Parent Directory
| 
Revision Log
This commit was manufactured by cvs2svn to create branch 'rel-2-3-dev'.
1 ################################################################################ 2 # WeBWorK Online Homework Delivery System 3 # Copyright © 2000-2006 The WeBWorK Project, http://openwebwork.sf.net/ 4 # $CVSHeader: webwork2/lib/WeBWorK/ContentGenerator/Instructor/FileXfer.pm,v 1.12 2006/07/08 14:07:34 gage Exp $ 5 # 6 # This program is free software; you can redistribute it and/or modify it under 7 # the terms of either: (a) the GNU General Public License as published by the 8 # Free Software Foundation; either version 2, or (at your option) any later 9 # version, or (b) the "Artistic License" which comes with this package. 10 # 11 # This program is distributed in the hope that it will be useful, but WITHOUT 12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 # FOR A PARTICULAR PURPOSE. See either the GNU General Public License or the 14 # Artistic License for more details. 15 ################################################################################ 16 17 package WeBWorK::ContentGenerator::Instructor::FileXfer; 18 use base qw(WeBWorK::ContentGenerator::Instructor); 19 20 =head1 NAME 21 22 WeBWorK::ContentGenerator::Instructor::FileXfer - transfer course files from/to 23 client 24 25 =cut 26 27 use strict; 28 use warnings; 29 use CGI qw(-nosticky ); 30 31 sub pre_header_initialize { 32 my ($self) = @_; 33 my $r = $self->r; 34 my $ce = $r->ce; 35 my $authz = $r->authz; 36 37 my $userID = $r->param("user"); 38 39 my ($type, $action) = ("", ""); 40 if (defined $r->param("deleteDef")) { $type = "def"; $action = "delete"; } 41 if (defined $r->param("downloadDef")) { $type = "def"; $action = "download"; } 42 if (defined $r->param("uploadDef")) { $type = "def"; $action = "upload"; } 43 if (defined $r->param("deleteClasslist")) { $type = "classlist"; $action = "delete"; } 44 if (defined $r->param("downloadClasslist")) { $type = "classlist"; $action = "download"; } 45 if (defined $r->param("uploadClasslist")) { $type = "classlist"; $action = "upload"; } 46 if (defined $r->param("deleteScoringFile")) { $type = "scoringFile"; $action = "delete"; } 47 if (defined $r->param("downloadScoringFile")) { $type = "scoringFile"; $action = "download"; } 48 if (defined $r->param("uploadScoringFile")) { $type = "scoringFile"; $action = "upload"; } 49 if (defined $r->param("deleteTemplateFile")) { $type = "templateFile"; $action = "delete"; } 50 if (defined $r->param("downloadTemplateFile")){ $type = "templateFile"; $action = "download"; } 51 if (defined $r->param("uploadTemplateFile")) { $type = "templateFile"; $action = "upload"; } 52 53 54 # make sure we have permission to do what we want to do 55 if ($type eq "def") { 56 unless ($authz->hasPermissions($userID, "modify_set_def_files")) { 57 $self->addbadmessage(CGI::p("You are not authorized to modify the list of set definition files.")); 58 return; 59 } 60 } elsif ($type eq "classlist") { 61 unless ($authz->hasPermissions($userID, "modify_classlist_files")) { 62 $self->addbadmessage(CGI::p("You are not authorized to modify the list of classlist files.")); 63 return; 64 } 65 } elsif ($type eq "scoringFile") { 66 unless ($authz->hasPermissions($userID, "modify_scoring_files")) { 67 $self->addbadmessage(CGI::p("You are not authorized to modify the list of scoring files.")); 68 return; 69 } 70 } elsif ($type eq "templateFile") { 71 unless ($authz->hasPermissions($userID, "modify_problem_template_files")) { 72 $self->addbadmessage(CGI::p("You are not authorized to modify the list of problem template files.")); 73 return; 74 } 75 } 76 77 # call handler for the action we want to perform 78 if ($action eq "delete") { 79 $self->handleDelete($type); 80 } elsif ($action eq "download") { 81 $self->handleDownload($type); 82 } elsif ($action eq "upload") { 83 $self->handleUpload($type); 84 } 85 } 86 87 sub handleDelete { 88 my ($self, $type) = @_; 89 my $r = $self->r; 90 my $ce = $r->ce; 91 92 my (@fileList, $selectParam, $dir); 93 if ($type eq "classlist") { 94 @fileList = $self->getCSVList; 95 $selectParam = "classlist"; 96 $dir = $ce->{courseDirs}->{templates}; 97 } elsif ($type eq "def") { 98 @fileList = $self->getDefList; 99 $selectParam = "def"; 100 $dir = $ce->{courseDirs}->{templates}; 101 } elsif ($type eq "scoringFile") { 102 @fileList = $self->getScoringFileList; 103 $selectParam = "scoringFile"; 104 $dir = $ce->{courseDirs}->{scoring}; 105 } elsif ($type eq "templateFile") { 106 my $templateSubDir = $r->param("templateSubDir"); 107 @fileList = $self->getTemplateFileList($templateSubDir); 108 $selectParam = "templateFile"; 109 $dir = $ce->{courseDirs}->{templates}."/$templateSubDir"; 110 } else { 111 die "handleDelete() doesn't know what to do with file type $type!"; 112 } 113 114 # get file name 115 my $fileToDelete = $r->param($selectParam); 116 unless ($fileToDelete) { 117 $self->addbadmessage(CGI::p("No file selected for deletion.")); 118 return; 119 } 120 121 # FIXME: FOR THE LOVE OF GOD, ADD SECURITY CHECKS!!!!!! 122 # (actually I think it's not such a big deal, since we're checking the 123 # tainted input against a finite set of files that we know are okay to 124 # delete) 125 126 # make sure it's in the file list 127 unless (grep { $_ eq $fileToDelete } @fileList) { 128 $self->addbadmessage(CGI::p("File \"$fileToDelete\" not found in file list.")); 129 return; 130 } 131 132 # (at this point we know the filename isn't dangerous) 133 134 # delete it 135 unlink "$dir/$fileToDelete"; 136 $self->addgoodmessage("$dir/$fileToDelete has been deleted."); 137 } 138 139 sub handleDownload { 140 my ($self, $type) = @_; 141 my $r = $self->r; 142 my $ce = $r->ce; 143 144 my (@fileList, $selectParam, $dir); 145 if ($type eq "classlist") { 146 @fileList = $self->getCSVList; 147 $selectParam = "classlist"; 148 $dir = $ce->{courseDirs}->{templates}; 149 } elsif ($type eq "def") { 150 @fileList = $self->getDefList; 151 $selectParam = "def"; 152 $dir = $ce->{courseDirs}->{templates}; 153 } elsif ($type eq "scoringFile") { 154 @fileList = $self->getScoringFileList; 155 $selectParam = "scoringFile"; 156 $dir = $ce->{courseDirs}->{scoring}; 157 } elsif ($type eq "templateFile") { 158 my $templateSubDir = $r->param("templateSubDir"); 159 @fileList = $self->getTemplateFileList($templateSubDir); 160 $selectParam = "templateFile"; 161 $dir = $ce->{courseDirs}->{templates}; 162 $dir = $ce->{courseDirs}->{templates}."/$templateSubDir"; 163 } else { 164 die "handleDownload() doesn't know what to do with file type $type!"; 165 } 166 167 # get file name 168 my $fileToDownload = $r->param($selectParam); 169 unless ($fileToDownload) { 170 $self->addbadmessage(CGI::p("No file selected for download.")); 171 return; 172 } 173 174 # make sure it's in the file list 175 unless (grep { $_ eq $fileToDownload } @fileList) { 176 $self->addbadmessage(CGI::p("File \"$fileToDownload\" not found in file list.")); 177 return; 178 } 179 180 # set the file to sent: 181 $self->reply_with_file("text/plain", "$dir/$fileToDownload", $fileToDownload, 0); 182 } 183 184 sub handleUpload { 185 my ($self, $type) = @_; 186 my $r = $self->r; 187 my $ce = $r->ce; 188 189 my (@fileList, $uploadParam, $uploadNameParam, $ext, $destDir); 190 if ($type eq "classlist") { 191 @fileList = $self->getCSVList; 192 $uploadParam = "newClasslist"; 193 $uploadNameParam = "newClasslistName"; 194 $ext = ".lst"; 195 $destDir = $ce->{courseDirs}->{templates}; 196 } elsif ($type eq "def") { 197 @fileList = $self->getDefList; 198 $uploadParam = "newDef"; 199 $uploadNameParam = "newDefName"; 200 $ext = ".def"; 201 $destDir = $ce->{courseDirs}->{templates}; 202 } elsif ($type eq "scoringFile") { 203 @fileList = $self->getScoringFileList; 204 $uploadParam = "newScoringFile"; 205 $uploadNameParam = "newScoringFileName"; 206 $ext = ".csv"; 207 $destDir = $ce->{courseDirs}->{scoring}; 208 } elsif ($type eq "templateFile") { 209 my $templateSubDir = $r->param("templateSubDir"); 210 @fileList = $self->getTemplateFileList($templateSubDir); 211 $uploadParam = "newTemplateFile"; 212 $uploadNameParam = "newTemplateFileName"; 213 $ext = ".pg"; 214 $destDir = $ce->{courseDirs}->{templates}."/$templateSubDir"; 215 } 216 217 # get upload ID and hash 218 my $uploadIDHash = $r->param($uploadParam); 219 unless ($uploadIDHash) { 220 $self->addbadmessage(CGI::p("No file selected for upload.")); 221 return; 222 } 223 my ($id, $hash) = split /\s+/, $uploadIDHash; 224 225 #warn "upload param contains $uploadIDHash\n"; 226 #warn "upload ID is $id\n"; 227 #warn "upload hash is $hash\n"; 228 229 # retrieve upload from upload cache 230 my $upload = WeBWorK::Upload->retrieve($id, $hash, 231 dir => $ce->{webworkDirs}->{uploadCache} 232 ); 233 234 # determine what to call the resulting file 235 my $fileName = $r->param($uploadNameParam) || $upload->filename; 236 237 # tack on the file extension if it's not already there 238 $fileName .= $ext unless $fileName =~ m/$ext$/; 239 240 # does the file name have the path separator in it? 241 die "illegal character in upload name: \"/\". (no hacking!)" if $fileName =~ m|/|; 242 243 # does a file already exist with that name? 244 if (grep { $_ eq $fileName } @fileList) { 245 $self->addbadmessage(CGI::p("A file named \"$fileName\" exists. Either remove it, or chose a different name for your upload.")); 246 return; 247 } 248 249 $upload->disposeTo("$destDir/$fileName"); 250 $self->addgoodmessage("$destDir/$fileName has been uploaded."); 251 } 252 253 sub body { 254 my ($self) = @_; 255 my $r = $self->r; 256 my $authz = $r->authz; 257 258 my $userID = $r->param("user"); 259 260 return CGI::div({class=>"ResultsWithError"}, "You are not authorized to access the Instructor tools.") 261 unless $authz->hasPermissions($r->param("user"), "access_instructor_tools"); 262 263 # if we needed to get either of these lists earlier, use the cached copy 264 # otherwise, get them from the filesystem 265 #my $classlistsRef = $self->{classlists} || [ $self->getCSVList ]; 266 #my $setDefsRef = $self->{setDefs} || [ $self->getDefList ]; 267 268 my $templateSubDir = $r->param("templateSubDir"); 269 $templateSubDir = "" if $templateSubDir and $templateSubDir eq ' Top'; #deal with special value for top directory 270 my $classlistsRef = [ $self->getCSVList ]; 271 my $setDefsRef = [ $self->getDefList ]; 272 my $scoringFileRef = [ $self->getScoringFileList ]; 273 my $templateDirRef = [ $self->getTemplateDirList ]; 274 my $templateFileRef = [ $self->getTemplateFileList($templateSubDir) ]; 275 276 277 278 print CGI::p(<<EOT); 279 Use the tools below to modify course files. Set definition files and classlist 280 files are only used for importing and exporting set and user data. 281 EOT 282 283 print CGI::table({-border=>1, -nowrap=>1}, 284 CGI::Tr({-valign=>"top"}, 285 $authz->hasPermissions($userID, "modify_set_def_files") ? 286 CGI::td({}, 287 CGI::p("Set Definition Files"), 288 CGI::startform("POST", $r->uri, "multipart/form-data"), 289 $self->hidden_authen_fields, 290 CGI::scrolling_list( 291 -name => "def", 292 -values => $setDefsRef, 293 -size => 8, 294 -multiple => 0, 295 ), CGI::br(), 296 CGI::submit("deleteDef", "Delete"), 297 CGI::font({-color=>"red"}, CGI::em("Delete is not undoable!")), 298 CGI::br(), 299 CGI::submit("downloadDef", "Download"), 300 CGI::br(), 301 CGI::p("Upload New Set Definition File:"), 302 CGI::filefield( 303 -name => "newDef", 304 -size => 30, 305 ), CGI::br(), 306 "Use name:", CGI::textfield("newDefName", "", 30), CGI::br(), 307 CGI::submit("uploadDef", "Upload Set Definition File"), 308 CGI::endform(), 309 ) : CGI::td({}, CGI::div({class=>"ResultsWithError"}, CGI::p("You are not authorized to modify the list of set definition files."))), 310 $authz->hasPermissions($userID, "modify_classlist_files") ? 311 CGI::td({}, 312 CGI::p("Classlist Files"), 313 CGI::startform("POST", $r->uri, "multipart/form-data"), 314 $self->hidden_authen_fields, 315 CGI::scrolling_list( 316 -name => "classlist", 317 -values => $classlistsRef, 318 -size => 8, 319 -multiple => 0, 320 ), CGI::br(), 321 CGI::submit("deleteClasslist", "Delete"), 322 CGI::font({-color=>"red"}, CGI::em("Delete is not undoable!")), 323 CGI::br(), 324 CGI::submit("downloadClasslist", "Download"), CGI::br(), 325 CGI::p("Upload New Classlist File:"), 326 CGI::filefield( 327 -name => "newClasslist", 328 -size => 30, 329 ), CGI::br(), 330 "Use name:", CGI::textfield("newClasslistName", "", 30), CGI::br(), 331 CGI::submit("uploadClasslist", "Upload Classlist File"), 332 CGI::endform(), 333 ) : CGI::td({}, CGI::div({class=>"ResultsWithError"}, CGI::p("You are not authorized to modify the list of classlist files."))), 334 ), 335 CGI::Tr({-valign=>"top"}, 336 $authz->hasPermissions($userID, "modify_scoring_files") ? 337 CGI::td({}, 338 CGI::p("Scoring Files"), 339 CGI::startform("POST", $r->uri, "multipart/form-data"), 340 $self->hidden_authen_fields, 341 CGI::scrolling_list( 342 -name => "scoringFile", 343 -values => $scoringFileRef, 344 -size => 8, 345 -multiple => 0, 346 ), CGI::br(), 347 CGI::submit("deleteScoringFile", "Delete"), 348 CGI::font({-color=>"red"}, CGI::em("Delete is not undoable!")), 349 CGI::br(), 350 CGI::submit("downloadScoringFile", "Download"), 351 CGI::br(), 352 CGI::p("Upload New Scoring File:"), 353 CGI::filefield( 354 -name => "newScoringFile", 355 -size => 30, 356 ), CGI::br(), 357 "Use name:", CGI::textfield("newScoringFileName", "", 30), CGI::br(), 358 CGI::submit("uploadScoringFile", "Upload Scoring File"), 359 CGI::endform(), 360 ) : CGI::td({}, CGI::div({class=>"ResultsWithError"}, CGI::p("You are not authorized to modify the list of scoring files."))), 361 $authz->hasPermissions($userID, "modify_problem_template_files") ? 362 CGI::td({}, 363 CGI::p("Problem Template Files"), 364 CGI::startform("POST", $r->uri, "multipart/form-data"), 365 $self->hidden_authen_fields, 366 CGI::popup_menu( 367 -name => "templateSubDir", 368 -values => $templateDirRef, 369 -default => ( defined($templateSubDir) )? $templateSubDir:' Top', 370 ),CGI::br(), 371 CGI::submit('UpdateList','Update List'),CGI::br(), 372 CGI::scrolling_list( 373 -name => "templateFile", 374 -values => $templateFileRef, 375 -size => 8, 376 -multiple => 0, 377 ), CGI::br(), 378 CGI::submit("deleteTemplateFile", "Delete"), 379 CGI::font({-color=>"red"}, CGI::em("Delete is not undoable!")), 380 CGI::br(), 381 CGI::submit("downloadTemplateFile", "Download"), 382 CGI::br(), 383 CGI::p("Upload New Problem Template File:"), 384 CGI::filefield( 385 -name => "newTemplateFile", 386 -size => 30, 387 ), CGI::br(), 388 "Use name:", CGI::textfield("newTemplateFileName", "", 30), CGI::br(), 389 CGI::submit("uploadTemplateFile", "Upload Problem Template File"), 390 CGI::endform(), 391 ) : CGI::td({}, CGI::div({class=>"ResultsWithError"}, CGI::p("You are not authorized to modify the list of problem template files."))), 392 393 ), 394 395 ); 396 397 return ""; 398 } 399 400 1; 401 402 __END__ 403 404 =head1 AUTHOR 405 406 Written by Sam Hathaway, sh002i (at) math.rochester.edu 407 408 =cut
| aubreyja at gmail dot com | ViewVC Help |
| Powered by ViewVC 1.0.9 |