[LON-CAPA-cvs] cvs: loncom /html/adm/helper parameter.helper /interface lonhelper.pm
raeburn
raeburn at source.lon-capa.org
Sat Aug 15 16:12:04 EDT 2015
raeburn Sat Aug 15 20:12:04 2015 EDT
Modified files:
/loncom/interface lonhelper.pm
/loncom/html/adm/helper parameter.helper
Log:
- Bug 5439
- Actually use requiredpriv attribute in determining access to helper.
- For a user with a role tied to a section do not offer parameter setting
for other than students in that section.
Index: loncom/interface/lonhelper.pm
diff -u loncom/interface/lonhelper.pm:1.194 loncom/interface/lonhelper.pm:1.195
--- loncom/interface/lonhelper.pm:1.194 Fri Aug 14 15:34:01 2015
+++ loncom/interface/lonhelper.pm Sat Aug 15 20:11:57 2015
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# .helper XML handler to implement the LON-CAPA helper
#
-# $Id: lonhelper.pm,v 1.194 2015/08/14 15:34:01 raeburn Exp $
+# $Id: lonhelper.pm,v 1.195 2015/08/15 20:11:57 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -64,9 +64,11 @@
The helper tag is required to have one attribute, "title", which is the name
of the helper itself, such as "Parameter helper". The helper tag may optionally
-have a "requiredpriv" attribute, specifying the priviledge a user must have
+have a "requiredpriv" attribute, specifying the privilege a user must have
to use the helper, or get denied access. See loncom/auth/rolesplain.tab for
-useful privs. Default is full access, which is often wrong!
+useful privs. You may add the modifier &S at the end of the three letter priv
+if you want to grant access to users for whom the corresponding privilege is
+section-specific. The default is full access, which is often wrong!
=head2 State tags
@@ -283,7 +285,8 @@
my $allowed = $helper->allowedCheck();
if (!$allowed) {
- $env{'user.error.msg'} = $env{'request.uri'}.':'.$helper->{REQUIRED_PRIV}.
+ my ($priv,$modifier) = split(/\&/,$helper->{REQUIRED_PRIV});
+ $env{'user.error.msg'} = $env{'request.uri'}.':'.$priv.
":0:0:Permission denied to access this helper.";
return HTTP_NOT_ACCEPTABLE;
}
@@ -508,8 +511,13 @@
if (!defined($self->{REQUIRED_PRIV})) {
return 1;
}
-
- return Apache::lonnet::allowed($self->{REQUIRED_PRIV}, $env{'request.course.id'});
+ my ($priv,$modifier) = split(/\&/,$self->{REQUIRED_PRIV});
+ my $allowed = &Apache::lonnet::allowed($priv,$env{'request.course.id'});
+ if ((!$allowed) && ($modifier eq 'S') && ($env{'request.course.sec'} ne '')) {
+ $allowed = &Apache::lonnet::allowed($priv,$env{'request.course.id'}.'/'.
+ $env{'request.course.sec'});
+ }
+ return $allowed;
}
sub changeState {
@@ -2689,15 +2697,12 @@
delete($defaultUsers{''});
}
-
my ($course_personnel,
$current_members,
$expired_members,
$future_members) =
&Apache::lonselstudent::get_people_in_class($env{'request.course.sec'});
-
-
# Load up the non-students, if necessary
if ($self->{'coursepersonnel'}) {
@@ -3185,22 +3190,27 @@
# Populate the CHOICES element
my %choices;
+ my $usersec = $Apache::lonnet::env{'request.course.sec'};
- my $section = Apache::loncoursedata::CL_SECTION();
- my $classlist = Apache::loncoursedata::get_classlist();
- foreach my $user (keys(%$classlist)) {
- my $section_name = $classlist->{$user}[$section];
- if (!$section_name) {
- $choices{"No section assigned"} = "";
- } else {
- $choices{$section_name} = $section_name;
+ if ($usersec ne '') {
+ $choices{$usersec} = $usersec;
+ } else {
+ my $section = Apache::loncoursedata::CL_SECTION();
+ my $classlist = Apache::loncoursedata::get_classlist();
+ foreach my $user (keys(%$classlist)) {
+ my $section_name = $classlist->{$user}[$section];
+ if (!$section_name) {
+ $choices{"No section assigned"} = "";
+ } else {
+ $choices{$section_name} = $section_name;
+ }
+ }
+
+ if (exists($choices{"No section assigned"})) {
+ push(@{$paramHash->{CHOICES}},
+ ['No section assigned','No section assigned']);
+ delete($choices{"No section assigned"});
}
- }
-
- if (exists($choices{"No section assigned"})) {
- push(@{$paramHash->{CHOICES}},
- ['No section assigned','No section assigned']);
- delete($choices{"No section assigned"});
}
for my $section_name (sort {lc($a) cmp lc($b) } (keys(%choices))) {
push @{$paramHash->{CHOICES}}, [$section_name, $section_name];
Index: loncom/html/adm/helper/parameter.helper
diff -u loncom/html/adm/helper/parameter.helper:1.19 loncom/html/adm/helper/parameter.helper:1.20
--- loncom/html/adm/helper/parameter.helper:1.19 Tue Mar 16 15:12:36 2010
+++ loncom/html/adm/helper/parameter.helper Sat Aug 15 20:12:04 2015
@@ -1,4 +1,4 @@
-<helper title="Course Parameter Helper" requiredpriv='opa'>
+<helper title="Course Parameter Helper" requiredpriv='opa&S'>
<exec>
# 'dateTypeHash' should really be renamed now that we have tries...
@@ -144,8 +144,11 @@
' for ...');
</eval>
<choices variable="TARGETS">
- <choice computer="course" nextstate="FINISH">
- . . . for <b>all students</b> in the course</choice>
+ <condition>
+ <clause>return 1 if ($env{'request.course.sec'} eq '')</clause>
+ <choice computer="course" nextstate="FINISH">
+ . . . for <b>all students</b> in the course</choice>
+ </condition>
<choice computer="section" nextstate="CHOOSE_SECTION">
. . . for a particular <b>section</b></choice>
<condition>
@@ -163,7 +166,7 @@
return &mt('Please select the section you wish to set the ' .
&{$helper->{DATA}->{'dateType'}}() .
' for:').'<br />';</eval>
- <section variable="SECTION_NAME" nextstate="FINISH" />
+ <section variable="SECTION_NAME" nextstate="FINISH" onlysections="1" />
</state>
<state name="CHOOSE_GROUP" title="Select Group">
More information about the LON-CAPA-cvs
mailing list