trust('coaurem',$possdom,$domain);
+ }
+ }
+ unless ($willtrust{$possdom}) {
+ $disallow{$counter} =
+ &mt('Unacceptable domain [_1] for user [_2] [_3] [_4] [_5]',
+ '"<b>'.$possdom.'</b>"',
+ $fname,$mname,$lname,$gen);
+ next;
+ }
}
my $username = $entries{$fields{'username'}};
my $userdomain = $entries{$fields{'domain'}};
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1346 loncom/lonnet/perl/lonnet.pm:1.1347
--- loncom/lonnet/perl/lonnet.pm:1.1346 Thu May 25 23:55:42 2017
+++ loncom/lonnet/perl/lonnet.pm Mon Aug 7 20:22:54 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1346 2017/05/25 23:55:42 raeburn Exp $
+# $Id: lonnet.pm,v 1.1347 2017/08/07 20:22:54 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -1598,6 +1598,146 @@
return %uniqservers;
}
+sub notcallable {
+ my ($cmdtype,$calldom) = @_;
+ if (&domain($calldom) eq '') {
+ return 1;
+ }
+ unless ($cmdtype =~ /^(content|shared|enroll|coaurem|domroles|catalog|reqcrs|msg)$/) {
+ return 1;
+ }
+ my @machinedoms = ¤t_machine_domains();
+ if (grep(/^\Q$calldom\E$/, at machinedoms)) {
+ return;
+ }
+ my $reject;
+ my $intdom = &internet_dom($perlvar{'lonHostID'});
+ if ($intdom eq '') {
+ return 1;
+ }
+ my $callprimary = &domain($calldom,'primary');
+ my $intcalldom = &Apache::lonnet::internet_dom($callprimary);
+ unless ($intdom eq $intcalldom) {
+ my ($trustconfig,$cached)=&Apache::lonnet::is_cached_new('trust',$calldom);
+ unless (defined($cached)) {
+ my %domconfig = &Apache::lonnet::get_dom('configuration',['trust'],$calldom);
+ &Apache::lonnet::do_cache_new('trust',$calldom,$domconfig{'trust'},3600);
+ $trustconfig = $domconfig{'trust'};
+ }
+ if (ref($trustconfig)) {
+ if (ref($trustconfig->{$cmdtype}) eq 'HASH') {
+ if (ref($trustconfig->{$cmdtype}->{'exc'}) eq 'ARRAY') {
+ if (grep(/^\Q$intdom\E$/,@{$trustconfig->{$cmdtype}->{'exc'}})) {
+ $reject = 1;
+ }
+ }
+ if (ref($trustconfig->{$cmdtype}->{'inc'}) eq 'ARRAY') {
+ if (grep(/^\Q$intdom\E$/,@{$trustconfig->{$cmdtype}->{'inc'}})) {
+ $reject = 0;
+ } else {
+ $reject = 1;
+ }
+ }
+ }
+ }
+ }
+ return $reject;
+}
+
+sub trusted_domains {
+ my ($cmdtype,$calldom) = @_;
+ my (%trusted,%untrusted);
+ if (&domain($calldom) eq '') {
+ return (\%trusted,\%untrusted);
+ }
+ unless ($cmdtype =~ /^(content|shared|enroll|coaurem|domroles|catalog|reqcrs|msg)$/) {
+ return (\%trusted,\%untrusted);
+ }
+ my $callprimary = &domain($calldom,'primary');
+ my $intcalldom = &Apache::lonnet::internet_dom($callprimary);
+ if ($intcalldom eq '') {
+ return (\%trusted,\%untrusted);
+ }
+
+ my ($trustconfig,$cached)=&Apache::lonnet::is_cached_new('trust',$calldom);
+ unless (defined($cached)) {
+ my %domconfig = &Apache::lonnet::get_dom('configuration',['trust'],$calldom);
+ &Apache::lonnet::do_cache_new('trust',$calldom,$domconfig{'trust'},3600);
+ $trustconfig = $domconfig{'trust'};
+ }
+ if (ref($trustconfig)) {
+ my (%possexc,%possinc, at allexc, at allinc);
+ if (ref($trustconfig->{$cmdtype}) eq 'HASH') {
+ if (ref($trustconfig->{$cmdtype}->{'exc'}) eq 'ARRAY') {
+ map { $possexc{$_} = 1; } @{$trustconfig->{$cmdtype}->{'exc'}};
+ }
+ if (ref($trustconfig->{$cmdtype}->{'inc'}) eq 'ARRAY') {
+ map { $possinc{$_} = 1; } @{$trustconfig->{$cmdtype}->{'inc'}};
+ }
+ }
+ if (keys(%possexc)) {
+ if (keys(%possinc)) {
+ foreach my $key (sort(keys(%possexc))) {
+ next if ($key eq $intcalldom);
+ unless ($possinc{$key}) {
+ push(@allexc,$key);
+ }
+ }
+ } else {
+ @allexc = sort(keys(%possexc));
+ }
+ }
+ if (keys(%possinc)) {
+ $possinc{$intcalldom} = 1;
+ @allinc = sort(keys(%possinc));
+ }
+ if ((@allexc > 0) || (@allinc > 0)) {
+ my %doms_by_intdom;
+ my %allintdoms = &all_host_intdom();
+ my %alldoms = &all_host_domain();
+ foreach my $key (%allintdoms) {
+ if (ref($doms_by_intdom{$allintdoms{$key}}) eq 'ARRAY') {
+ unless (grep(/^\Q$alldoms{$key}\E$/,@{$doms_by_intdom{$allintdoms{$key}}})) {
+ push(@{$doms_by_intdom{$allintdoms{$key}}},$alldoms{$key});
+ }
+ } else {
+ $doms_by_intdom{$allintdoms{$key}} = [$alldoms{$key}];
+ }
+ }
+ foreach my $exc (@allexc) {
+ if (ref($doms_by_intdom{$exc}) eq 'ARRAY') {
+ map { $untrusted{$_}; } @{$doms_by_intdom{$exc}};
+ }
+ }
+ foreach my $inc (@allinc) {
+ if (ref($doms_by_intdom{$inc}) eq 'ARRAY') {
+ map { $trusted{$_}; } @{$doms_by_intdom{$inc}};
+ }
+ }
+ }
+ }
+ return(\%trusted,\%untrusted);
+}
+
+sub will_trust {
+ my ($cmdtype,$domain,$possdom) = @_;
+ return 1 if ($domain eq $possdom);
+ my ($trustedref,$untrustedref) = &trusted_domains($cmdtype,$possdom);
+ my $willtrust;
+ if ((ref($trustedref) eq 'ARRAY') && (@{$trustedref} > 0)) {
+ if (grep(/^\Q$domain\E$/,@{$trustedref})) {
+ $willtrust = 1;
+ }
+ } elsif ((ref($untrustedref) eq 'ARRAY') && (@{$untrustedref} > 0)) {
+ unless (grep(/^\Q$domain\E$/,@{$untrustedref})) {
+ $willtrust = 1;
+ }
+ } else {
+ $willtrust = 1;
+ }
+ return $willtrust;
+}
+
# ---------------------- Find the homebase for a user from domain's lib servers
my %homecache;
More information about the LON-CAPA-cvs
mailing list