[LON-CAPA-cvs] cvs: loncom /auth roles.tab rolesplain.tab /interface loncreateuser.pm lonmodifycourse.pm lonuserutils.pm /lonnet/perl lonnet.pm
raeburn
raeburn at source.lon-capa.org
Mon Apr 29 18:19:46 EDT 2019
raeburn Mon Apr 29 22:19:46 2019 EDT
Modified files:
/loncom/interface lonmodifycourse.pm lonuserutils.pm
loncreateuser.pm
/loncom/auth roles.tab rolesplain.tab
/loncom/lonnet/perl lonnet.pm
Log:
- Support domain configuration which allows a Course Owner to change a
student's password, if:
(a) same domain is used by owner, course, and student
(b) student has no active or future roles besides student role in courses
owned by the course owner making the change
(c) course container is not Community or Placement Test
(d) owner is course cordinator in the course
(e) setting to disable this action has not been set for the specific course
-------------- next part --------------
Index: loncom/interface/lonmodifycourse.pm
diff -u loncom/interface/lonmodifycourse.pm:1.93 loncom/interface/lonmodifycourse.pm:1.94
--- loncom/interface/lonmodifycourse.pm:1.93 Fri Mar 23 01:01:21 2018
+++ loncom/interface/lonmodifycourse.pm Mon Apr 29 22:19:24 2019
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# handler for DC-only modifiable course settings
#
-# $Id: lonmodifycourse.pm,v 1.93 2018/03/23 01:01:21 raeburn Exp $
+# $Id: lonmodifycourse.pm,v 1.94 2019/04/29 22:19:24 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -49,6 +49,10 @@
if (&showcredits($cdom)) {
push(@items,'defaultcredits');
}
+ my %passwdconf = &Apache::lonnet::get_passwdconf($cdom);
+ if (($passwdconf{'crsownerchg'}) && ($type ne 'Placement')) {
+ push(@items,'nopasswdchg');
+ }
return @items;
}
}
@@ -101,6 +105,7 @@
@items = map { 'internal.'.$_; } (@{$internals});
push(@items,@{$accessdates});
}
+ push(@items,'internal.nopasswdchg');
my %settings = &Apache::lonnet::get('environment',\@items,$cdom,$cnum);
my %enrollvar;
$enrollvar{'autharg'} = '';
@@ -126,7 +131,7 @@
} elsif ($type eq "authtype"
|| $type eq "autharg" || $type eq "coursecode"
|| $type eq "crosslistings" || $type eq "selfenrollmgr"
- || $type eq "autodropfailsafe") {
+ || $type eq "autodropfailsafe" || $type eq 'nopasswdchg') {
$enrollvar{$type} = $settings{$item};
} elsif ($type eq 'defaultcredits') {
if (&showcredits($cdom)) {
@@ -1033,6 +1038,7 @@
my @specific_managebydc = split(/,/,$settings{'internal.selfenrollmgrdc'});
my @specific_managebycc = split(/,/,$settings{'internal.selfenrollmgrcc'});
my %domdefaults = &Apache::lonnet::get_domain_defaults($cdom);
+ my %passwdconf = &Apache::lonnet::get_passwdconf($cdom);
my @default_managebydc = split(/,/,$domdefaults{$type.'selfenrolladmdc'});
if ($crstype eq 'Community') {
$ccrole = 'co';
@@ -1107,7 +1113,8 @@
if ($crstype eq 'Community') {
$r->print(&Apache::lonhtmlcommon::row_title(
&Apache::loncommon::help_open_topic('Modify_Community_Owner').
- ' '.&mt('Community Owner'))."\n");
+ ' '.&mt('Community Owner'))."\n".
+ $ownertable."\n".&Apache::lonhtmlcommon::row_closure());
} else {
$r->print(&Apache::lonhtmlcommon::row_title(
&Apache::loncommon::help_open_topic('Modify_Course_Instcode').
@@ -1117,7 +1124,7 @@
if (($crstype eq 'Course') && (&showcredits($cdom))) {
$r->print(&Apache::lonhtmlcommon::row_title(
&Apache::loncommon::help_open_topic('Modify_Course_Credithours').
- ' '.&mt('Credits (students)'))."\n".
+ ' '.&mt('Credits (students)'))."\n".
'<input type="text" size="3" name="defaultcredits" value="'.$enrollvar{'defaultcredits'}.'"'.$disabled.' />'.
&Apache::lonhtmlcommon::row_closure());
}
@@ -1127,8 +1134,21 @@
$authenitems."\n".
&Apache::lonhtmlcommon::row_closure().
&Apache::lonhtmlcommon::row_title(
- &Apache::loncommon::help_open_topic('Modify_Course_Owner').
- ' '.&mt('Course Owner'))."\n");
+ &Apache::loncommon::help_open_topic('Modify_Course_Owner').
+ ' '.&mt('Course Owner'))."\n".
+ $ownertable."\n".&Apache::lonhtmlcommon::row_closure());
+ if (($passwdconf{'crsownerchg'}) && ($type ne 'Placement')) {
+ my $checked;
+ if ($enrollvar{'nopasswdchg'}) {
+ $checked = ' checked="checked"';
+ }
+ $r->print(&Apache::lonhtmlcommon::row_title(
+ &Apache::loncommon::help_open_topic('Modify_Course_Chgpasswd').
+ ' '.&mt('Changing passwords (internal)'))."\n".
+ '<label><input type="checkbox" value="1" name="nopasswdchg"'.$checked.$disabled.' />'.
+ &mt('Disable changing password for users with student role by course owner').'<label>'."\n".
+ &Apache::lonhtmlcommon::row_closure());
+ }
}
my ($cctitle,$rolename,$currmanages,$ccchecked,$dcchecked,$defaultchecked);
my ($selfenrollrows,$selfenrolltitles) = &Apache::lonuserutils::get_selfenroll_titles();
@@ -1138,8 +1158,7 @@
$cctitle = &mt('Course personnel');
}
- $r->print($ownertable."\n".&Apache::lonhtmlcommon::row_closure().
- &Apache::lonhtmlcommon::row_title(
+ $r->print(&Apache::lonhtmlcommon::row_title(
&Apache::loncommon::help_open_topic('Modify_Course_Selfenrolladmin').
' '.&mt('Self-enrollment configuration')).
&Apache::loncommon::start_data_table()."\n".
@@ -1321,6 +1340,10 @@
if (&showcredits($cdom)) {
push(@items,'internal.defaultcredits');
}
+ my %passwdconf = &Apache::lonnet::get_passwdconf($cdom);
+ if ($passwdconf{'crsownerchg'}) {
+ push(@items,'internal.nopasswdchg');
+ }
}
my %settings = &Apache::lonnet::get('environment',\@items,$cdom,$cnum);
my $description = $settings{'description'};
@@ -1336,6 +1359,7 @@
} else {
%changed = ( code => 0,
owner => 0,
+ passwd => 0,
);
$ccrole = 'cc';
unless ($settings{'internal.sectionnums'} eq '') {
@@ -1390,9 +1414,21 @@
$newattr{'mysqltables'} = $env{'form.mysqltables'};
$newattr{'mysqltables'} =~ s/\D+//g;
}
- if (($type ne 'Placement') && (&showcredits($cdom) && exists($env{'form.defaultcredits'}))) {
- $newattr{'defaultcredits'}=$env{'form.defaultcredits'};
- $newattr{'defaultcredits'} =~ s/[^\d\.]//g;
+ if ($type ne 'Placement') {
+ if (&showcredits($cdom) && exists($env{'form.defaultcredits'})) {
+ $newattr{'defaultcredits'}=$env{'form.defaultcredits'};
+ $newattr{'defaultcredits'} =~ s/[^\d\.]//g;
+ }
+ if (grep(/^nopasswdchg$/, at modifiable_params)) {
+ if ($env{'form.nopasswdchg'}) {
+ $newattr{'nopasswdchg'} = 1;
+ unless ($currattr{'nopasswdchg'}) {
+ $changed{'passwd'} = 1;
+ }
+ } elsif ($currattr{'nopasswdchg'}) {
+ $changed{'passwd'} = 1;
+ }
+ }
}
}
@@ -1427,7 +1463,7 @@
}
}
- if ($changed{'owner'} || $changed{'code'}) {
+ if ($changed{'owner'} || $changed{'code'} || $changed{'passwd'}) {
my %crsinfo = &Apache::lonnet::courseiddump($cdom,'.',1,'.','.',$cnum,
undef,undef,'.');
if (ref($crsinfo{$env{'form.pickedcourse'}}) eq 'HASH') {
@@ -1437,9 +1473,16 @@
if ($changed{'owner'}) {
$crsinfo{$env{'form.pickedcourse'}}{'owner'} = $env{'form.courseowner'};
}
+ if ($changed{'passwd'}) {
+ if ($env{'form.nopasswdchg'}) {
+ $crsinfo{$env{'form.pickedcourse'}}{'nopasswdchg'} = 1;
+ } else {
+ delete($crsinfo{'nopasswdchg'});
+ }
+ }
my $chome = &Apache::lonnet::homeserver($cnum,$cdom);
my $putres = &Apache::lonnet::courseidput($cdom,\%crsinfo,$chome,'notime');
- if ($putres eq 'ok') {
+ if (($putres eq 'ok') && (($changed{'owner'} || $changed{'code'}))) {
&update_coowners($cdom,$cnum,$chome,\%settings,\%newattr);
}
}
@@ -1486,6 +1529,12 @@
$shown = &mt('None');
} elsif (($attr eq 'mysqltables') && ($shown eq '')) {
$shown = &mt('domain default');
+ } elsif ($attr eq 'nopasswdchg') {
+ if ($shown) {
+ $shown = &mt('Yes');
+ } else {
+ $shown = &mt('No');
+ }
}
$chgresponse .= '<li>'.&mt('[_1] now set to: [_2]',$longtype{$attr},$shown).'</li>';
} else {
@@ -1498,6 +1547,12 @@
$shown = &mt('None');
} elsif (($attr eq 'mysqltables') && ($shown eq '')) {
$shown = &mt('domain default');
+ } elsif ($attr eq 'nopasswdchg') {
+ if ($shown) {
+ $shown = &mt('Yes');
+ } else {
+ $shown = &mt('No');
+ }
}
$nochgresponse .= '<li>'.&mt('[_1] still set to: [_2]',$longtype{$attr},$shown).'</li>';
}
@@ -2414,6 +2469,7 @@
'selfenrollmgrdc' => "Course-specific self-enrollment configuration by Domain Coordinator",
'selfenrollmgrcc' => "Course-specific self-enrollment configuration by Course personnel",
'mysqltables' => '"Temporary" student performance tables lifetime (seconds)',
+ 'nopasswdchg' => 'Disable changing password for users with student role by course owner',
);
}
return %longtype;
@@ -2426,7 +2482,8 @@
'locarg','krbarg','krbver','counter','hidefromcat','usecategory',
'threshold','postsubmit','postsubtimeout','defaultcredits','uploadquota',
'selfenrollmgrdc','selfenrollmgrcc','action','state','currsec_st',
- 'sections','newsec','mysqltables'],['^selfenrollmgr_','^selfenroll_'])."\n".
+ 'sections','newsec','mysqltables','nopasswdchg'],
+ ['^selfenrollmgr_','^selfenroll_'])."\n".
'<input type="hidden" name="prevphase" value="'.$env{'form.phase'}.'" />';
return $hidden_elements;
}
@@ -2442,6 +2499,7 @@
sub get_permission {
my ($dom) = @_;
my ($allowed,%permission);
+ my %passwdconf = &Apache::lonnet::get_passwdconf($dom);
if (&Apache::lonnet::allowed('ccc',$dom)) {
$allowed = 1;
%permission = (
@@ -2459,6 +2517,9 @@
selfenroll => 'edit',
adhocrole => 'coord',
);
+ if ($passwdconf{'crsownerchg'}) {
+ $permission{passwdchg} = 'edit';
+ }
} elsif (&Apache::lonnet::allowed('rar',$dom)) {
$allowed = 1;
%permission = (
@@ -2471,6 +2532,9 @@
selfenroll => 'view',
adhocrole => 'custom',
);
+ if ($passwdconf{'crsownerchg'}) {
+ $permission{passwdchg} = 'view';
+ }
}
return ($allowed,\%permission);
}
Index: loncom/interface/lonuserutils.pm
diff -u loncom/interface/lonuserutils.pm:1.194 loncom/interface/lonuserutils.pm:1.195
--- loncom/interface/lonuserutils.pm:1.194 Fri Mar 23 01:01:21 2018
+++ loncom/interface/lonuserutils.pm Mon Apr 29 22:19:24 2019
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Utility functions for managing LON-CAPA user accounts
#
-# $Id: lonuserutils.pm,v 1.194 2018/03/23 01:01:21 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.195 2019/04/29 22:19:24 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -5866,6 +5866,51 @@
return %canmodify;
}
+sub can_change_internalpass {
+ my ($uname,$udom,$crstype,$permission) = @_;
+ my $canchange;
+ if (&Apache::lonnet::allowed('mau',$udom)) {
+ $canchange = 1;
+ } elsif ((ref($permission) eq 'HASH') && ($permission->{'mip'}) &&
+ ($udom eq $env{'request.role.domain'})) {
+ unless ($env{'course.'.$env{'request.course.id'}.'.internal.nopasswdchg'}) {
+ my ($cnum,$cdom) = &get_course_identity();
+ if ((&Apache::lonnet::is_course_owner($cdom,$cnum)) && ($udom eq $env{'user.domain'})) {
+ my $noupdate;
+ my %owned = &Apache::lonnet::courseiddump($cdom,'.',1,'.',
+ $env{'user.name'}.':'.$env{'user.domain'},
+ undef,undef,undef,'.');
+ my %roleshash = &Apache::lonnet::get_my_roles($uname,$udom,'userroles',
+ ['active','future']);
+ foreach my $key (keys(%roleshash)) {
+ my ($name,$domain,$role) = split(/:/,$key);
+ if ($role eq 'st') {
+ next if (($name eq $cnum) && ($domain eq $cdom));
+ if ($owned{$domain.'_'.$name}) {
+ if (ref($owned{$domain.'_'.$name}) eq 'HASH') {
+ if ($owned{$domain.'_'.$name}{'nopasswdchg'}) {
+ $noupdate = 1;
+ last;
+ }
+ }
+ } else {
+ $noupdate = 1;
+ last;
+ }
+ } else {
+ $noupdate = 1;
+ last;
+ }
+ }
+ unless ($noupdate) {
+ $canchange = 1;
+ }
+ }
+ }
+ }
+ return $canchange;
+}
+
sub check_usertype {
my ($dom,$uname,$rules,$curr_rules,$got_rules) = @_;
my $usertype;
@@ -5988,10 +6033,16 @@
}
}
if ($env{'request.course.id'}) {
- my $user = $env{'user.name'}.':'.$env{'user.domain'};
+ my $user;
+ if (($env{'user.name'} ne '') && ($env{'user.domain'} ne '')) {
+ $user = $env{'user.name'}.':'.$env{'user.domain'};
+ }
if (($user ne '') && ($env{'course.'.$env{'request.course.id'}.'.internal.courseowner'} eq
$user)) {
$permission{'owner'} = 1;
+ if (&Apache::lonnet::allowed('mip',$env{'request.course.id'})) {
+ $permission{'mip'} = 1;
+ }
} elsif (($user ne '') && ($env{'course.'.$env{'request.course.id'}.'.internal.co-owners'} ne '')) {
if (grep(/^\Q$user\E$/,split(/,/,$env{'course.'.$env{'request.course.id'}.'.internal.co-owners'}))) {
$permission{'co-owner'} = 1;
Index: loncom/interface/loncreateuser.pm
diff -u loncom/interface/loncreateuser.pm:1.450 loncom/interface/loncreateuser.pm:1.451
--- loncom/interface/loncreateuser.pm:1.450 Sat Dec 8 18:30:15 2018
+++ loncom/interface/loncreateuser.pm Mon Apr 29 22:19:24 2019
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Create a user
#
-# $Id: loncreateuser.pm,v 1.450 2018/12/08 18:30:15 raeburn Exp $
+# $Id: loncreateuser.pm,v 1.451 2019/04/29 22:19:24 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -1511,7 +1511,7 @@
($env{'request.role.domain'} eq $ccdomain)) {
$user_text{'requestauthor'} = &domainrole_req($ccuname,$ccdomain);
}
- $user_text{'auth'} = &user_authentication($ccuname,$ccdomain,$formname);
+ $user_text{'auth'} = &user_authentication($ccuname,$ccdomain,$formname,$crstype,$permission);
if ((&Apache::lonnet::allowed('mpq',$ccdomain)) ||
(&Apache::lonnet::allowed('mut',$ccdomain)) ||
(&Apache::lonnet::allowed('udp',$ccdomain))) {
@@ -2198,7 +2198,7 @@
}
sub user_authentication {
- my ($ccuname,$ccdomain,$formname) = @_;
+ my ($ccuname,$ccdomain,$formname,$crstype,$permission) = @_;
my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
my $outcome;
my %lt=&Apache::lonlocal::texthash(
@@ -2271,6 +2271,43 @@
}
$outcome .= &Apache::loncommon::end_data_table();
} else {
+ if (($currentauth =~ /^internal:/) &&
+ (&Apache::lonuserutils::can_change_internalpass($ccuname,$ccdomain,$crstype,$permission))) {
+ $outcome = <<"ENDJS";
+<script type="text/javascript">
+// <![CDATA[
+function togglePwd(form) {
+ if (form.newintpwd.length) {
+ if (document.getElementById('LC_ownersetpwd')) {
+ for (var i=0; i<form.newintpwd.length; i++) {
+ if (form.newintpwd[i].checked) {
+ if (form.newintpwd[i].value == 1) {
+ document.getElementById('LC_ownersetpwd').style.display = 'inline-block';
+ } else {
+ document.getElementById('LC_ownersetpwd').style.display = 'none';
+ }
+ }
+ }
+ }
+ }
+}
+// ]]>
+</script>
+ENDJS
+
+ $outcome .= '<h3>'.$lt{'ld'}.'</h3>'.
+ &Apache::loncommon::start_data_table().
+ &Apache::loncommon::start_data_table_row().
+ '<td>'.&mt('Internally authenticated').'<br />'.&mt("Change user's password?").
+ '<label><input type="radio" name="newintpwd" value="0" checked="checked" onclick="togglePwd(this.form);" />'.
+ &mt('No').'</label>'.(' 'x2).
+ '<label><input type="radio" name="newintpwd" value="1" onclick="togglePwd(this.form);" />'.&mt('Yes').'</label>'.
+ '<div id="LC_ownersetpwd" style="display:none">'.
+ ' '.&mt('Password').' <input type="password" size="15" name="intarg" value="" />'.
+ '<label><input type="checkbox" name="visible" onclick="if (this.checked) { this.form.intarg.type='."'text'".' } else { this.form.intarg.type='."'password'".' }" />'.&mt('Visible input').'</label></div></td>'.
+ &Apache::loncommon::end_data_table_row().
+ &Apache::loncommon::end_data_table();
+ }
if (&Apache::lonnet::allowed('udp',$ccdomain)) {
# Current user has rights to view domain preferences for user's domain
my $result;
@@ -2289,7 +2326,7 @@
} elsif ($currentauth =~ /^unix:/) {
$result = &mt('Currently Filesystem Authenticated.');
} elsif ($currentauth =~ /^lti:/) {
- $result = &mt('Currently LTi authenticated.');
+ $result = &mt('Currently LTI authenticated.');
}
$outcome = '<h3>'.$lt{'ld'}.'</h3>'.
&Apache::loncommon::start_data_table().
@@ -2730,7 +2767,7 @@
# ================================================================= Phase Three
sub update_user_data {
- my ($r,$context,$crstype,$brcrum,$showcredits) = @_;
+ my ($r,$context,$crstype,$brcrum,$showcredits,$permission) = @_;
my $uhome=&Apache::lonnet::homeserver($env{'form.ccuname'},
$env{'form.ccdomain'});
# Error messages
@@ -3020,6 +3057,13 @@
# Okay, this is a non-fatal error.
$r->print($error.&mt('You do not have the authority to modify this users authentication information.').$end);
}
+ } elsif (($env{'form.intarg'} ne '') &&
+ (&Apache::lonnet::queryauthenticate($env{'form.ccuname'},$env{'form.ccdomain'}) =~ /^internal:/) &&
+ (&Apache::lonuserutils::can_change_internalpass($env{'form.ccuname'},$env{'form.ccdomain'},$crstype,$permission))) {
+ $r->print('Modifying authentication: '.
+ &Apache::lonnet::modifyuserauth(
+ $env{'form.ccdomain'},$env{'form.ccuname'},
+ 'internal',$env{'form.intarg'}));
}
$r->rflush(); # Finish display of header before time consuming actions start
&Apache::lonhtmlcommon::Increment_PrgWin($r,\%prog_state);
@@ -4928,7 +4972,7 @@
&print_useraccesslogs_display($r,$ccuname,$ccdomain,$permission,$brcrum);
}
} elsif ($env{'form.phase'} eq 'update_user_data') {
- &update_user_data($r,$context,$crstype,$brcrum,$showcredits);
+ &update_user_data($r,$context,$crstype,$brcrum,$showcredits,$permission);
} else {
&print_username_entry_form($r,$context,undef,$srch,undef,$crstype,
$brcrum,$permission);
Index: loncom/auth/roles.tab
diff -u loncom/auth/roles.tab:1.72 loncom/auth/roles.tab:1.73
--- loncom/auth/roles.tab:1.72 Mon Jan 15 01:17:48 2018
+++ loncom/auth/roles.tab Mon Apr 29 22:19:35 2019
@@ -2,7 +2,7 @@
dc:s bre:sma:adv:mcr:srm
dc:d cli&UIK:cau&UIK:cca&UIK:caa&UIK:cdg&UIK:cdh&UIK:cda&UIK:mau:ccc&U:cco&U:cin&UIK:cta&UIK:cep&UIK:ccr&UIK:cst&UIK:cad&UIK:csc&UIK:dro:mky:psa:usc:mpq:mut:vac:eco&U
cc:s bre:sma:mcr:vsa:adv:vcl
-cc:c cin&IK:cta&IK:cep&IK:ccr&IK:cst&IK:are:cre:ere:vgr:gan:dcm:evb:srm:dff:opa:mgr:mqg:mgq:rin:pch:plc:mdc:usc:vsa:vcl:mdg:vcg:pav:pfo:whn:las:pac:dch
+cc:c cin&IK:cta&IK:cep&IK:ccr&IK:cst&IK:mip&I:are:cre:ere:vgr:gan:dcm:evb:srm:dff:opa:mgr:mqg:mgq:rin:pch:plc:mdc:usc:vsa:vcl:mdg:vcg:pav:pfo:whn:las:pac:dch
co:s bro:sma:mcr:vsa:adv:vcl
co:c cin&IK:cta&IK:cep&IK:ccr&IK:cst&IK:are:bre:cre:ere:vgr:gan:dcm:evb:srm:dff:opa:mgr:mqg:mgq:rin:pch:plc:mdc:usc:vsa:vcl:mdg:vcg:pav:pfo:whn:las:pac:dch
in:s sma:vgr:adv
Index: loncom/auth/rolesplain.tab
diff -u loncom/auth/rolesplain.tab:1.52 loncom/auth/rolesplain.tab:1.53
--- loncom/auth/rolesplain.tab:1.52 Fri Sep 29 19:18:14 2017
+++ loncom/auth/rolesplain.tab Mon Apr 29 22:19:35 2019
@@ -52,6 +52,7 @@
mky:Manage access keys
mcr:Create a Course Custom Role:Create a Community Custom Role
mau:Modify authentication mechanism and data for a user
+mip:Modify password for internally authenticated user
mpq:Modify disk space allocated to portfolio files for a user
mut:Set availability of user tools for a user - Personal Information Page, Blog and Portfolio
udp:View user tools and domain settings
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1408 loncom/lonnet/perl/lonnet.pm:1.1409
--- loncom/lonnet/perl/lonnet.pm:1.1408 Fri Apr 26 20:22:27 2019
+++ loncom/lonnet/perl/lonnet.pm Mon Apr 29 22:19:45 2019
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1408 2019/04/26 20:22:27 raeburn Exp $
+# $Id: lonnet.pm,v 1.1409 2019/04/29 22:19:45 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -8083,8 +8083,22 @@
if ($env{'user.priv.'.$env{'request.role'}.'.'.$courseuri}
=~/\Q$priv\E\&([^\:]*)/) {
- unless (($priv eq 'bro') && (!$ownaccess)) {
- $thisallowed.=$1;
+ if ($priv eq 'mip') {
+ my $rem = $1;
+ if (($uri ne '') && ($env{'request.course.id'} eq $uri) &&
+ ($env{'course.'.$env{'request.course.id'}.'.internal.courseowner'} eq $env{'user.name'}.':'.$env{'user.domain'})) {
+ my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ if ($cdom ne '') {
+ my %passwdconf = &Apache::lonnet::get_passwdconf($cdom);
+ if ($passwdconf{'crsownerchg'}) {
+ $thisallowed.=$rem;
+ }
+ }
+ }
+ } else {
+ unless (($priv eq 'bro') && (!$ownaccess)) {
+ $thisallowed.=$1;
+ }
}
}
@@ -8173,6 +8187,16 @@
if ($env{'request.course.id'}) {
+# If this is modifying password (internal auth) domains must match for user and user's role.
+
+ if ($priv eq 'mip') {
+ if ($env{'user.domain'} eq $env{'request.role.domain'}) {
+ return $thisallowed;
+ } else {
+ return '';
+ }
+ }
+
$courseprivid=$env{'request.course.id'};
if ($env{'request.course.sec'}) {
$courseprivid.='/'.$env{'request.course.sec'};
@@ -10077,7 +10101,22 @@
sub modifyuserauth {
my ($udom,$uname,$umode,$upass)=@_;
my $uhome=&homeserver($uname,$udom);
- unless (&allowed('mau',$udom)) { return 'refused'; }
+ my $allowed;
+ if (&allowed('mau',$udom)) {
+ $allowed = 1;
+ } elsif (($umode eq 'internal') && ($udom eq $env{'user.domain'}) &&
+ ($env{'request.course.id'}) && (&allowed('mip',$env{'request.course.id'})) &&
+ (!$env{'course.'.$env{'request.course.id'}.'.internal.nopasswdchg'})) {
+ my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+ if (($cdom ne '') && ($cnum ne '')) {
+ my $is_owner = &is_course_owner($cdom,$cnum);
+ if ($is_owner) {
+ $allowed = 1;
+ }
+ }
+ }
+ unless ($allowed) { return 'refused'; }
&logthis('Call to modify user authentication '.$udom.', '.$uname.', '.
$umode.' by '.$env{'user.name'}.' at '.$env{'user.domain'}.
' in domain '.$env{'request.role.domain'});
More information about the LON-CAPA-cvs
mailing list