[LON-CAPA-cvs] cvs: loncom /interface loncommon.pm lonrss.pm
raeburn
lon-capa-cvs@mail.lon-capa.org
Fri, 01 Dec 2006 20:17:48 -0000
This is a MIME encoded message
--raeburn1165004268
Content-Type: text/plain
raeburn Fri Dec 1 15:17:48 2006 EDT
Modified files:
/loncom/interface loncommon.pm lonrss.pm
Log:
lonrss.pm --
bug 5055 (part). A logged in user may not edit any of his/her own course or other blogs if he/she has any roles in courses with active blocks with the 'blogs' option set, and does not have the evb privilege.
A logged-in user subject to active blocks can not view personal or course blogs of other users via the web.
A public user may not view the personal or course blogs of any user who is in a course with active blocks (blogs option set) who does not have the evb privilege.
Course blogs (i.e., the ones with links on the syllabus page) which are owned by the course instead of an actual user are always visible.
Replace http://$ENV{'HTTP_HOST'} with call to lonnet::absolute_url()
reg exp used to check is username is a course or an actual user changed. This will be switched in the near future to call a function in LONCAPA.pm
loncommon.pm --
$uname and $udom can be passed in to &finallcourses() to allow active course information to be retrieved for users other than logged in user.
reg exp for custom role was not saving section information from role in &findallcourses()
hash value set in %courses in &findallcourses() is now a string containing role, domain, num, and section instead of 1.
$uname and $udom can be passed in to &blockcheck() to allow blocking checks to be made for users other than the logged in user.
--raeburn1165004268
Content-Type: text/plain
Content-Disposition: attachment; filename="raeburn-20061201151748.txt"
Index: loncom/interface/loncommon.pm
diff -u loncom/interface/loncommon.pm:1.481 loncom/interface/loncommon.pm:1.482
--- loncom/interface/loncommon.pm:1.481 Thu Nov 30 19:28:14 2006
+++ loncom/interface/loncommon.pm Fri Dec 1 15:17:47 2006
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# a pile of common routines
#
-# $Id: loncommon.pm,v 1.481 2006/12/01 00:28:14 banghart Exp $
+# $Id: loncommon.pm,v 1.482 2006/12/01 20:17:47 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -2804,30 +2804,77 @@
#########################################
sub findallcourses {
- my ($roles) = @_;
+ my ($roles,$uname,$udom) = @_;
my %roles;
if (ref($roles)) { %roles = map { $_ => 1 } @{$roles}; }
my %courses;
my $now=time;
- foreach my $key (keys(%env)) {
- if ( $key=~m{^user\.role\.(\w+)\./($match_domain)/($match_username)/?(\w*)$} ||
- $key=~m{^user\.role\.(cr/$match_domain/$match_username/\w+)\./($match_domain)/($match_username)}) {
- my ($role,$domain,$id,$sec) = ($1,$2,$3,$4);
- next if ($role eq 'ca' || $role eq 'aa');
- next if (%roles && !exists($roles{$role}));
- my ($starttime,$endtime)=split(/\./,$env{$key});
- my $active=1;
- if ($starttime) {
- if ($now<$starttime) { $active=0; }
- }
- if ($endtime) {
- if ($now>$endtime) { $active=0; }
- }
- if ($active) {
- if ($sec eq '') {
- $sec = 'none';
+ if (!defined($uname)) {
+ $uname = $env{'user.name'};
+ }
+ if (!defined($udom)) {
+ $udom = $env{'user.domain'};
+ }
+ if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) {
+ my %roleshash = &Apache::lonnet::dump('roles',$udom,$uname);
+ if (!%roles) {
+ %roles = (
+ cc => 1,
+ in => 1,
+ ep => 1,
+ ta => 1,
+ cr => 1,
+ st => 1,
+ );
+ }
+ foreach my $entry (keys(%roleshash)) {
+ my ($trole,$tend,$tstart) = split(/_/,$roleshash{$entry});
+ if ($trole =~ /^cr/) {
+ next if (!exists($roles{$trole}) && !exists($roles{'cr'}));
+ } else {
+ next if (!exists($roles{$trole}));
+ }
+ if ($tend) {
+ next if ($tend < $now);
+ }
+ if ($tstart) {
+ next if ($tstart > $now);
+ }
+ my ($cdom,$cnum,$sec,$cnumpart,$secpart,$role,$realsec);
+ (undef,$cdom,$cnumpart,$secpart) = split(/\//,$entry);
+ if ($secpart eq '') {
+ ($cnum,$role) = split(/_/,$cnumpart);
+ $sec = 'none';
+ $realsec = '';
+ } else {
+ $cnum = $cnumpart;
+ ($sec,$role) = split(/_/,$secpart);
+ $realsec = $sec;
+ }
+ $courses{$cdom.'_'.$cnum}{$sec} = $trole.'/'.$cdom.'/'.$cnum.'/'.$realsec;
+ }
+ } else {
+ foreach my $key (keys(%env)) {
+ if ( $key=~m{^user\.role\.(\w+)\./($match_domain)/($match_username)/?(\w*)$} ||
+ $key=~m{^user\.role\.(cr/$match_domain/$match_username/\w+)\./($match_domain)/($match_username)/?(\w*)$}) {
+ my ($role,$cdom,$cnum,$sec) = ($1,$2,$3,$4);
+ next if ($role eq 'ca' || $role eq 'aa');
+ next if (%roles && !exists($roles{$role}));
+ my ($starttime,$endtime)=split(/\./,$env{$key});
+ my $active=1;
+ if ($starttime) {
+ if ($now<$starttime) { $active=0; }
+ }
+ if ($endtime) {
+ if ($now>$endtime) { $active=0; }
+ }
+ if ($active) {
+ if ($sec eq '') {
+ $sec = 'none';
+ }
+ $courses{$cdom.'_'.$cnum}{$sec} =
+ $role.'/'.$cdom.'/'.$cnum.'/'.$sec;
}
- $courses{$domain.'_'.$id}{$sec} = 1;
}
}
}
@@ -2837,34 +2884,75 @@
###############################################
sub blockcheck {
- my ($setters,$activity) = @_;
- # Retrieve active student roles and active course coordinator/instructor roles
+ my ($setters,$activity,$uname,$udom) = @_;
+ # Retrieve active course roles - course coordinator, instructor, exam proctor, ta, student or custom role.
- my %live_courses = &findallcourses();
+ my %live_courses = &findallcourses(undef,$uname,$udom);
# Retrieve blocking times and identity of blocker for active courses
- # unless user has 'evb' privilege.
+ # of specified user, unless user has 'evb' privilege.
my $startblock = 0;
my $endblock = 0;
foreach my $course (keys(%live_courses)) {
- my $cdom = $env{'course.'.$course.'.domain'};
- my $cnum = $env{'course.'.$course.'.num'};
- my $noblock = 0;
+ my ($cdom,$cnum);
+ if ((defined($env{'course.'.$course.'.domain'})) && (defined($env{'course.'.$course.'.num'}))) {
+ $cdom = $env{'course.'.$course.'.domain'};
+ $cnum = $env{'course.'.$course.'.num'};
+ } else {
+ ($cdom,$cnum) = split(/_/,$course);
+ }
+ my $no_ownblock = 0;
+ my $no_userblock = 0;
foreach my $sec (keys(%{$live_courses{$course}})) {
- my $role = 'cm./'.$cdom.'/'.$cnum;
+ my $checkrole = 'cm./'.$cdom.'/'.$cnum;
if ($sec ne 'none') {
- $role .= '/'.$sec;
+ $checkrole .= '/'.$sec;
}
- if (&Apache::lonnet::allowed('evb',undef,undef,$role)) {
- $noblock = 1;
- last;
+ if ((defined($uname) && ($uname ne $env{'user.name'})) ||
+ (defined($udom) && ($udom ne $env{'user.domain'}))) {
+ my ($trole,$tdom,$tnum,$tsec);
+ my $entry = $live_courses{$course}{$sec};
+ if ($entry =~ /^cr/) {
+ ($trole,$tdom,$tnum,$tsec) =
+ ($entry =~ m|^(cr/$match_domain/$match_username/\w+)\./($match_domain)/($match_username)/?(\w*)$|);
+ } else {
+ ($trole,$tdom,$tnum,$tsec) = split(/\//,$entry);
+ }
+ my ($spec,$area,$trest,%allroles,%userroles);
+ $area = '/'.$tdom.'/'.$tnum;
+ $trest = $tnum;
+ if ($tsec ne '') {
+ $area .= '/'.$tsec;
+ $trest .= '/'.$tsec;
+ }
+ $spec = $trole.'.'.$area;
+ if ($trole =~ /^cr/) {
+ &Apache::lonnet::custom_roleprivs(\%allroles,$trole,
+ $tdom,$spec,$trest,$area);
+ } else {
+ &Apache::lonnet::standard_roleprivs(\%allroles,$trole,
+ $tdom,$spec,$trest,$area);
+ }
+ my ($author,$adv) = &Apache::lonnet::set_userprivs(\%userroles,\%allroles);
+ if ($userroles{'user.priv.'.$checkrole} =~ /evb\&([^\:]*)/) {
+ if ($1) {
+ $no_userblock = 1;
+ last;
+ }
+ }
+ } else {
+ if (&Apache::lonnet::allowed('evb',undef,undef,$checkrole)) {
+ $no_ownblock = 1;
+ last;
+ }
}
}
# if they have the evb priv and are currently not playing student
- next if (($noblock) &&
+ next if (($no_ownblock) &&
($env{'request.role'} !~ m{^st\./$cdom/$cnum}));
+ next if ($no_userblock);
$setters->{$course} = {};
$setters->{$course}{'staff'} = [];
Index: loncom/interface/lonrss.pm
diff -u loncom/interface/lonrss.pm:1.28 loncom/interface/lonrss.pm:1.29
--- loncom/interface/lonrss.pm:1.28 Mon Oct 2 12:47:57 2006
+++ loncom/interface/lonrss.pm Fri Dec 1 15:17:47 2006
@@ -1,7 +1,7 @@
# The LearningOnline Network
# RSS Feeder
#
-# $Id: lonrss.pm,v 1.28 2006/10/02 16:47:57 albertel Exp $
+# $Id: lonrss.pm,v 1.29 2006/12/01 20:17:47 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -92,10 +92,11 @@
if ($edit) {
$mode='adm';
}
+ my $server = &Apache::lonnet::absolute_url();
foreach my $feed (sort(keys(%feednames))) {
if (($feed!~/^error\:/) && ($feed!~/^feed\_display\_option\_/)) {
- my $feedurl='http://'.$ENV{'HTTP_HOST'}.'/public/'.$udom.'/'.$uname.'/'.$feed.'.rss';
- my $htmlurl='http://'.$ENV{'HTTP_HOST'}.'/'.$mode.'/'.$udom.'/'.$uname.'/'.$feed.'_rss.html';
+ my $feedurl= $server.'/public/'.$udom.'/'.$uname.'/'.$feed.'.rss';
+ my $htmlurl= $server.'/'.$mode.'/'.$udom.'/'.$uname.'/'.$feed.'_rss.html';
if ($feednames{'feed_display_option_'.$feed} eq 'hidden') {
if ($edit) {
$feeds.='<li><i>'.$feednames{$feed}.'</i><br />'.&mt('Hidden').': <a href="'.$htmlurl.'"><tt>'.$htmlurl.'</tt></a></li>';
@@ -210,6 +211,52 @@
}
+sub blocking_blogdisplay {
+ my ($uname,$udom,$html,$filterfeedname) = @_;
+ my $user = &Apache::loncommon::plainname($uname,$udom);
+ if ($html) {
+ $user = &Apache::loncommon::aboutmewrapper($user,$uname,$udom);
+ } else {
+ $user = $user.' ('.$uname.':'.$udom.')';
+ }
+ my %setters;
+ my ($blocked,$output,$blockcause);
+ my ($startblock,$endblock) =
+ &Apache::loncommon::blockcheck(\%setters,'blogs');
+ if ($startblock && $endblock) {
+ $blockcause = 'user';
+ } else {
+ if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) {
+ ($startblock,$endblock) =
+ &Apache::loncommon::blockcheck(\%setters,'blogs',
+ $uname,$udom);
+ $blockcause = 'blogowner';
+ }
+ }
+ if ($startblock && $endblock) {
+ $blocked = 1;
+ my $showstart = &Apache::lonlocal::locallocaltime($startblock);
+ my $showend = &Apache::lonlocal::locallocaltime($endblock);
+ $output = &mt('Blogs belonging to [_1] are unavailable from [_2] to [_3].',$user,$showstart,$showend);
+ if ($html) {$output.='<br />';}
+ if ($blockcause eq 'user') {
+ $output .= &mt('This is because you are a student in one or more courses in which communication is being blocked.');
+ if ($html) {
+ $output .= '<br />'.
+ &Apache::loncommon::build_block_table($startblock,
+ $endblock,\%setters);
+ }
+ } else {
+ $output .= &mt('This is because the blog owner is a student in one or more courses in which communication is being blocked.');
+ }
+ if (!$html) {
+ my $id = &get_new_feed_id();
+ $output = '<title/><item><title/><description>'.$output."</description><link/><guid isPermaLink='false'>".$id.$filterfeedname.'_'.$udom.'_'.$uname.'</guid></item>';
+ }
+ }
+ return ($blocked,$output);
+}
+
sub handler {
my ($r) = @_;
@@ -240,6 +287,10 @@
my $filterfeedname=&filterfeedname($filename);
my $feedname=&feedname($filename);
my ($displayfeedname,$displayoption)=&displayfeedname($filename,$uname,$udom);
+ my ($blocked,$blocktext);
+ if ($uname !~ /^\d\w\d[\w\-.]+$/) {
+ ($blocked,$blocktext) = &blocking_blogdisplay($uname,$udom,$html,$filterfeedname);
+ }
if ($html) {
my $title = $displayfeedname?$displayfeedname
:"Available RSS Feeds and Blogs";
@@ -249,8 +300,9 @@
$env{'form.register'}}).
&changed_js());
} else { # render RSS
+ my $server = &Apache::lonnet::absolute_url();
$r->print("<rss version='2.0' xmlns:dc='http://purl.org/dc/elements/1.1'>\n<channel>".
- "\n<link>http://".$ENV{'HTTP_HOST'}.'/public/'.$udom.'/'.$uname.'/'.
+ "\n".'<link>'.$server.'/public/'.$udom.'/'.$uname.'/'.
$filterfeedname.'_rss.html</link>'.
"\n<description>".
&mt('An RSS Feed provided by the LON-CAPA Learning Content Management System').
@@ -260,7 +312,7 @@
my $newid = &get_new_feed_id();
# Is this user for real?
my $homeserver=&Apache::lonnet::homeserver($uname,$udom);
- if ($html) {
+ if ($html && !$blocked) {
# Any new feeds or renaming of feeds?
if ($edit) {
# Hide a feed?
@@ -289,10 +341,13 @@
}
if ($homeserver eq 'no_host') {
$r->print(($html?'<h3>':'<title>').&mt('No feed available').($html?'</h3>':'</title>'));
+ } elsif ($blocked) {
+ $r->print($blocktext);
+ $r->print(($html?&Apache::loncommon::end_page():'</channel></rss>'."\n"));
} else { # is indeed a user
# Course or user?
my $name='';
- if ($uname=~/^\d/) {
+ if ($uname =~ /^\d\w\d[\w\-.]+$/) {
my %cenv=&Apache::lonnet::dump('environment',$udom,$uname);
$name=$cenv{'description'};
} else {
@@ -349,6 +404,8 @@
}
} #done storing
+# Render private items?
+ my $viewpubliconly=1;
$r->print("\n".
($html?'<hr /><h3>':'<title>').
&mt('LON-CAPA Feed "[_1]" for [_2]',$displayfeedname,$name).
@@ -357,11 +414,9 @@
&mt('Name of this Feed').
': <input type="text" size="50" name="newblogname" value="'.
$displayfeedname.'" />':'').'<ul>':'</title>'));
-# Render private items?
- my $viewpubliconly=1;
if (($env{'user.name'} eq $uname) && ($env{'user.domain'} eq $udom)) {
$viewpubliconly=0;
- }
+ }
# Get feed items
my %newsfeed=&Apache::lonnet::dump($feedname,$udom,$uname);
foreach my $entry (sort(keys(%newsfeed)),$newid.'_status') {
--raeburn1165004268--