[LON-CAPA-cvs] cvs: loncom /interface lonuserutils.pm
raeburn
lon-capa-cvs-allow@mail.lon-capa.org
Fri, 30 May 2008 17:18:21 -0000
This is a MIME encoded message
--raeburn1212167901
Content-Type: text/plain
raeburn Fri May 30 13:18:21 2008 EDT
Modified files:
/loncom/interface lonuserutils.pm
Log:
Bug 3155. Can include a domain in user uploads. User changes subject to following constraints:
- New users can not be created in other domains
- No modification of user information for existing users in other domains.
(where an "other domain" is a domain that is not $env{'request.role.domain'}.
--raeburn1212167901
Content-Type: text/plain
Content-Disposition: attachment; filename="raeburn-20080530131821.txt"
Index: loncom/interface/lonuserutils.pm
diff -u loncom/interface/lonuserutils.pm:1.56 loncom/interface/lonuserutils.pm:1.57
--- loncom/interface/lonuserutils.pm:1.56 Wed May 28 20:43:21 2008
+++ loncom/interface/lonuserutils.pm Fri May 30 13:18:21 2008
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Utility functions for managing LON-CAPA user accounts
#
-# $Id: lonuserutils.pm,v 1.56 2008/05/29 00:43:21 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.57 2008/05/30 17:18:21 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -383,12 +383,13 @@
section => 'The optional section field was not specified.',
email => 'The optional email address field was not specified.',
role => 'The optional role field was not specified.',
+ domain => 'The optional domain field was not specified.',
continue => 'Continue adding users?',
);
my $function_name = <<"END";
$setsections_js
-function verify_message (vf,founduname,foundpwd,foundname,foundid,foundsec,foundemail) {
+function verify_message (vf,founduname,foundpwd,foundname,foundid,foundsec,foundemail,foundrole,founddomain) {
END
my ($authnum,%can_assign) = &Apache::loncommon::get_assignable_auth($domain);
my $auth_checks;
@@ -503,6 +504,18 @@
}
message+='$alert{'email'}';
}
+ if (foundrole==0) {
+ if (message!='') {
+ message+='\\n';
+ }
+ message+='$alert{'role'}';
+ }
+ if (founddomain==0) {
+ if (message!='') {
+ message+='\\n';
+ }
+ message+='$alert{'domain'}';
+ }
if (message!='') {
message+= '\\n$alert{'continue'}';
if (confirm(message)) {
@@ -532,6 +545,7 @@
var foundsec=0;
var foundemail=0;
var foundrole=0;
+ var founddomain=0;
var tw;
for (i=0;i<=vf.nfields.value;i++) {
tw=eval('vf.f'+i+'.selectedIndex');
@@ -542,8 +556,9 @@
if (tw==9) { foundpwd=1; }
if (tw==10) { foundemail=1; }
if (tw==11) { foundrole=1; }
+ if (tw==12) { founddomain=1; }
}
- verify_message(vf,founduname,foundpwd,foundname,foundid,foundsec,foundemail,foundrole);
+ verify_message(vf,founduname,foundpwd,foundname,foundid,foundsec,foundemail,foundrole,founddom);
}
//
@@ -564,6 +579,7 @@
// 9 = ipwd (password)
// 10 = email address
// 11 = role
+// 12 = domain
function flip(vf,tf) {
var nw=eval('vf.f'+tf+'.selectedIndex');
@@ -627,6 +643,7 @@
var foundid=0;
var foundsec=0;
var foundrole=0;
+ var founddomain=0;
var tw;
for (i=0;i<=vf.nfields.value;i++) {
tw=eval('vf.f'+i+'.selectedIndex');
@@ -636,8 +653,9 @@
if (i==7 && tw!=0) { foundsec=1; }
if (i==8 && tw!=0) { foundpwd=1; }
if (i==9 && tw!=0) { foundrole=1; }
+ if (i==10 && tw!=0) { founddomain=1; }
}
- verify_message(vf,founduname,foundpwd,foundname,foundid,foundsec,foundrole);
+ verify_message(vf,founduname,foundpwd,foundname,foundid,foundsec,foundrole,founddomain);
}
function flip(vf,tf) {
@@ -700,7 +718,7 @@
$Str .= &hidden_input('keyfields',$keyfields);
$Str .= "<h3>".&mt('Login Type')."</h3>\n";
if ($context eq 'domain') {
- $Str .= '<p>'.&mt('Change authentication for existing users to these settings?').' <span class="LC_nobreak"><label><input type="radio" name="changeauth" value="No" checked="checked" />'.&mt('No').'</label> <label><input type="radio" name="changeauth" value="Yes" />'.&mt('Yes').'</label></span></p>';
+ $Str .= '<p>'.&mt('Change authentication for existing users in domain "[_1]" to these settings?',$defdom).' <span class="LC_nobreak"><label><input type="radio" name="changeauth" value="No" checked="checked" />'.&mt('No').'</label> <label><input type="radio" name="changeauth" value="Yes" />'.&mt('Yes').'</label></span></p>';
} else {
$Str .= "<p>\n".
&mt('Note: this will not take effect if the user already exists').
@@ -718,6 +736,8 @@
} else {
$Str .= $home_server_pick;
}
+ $Str .= '<h3>'.&mt('Default domain').'</h3>'."\n".
+ &Apache::loncommon::select_dom_form($defdom,'defaultdomain',undef,1);
$Str .= '<h3>'.&mt('Starting and Ending Dates').
"</h3>\n";
$Str .= "<p>\n".$date_table."</p>\n";
@@ -818,6 +838,7 @@
'ipwd_choice' => 'scalar',
'email_choice' => 'scalar',
'role_choice' => 'scalar',
+ 'domain_choice' => 'scalar',
};
my $defdom = $env{'request.role.domain'};
if ($context eq 'course') {
@@ -848,7 +869,8 @@
['sec', &mt('Section'), $env{'form.sec_choice'}],
['ipwd', &mt('Initial Password'),$env{'form.ipwd_choice'}],
['email',&mt('E-mail Address'), $env{'form.email_choice'}],
- ['role',&mt('Role'), $env{'form.role_choice'}]);
+ ['role',&mt('Role'), $env{'form.role_choice'}],
+ ['domain',&mt('Domain'), $env{'form.domain_choice'}]);
if ($env{'form.upfile_associate'} eq 'reverse') {
&Apache::loncommon::csv_print_samples($r,\@records);
$i=&Apache::loncommon::csv_print_select_table($r,\@records,
@@ -3347,7 +3369,7 @@
#
# Store the field choices away
foreach my $field (qw/username names
- fname mname lname gen id sec ipwd email role/) {
+ fname mname lname gen id sec ipwd email role domain/) {
$env{'form.'.$field.'_choice'}=$fields{$field};
}
&Apache::loncommon::store_course_settings('enrollment_upload',
@@ -3361,19 +3383,26 @@
'sec_choice' => 'scalar',
'ipwd_choice' => 'scalar',
'email_choice' => 'scalar',
- 'role_choice' => 'scalar' });
+ 'role_choice' => 'scalar',
+ 'domain_choice' => 'scalar'});
#
my ($startdate,$enddate) = &get_dates_from_form();
if ($env{'form.makedatesdefault'}) {
$r->print(&make_dates_default($startdate,$enddate,$context));
}
# Determine domain and desired host (home server)
- my $domain=$env{'request.role.domain'};
+ my $defdom=$env{'request.role.domain'};
+ my $domain;
+ if ($env{'form.defaultdomain'} ne '') {
+ $domain = $env{'form.defaultdomain'};
+ } else {
+ $domain = $defdom;
+ }
my $desiredhost = $env{'form.lcserver'};
if (lc($desiredhost) eq 'default') {
$desiredhost = undef;
} else {
- my %home_servers = &Apache::lonnet::get_servers($domain,'library');
+ my %home_servers = &Apache::lonnet::get_servers($defdom,'library');
if (! exists($home_servers{$desiredhost})) {
$r->print('<span class="LC_error">'.&mt('Error').
&mt('Invalid home server specified').'</span>');
@@ -3564,7 +3593,25 @@
'</b>');
next;
} else {
+ my $baddom = 0;
+ if ($entries{$fields{'dom'}}
+ ne &LONCAPA::clean_domain($entries{$fields{'domain'}})) {
+ $baddom = 1;
+ } else {
+ if (&Apache::lonnet::domain($entries{$fields{'domain'}}) eq '') {
+ $baddom = 1;
+ }
+ }
+ if ($baddom) {
+ $r->print('<br />'. '<b>'.$entries{$fields{'domain'}}.
+ '</b>: '.&mt('Unacceptable domain for user [_2] [_3] [_4] [_5]',$fname,$mname,$lname,$gen).'</b>');
+ next;
+ }
my $username = $entries{$fields{'username'}};
+ my $userdomain = $entries{$fields{'domain'}};
+ if ($userdomain eq '') {
+ $userdomain = $domain;
+ }
if (defined($fields{'sec'})) {
if (defined($entries{$fields{'sec'}})) {
$entries{$fields{'sec'}} =~ s/\W//g;
@@ -3582,8 +3629,8 @@
}
if ($env{'request.course.sec'} ne '') {
@secs = ($env{'request.course.sec'});
- if (ref($userlist{$username.':'.$domain}) eq 'ARRAY') {
- my $currsec = $userlist{$username.':'.$domain}[$secidx];
+ if (ref($userlist{$username.':'.$userdomain}) eq 'ARRAY') {
+ my $currsec = $userlist{$username.':'.$userdomain}[$secidx];
if ($currsec ne $env{'request.course.sec'}) {
$r->print('<br />'.&mt('<b>[_1]</b>: Unable to enroll user [_2] [_3] [_4] [_5] in a section named "[_6]".',$username,$fname,$mname,$lname,$gen,$secs[0]).'<br />');
if ($currsec eq '') {
@@ -3645,16 +3692,16 @@
$role = $defaultrole;
}
# Clean up whitespace
- foreach (\$domain,\$username,\$id,\$fname,\$mname,
- \$lname,\$gen) {
+ foreach (\$id,\$fname,\$mname,\$lname,\$gen) {
$$_ =~ s/(\s+$|^\s+)//g;
}
# check against rules
my $checkid = 0;
my $newuser = 0;
my (%rulematch,%inst_results,%idinst_results);
- my $uhome=&Apache::lonnet::homeserver($username,$domain);
+ my $uhome=&Apache::lonnet::homeserver($username,$userdomain);
if ($uhome eq 'no_host') {
+ next if ($userdomain ne $domain);
$checkid = 1;
$newuser = 1;
my $checkhash;
@@ -3670,38 +3717,40 @@
}
} else {
if ($context eq 'course' || $context eq 'author') {
- if ($role eq '') {
- my @checkroles;
- foreach my $role (@poss_roles) {
- my $endkey;
- if ($role ne 'st') {
- $endkey = ':'.$role;
- }
- if (exists($userlist{$username.':'.$domain.$endkey})) {
- if (!grep(/^\Q$role\E$/,@checkroles)) {
- push(@checkroles,$role);
+ if ($userdomain eq $domain ) {
+ if ($role eq '') {
+ my @checkroles;
+ foreach my $role (@poss_roles) {
+ my $endkey;
+ if ($role ne 'st') {
+ $endkey = ':'.$role;
+ }
+ if (exists($userlist{$username.':'.$userdomain.$endkey})) {
+ if (!grep(/^\Q$role\E$/,@checkroles)) {
+ push(@checkroles,$role);
+ }
}
}
+ if (@checkroles > 0) {
+ %canmodify = &can_modify_userinfo($context,$domain,\@userinfo,\@checkroles);
+ }
+ } elsif (ref($modifiable_fields{$role}) eq 'HASH') {
+ %canmodify = %{$modifiable_fields{$role}};
}
- if (@checkroles > 0) {
- %canmodify = &can_modify_userinfo($context,$domain,\@userinfo,\@checkroles);
- }
- } elsif (ref($modifiable_fields{$role}) eq 'HASH') {
- %canmodify = %{$modifiable_fields{$role}};
}
- }
- my @newinfo = (\$fname,\$mname,\$lname,\$gen,\$email,\$id);
- for (my $i=0; $i<@userinfo; $i++) {
- if (${$newinfo[$i]} ne '') {
- if (!$canmodify{$userinfo[$i]}) {
- ${$newinfo[$i]} = '';
+ my @newinfo = (\$fname,\$mname,\$lname,\$gen,\$email,\$id);
+ for (my $i=0; $i<@userinfo; $i++) {
+ if (${$newinfo[$i]} ne '') {
+ if (!$canmodify{$userinfo[$i]}) {
+ ${$newinfo[$i]} = '';
+ }
}
}
}
}
if ($id ne '') {
if (!$newuser) {
- my %idhash = &Apache::lonnet::idrget($domain,($username));
+ my %idhash = &Apache::lonnet::idrget($userdomain,($username));
if ($idhash{$username} ne $id) {
$checkid = 1;
}
@@ -3709,14 +3758,14 @@
if ($checkid) {
my $checkhash;
my $checks = { 'id' => 1 };
- $checkhash->{$username.':'.$domain} = { 'newuser' => $newuser,
+ $checkhash->{$username.':'.$userdomain} = { 'newuser' => $newuser,
'id' => $id };
&Apache::loncommon::user_rule_check($checkhash,$checks,
\%alerts,\%rulematch,\%idinst_results,\%curr_rules,
\%got_rules);
if (ref($alerts{'id'}) eq 'HASH') {
- if (ref($alerts{'id'}{$domain}) eq 'HASH') {
- next if ($alerts{'id'}{$domain}{$id});
+ if (ref($alerts{'id'}{$userdomain}) eq 'HASH') {
+ next if ($alerts{'id'}{$userdomain}{$id});
}
}
}
@@ -3731,11 +3780,11 @@
if (@secs > 0) {
$sec = $secs[0];
}
- &modifystudent($domain,$username,$cid,$sec,
+ &modifystudent($userdomain,$username,$cid,$sec,
$desiredhost,$context);
$roleresult =
&Apache::lonnet::modifystudent
- ($domain,$username,$id,$amode,$password,
+ ($userdomain,$username,$id,$amode,$password,
$fname,$mname,$lname,$gen,$sec,$enddate,
$startdate,$env{'form.forceid'},
$desiredhost,$email,'manual','',$cid,
@@ -3754,7 +3803,7 @@
foreach my $sec (@secs) {
($userres{$sec},$authres{$sec},$roleres{$sec},$idres{$sec}) =
&modifyuserrole($context,$setting,
- $changeauth,$cid,$domain,$username,
+ $changeauth,$cid,$userdomain,$username,
$id,$amode,$password,$fname,
$mname,$lname,$gen,$sec,
$env{'form.forceid'},$desiredhost,
@@ -3770,7 +3819,7 @@
if (!$multiple) {
($userresult,$authresult,$roleresult,$idresult) =
&modifyuserrole($context,$setting,
- $changeauth,$cid,$domain,$username,
+ $changeauth,$cid,$userdomain,$username,
$id,$amode,$password,$fname,
$mname,$lname,$gen,$singlesec,
$env{'form.forceid'},$desiredhost,
@@ -3782,14 +3831,14 @@
$flushc =
&user_change_result($r,$userres{$sec},$authres{$sec},
$roleres{$sec},$idres{$sec},\%counts,$flushc,
- $username,\%userchg);
+ $username,$userdomain,\%userchg);
}
} else {
$flushc =
&user_change_result($r,$userresult,$authresult,
$roleresult,$idresult,\%counts,$flushc,
- $username,\%userchg);
+ $username,$userdomain,\%userchg);
}
} else {
if ($context eq 'course') {
@@ -3899,13 +3948,13 @@
sub user_change_result {
my ($r,$userresult,$authresult,$roleresult,$idresult,$counts,$flushc,
- $username,$userchg) = @_;
+ $username,$userdomain,$userchg) = @_;
my $okresult = 0;
if ($userresult ne 'ok') {
if ($userresult =~ /^error:(.+)$/) {
my $error = $1;
$r->print('<br />'.
- &mt('<b>[_1]</b>: Unable to add/modify: [_2]',$username,$error));
+ &mt('<b>[_1]</b>: Unable to add/modify: [_2]',$username.':'.$userdomain,$error));
}
} else {
$counts->{'user'} ++;
@@ -3915,7 +3964,7 @@
if ($authresult =~ /^error:(.+)$/) {
my $error = $1;
$r->print('<br />'.
- &mt('<b>[_1]</b>: Unable to modify authentication: [_2]',$username,$error));
+ &mt('<b>[_1]</b>: Unable to modify authentication: [_2]',$username.':'.$userdomain,$error));
}
} else {
$counts->{'auth'} ++;
@@ -3925,7 +3974,7 @@
if ($roleresult =~ /^error:(.+)$/) {
my $error = $1;
$r->print('<br />'.
- &mt('<b>[_1]</b>: Unable to add role: [_2]',$username,$error));
+ &mt('<b>[_1]</b>: Unable to add role: [_2]',$username.':'.$userdomain,$error));
}
} else {
$counts->{'role'} ++;
@@ -3933,7 +3982,7 @@
}
if ($okresult) {
$flushc++;
- $userchg->{$username}=1;
+ $userchg->{$username.':'.$userdomain}=1;
$r->print('. ');
if ($flushc>15) {
$r->rflush;
--raeburn1212167901--