| 1 | ################################################################################ |
1 | ################################################################################ |
| 2 | # WeBWorK Online Homework Delivery System |
2 | # WeBWorK Online Homework Delivery System |
| 3 | # Copyright © 2000-2003 The WeBWorK Project, http://openwebwork.sf.net/ |
3 | # Copyright © 2000-2003 The WeBWorK Project, http://openwebwork.sf.net/ |
| 4 | # $CVSHeader: webwork2/lib/WeBWorK.pm,v 1.74 2005/08/17 16:05:48 sh002i Exp $ |
4 | # $CVSHeader: webwork2/lib/WeBWorK.pm,v 1.75 2005/09/06 14:17:44 sh002i Exp $ |
| 5 | # |
5 | # |
| 6 | # This program is free software; you can redistribute it and/or modify it under |
6 | # This program is free software; you can redistribute it and/or modify it under |
| 7 | # the terms of either: (a) the GNU General Public License as published by the |
7 | # the terms of either: (a) the GNU General Public License as published by the |
| 8 | # Free Software Foundation; either version 2, or (at your option) any later |
8 | # Free Software Foundation; either version 2, or (at your option) any later |
| 9 | # version, or (b) the "Artistic License" which comes with this package. |
9 | # version, or (b) the "Artistic License" which comes with this package. |
| … | |
… | |
| 232 | $authz->setCachedUser($userID); |
232 | $authz->setCachedUser($userID); |
| 233 | |
233 | |
| 234 | debug("Now we deal with the effective user:\n"); |
234 | debug("Now we deal with the effective user:\n"); |
| 235 | my $eUserID = $r->param("effectiveUser") || $userID; |
235 | my $eUserID = $r->param("effectiveUser") || $userID; |
| 236 | debug("userID=$userID eUserID=$eUserID\n"); |
236 | debug("userID=$userID eUserID=$eUserID\n"); |
| 237 | # FIXME: hasPermissions does nothing with $eUserID, and lately we want it to |
237 | if ($userID ne $eUserID) { |
| 238 | # only accept two arguments, so we're removing $eUserID from this call. |
238 | debug("userID and eUserID differ... seeing if userID has 'become_student' permission.\n"); |
| 239 | #my $su_authorized = $authz->hasPermissions($userID, "become_student", $eUserID); |
|
|
| 240 | my $su_authorized = $authz->hasPermissions($userID, "become_student"); |
239 | my $su_authorized = $authz->hasPermissions($userID, "become_student"); |
| 241 | if ($su_authorized) { |
240 | if ($su_authorized) { |
| 242 | debug("Ok, looks like you're allowed to become $eUserID. Whoopie!\n"); |
241 | debug("Ok, looks like you're allowed to become $eUserID. Whoopie!\n"); |
| 243 | } else { |
242 | } else { |
| 244 | debug("Uh oh, you're not allowed to become $eUserID. Nice try!\n"); |
243 | debug("Uh oh, you're not allowed to become $eUserID. Nice try!\n"); |
| 245 | $eUserID = $userID; |
244 | $eUserID = $userID; |
|
|
245 | $r->notes("authen_error" => "You do not have permission to become another user."); |
|
|
246 | $displayModule = AUTHEN_MODULE; |
|
|
247 | } |
| 246 | } |
248 | } |
|
|
249 | |
|
|
250 | # set effectiveUser in case it was changed or not set to begin with |
| 247 | $r->param("effectiveUser" => $eUserID); |
251 | $r->param("effectiveUser" => $eUserID); |
|
|
252 | |
| 248 | # if we're doing a proctored test, after the user has been authenticated |
253 | # if we're doing a proctored test, after the user has been authenticated |
| 249 | # we need to also check on the proctor. note that in the gateway quiz |
254 | # we need to also check on the proctor. note that in the gateway quiz |
| 250 | # module we double check this, to be sure that someone isn't taking a |
255 | # module we double check this, to be sure that someone isn't taking a |
| 251 | # proctored quiz but calling the unproctored ContentGenerator |
256 | # proctored quiz but calling the unproctored ContentGenerator |
| 252 | my $urlProducedPath = $urlPath->path(); |
257 | my $urlProducedPath = $urlPath->path(); |
| 253 | |
|
|
| 254 | if ( $urlProducedPath =~ /proctored_quiz_mode/i ) { |
258 | if ( $urlProducedPath =~ /proctored_quiz_mode/i ) { |
| 255 | my $procAuthOK = $authen->verifyProctor(); |
259 | my $procAuthOK = $authen->verifyProctor(); |
| 256 | |
260 | |
| 257 | if ( $procAuthOK ) { |
261 | if ($procAuthOK) { |
| 258 | my $proctorUserID = $r->param("proctor_user"); |
262 | my $proctorUserID = $r->param("proctor_user"); |
| 259 | my $proctor_authorized = |
263 | my $proctor_authorized = $authz->hasPermissions($proctorUserID, "proctor_quiz"); |
| 260 | $authz->hasPermissions($proctorUserID, |
|
|
| 261 | "proctor_quiz", $userID); |
|
|
| 262 | if ( ! $proctor_authorized ) { |
264 | unless ($proctor_authorized) { |
| 263 | $r->notes("authen_error", |
265 | $r->notes("authen_error", "User $proctorUserID is not authorized to proctor tests in this course."); |
| 264 | "Proctor $proctorUserID is not " . |
|
|
| 265 | "authorized to proctor tests in " . |
|
|
| 266 | "this course."); |
|
|
| 267 | $displayModule = PROCTOR_AUTHEN_MODULE; |
266 | $displayModule = PROCTOR_AUTHEN_MODULE; |
|
|
267 | } |
|
|
268 | } else { |
|
|
269 | $displayModule = PROCTOR_AUTHEN_MODULE; |
| 268 | } |
270 | } |
| 269 | |
|
|
| 270 | } else { |
|
|
| 271 | $displayModule = PROCTOR_AUTHEN_MODULE; |
|
|
| 272 | } |
|
|
| 273 | } |
271 | } |
| 274 | |
|
|
| 275 | } else { |
272 | } else { |
| 276 | debug("Bad news: authentication failed!\n"); |
273 | debug("Bad news: authentication failed!\n"); |
| 277 | $displayModule = AUTHEN_MODULE; |
274 | $displayModule = AUTHEN_MODULE; |
| 278 | debug("set displayModule to $displayModule\n"); |
275 | debug("set displayModule to $displayModule\n"); |
| 279 | } |
276 | } |
Parent Directory
| 
Revision Log
| 
Patch