--- loncom/interface/lonhelper.pm 2003/05/08 20:10:49 1.26
+++ loncom/interface/lonhelper.pm 2003/06/12 13:52:06 1.37
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# .helper XML handler to implement the LON-CAPA helper
#
-# $Id: lonhelper.pm,v 1.26 2003/05/08 20:10:49 bowersj2 Exp $
+# $Id: lonhelper.pm,v 1.37 2003/06/12 13:52:06 bowersj2 Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -53,7 +53,10 @@ Each state contains one or more state el
messages, resource selections, or date queries.
The helper tag is required to have one attribute, "title", which is the name
-of the helper itself, such as "Parameter helper".
+of the helper itself, such as "Parameter helper". The helper tag may optionally
+have a "requiredpriv" attribute, specifying the priviledge a user must have
+to use the helper, or get denied access. See loncom/auth/rolesplain.tab for
+useful privs. Default is full access, which is often wrong!
=head2 State tags
@@ -234,6 +237,7 @@ sub real_handler {
my $file;
read $fh, $file, 100000000;
+
# Send header, don't cache this page
if ($r->header_only) {
if ($ENV{'browser.mathml'}) {
@@ -256,10 +260,17 @@ sub real_handler {
# xml parsing
&Apache::lonxml::xmlparse($r, 'helper', $file);
+ my $allowed = $helper->allowedCheck();
+ if (!$allowed) {
+ $ENV{'user.error.msg'} = $ENV{'request.uri'}.':'.$helper->{REQUIRED_PRIV}.
+ ":0:0:Permission denied to access this helper.";
+ return HTTP_NOT_ACCEPTABLE;
+ }
+
$helper->process();
$r->print($helper->display());
- return OK;
+ return OK;
}
sub registerHelperTags {
@@ -283,7 +294,7 @@ sub start_helper {
registerHelperTags();
- Apache::lonhelper::helper->new($token->[2]{'title'});
+ Apache::lonhelper::helper->new($token->[2]{'title'}, $token->[2]{'requiredpriv'});
return '';
}
@@ -342,9 +353,8 @@ sub new {
my $self = {};
$self->{TITLE} = shift;
+ $self->{REQUIRED_PRIV} = shift;
- Apache::loncommon::get_unprocessed_cgi($ENV{QUERY_STRING});
-
# If there is a state from the previous form, use that. If there is no
# state, use the start state parameter.
if (defined $ENV{"form.CURRENT_STATE"})
@@ -460,8 +470,22 @@ sub declareVar {
my $envname = 'form.' . $var . '.forminput';
if (defined($ENV{$envname})) {
- $self->{VARS}->{$var} = $ENV{$envname};
+ if (ref($ENV{$envname})) {
+ $self->{VARS}->{$var} = join('|||', @{$ENV{$envname}});
+ } else {
+ $self->{VARS}->{$var} = $ENV{$envname};
+ }
+ }
+}
+
+sub allowedCheck {
+ my $self = shift;
+
+ if (!defined($self->{REQUIRED_PRIV})) {
+ return 1;
}
+
+ return Apache::lonnet::allowed($self->{REQUIRED_PRIV}, $ENV{'request.course.id'});
}
sub changeState {
@@ -544,19 +568,43 @@ sub display {
$bodytag
HEADER
- if (!$state->overrideForm()) { $result.="