Annotation of /trunk/webwork/system/cgi/cgi-scripts/profEditCourseFiles.pl

Revision 2 - (view) (download) (as text)

1 :	sam	2	#!/usr/bin/perl
2 :
3 :			## This file is profEditSetDef.pl
4 :			## It provides a utility for professors to edit set definition files
5 :			## and their course's webworkCourse.ph
6 :
7 :			use lib '/ww/webwork/development/'; # mainWeBWorKDirectory;
8 :
9 :			use Global;
10 :			use CGI qw(:standard);
11 :			use Auth;
12 :			use Net::SMTP;
13 :			use HTML::Entities;
14 :			use strict;
15 :
16 :			my $cgi = new CGI;
17 :			my %inputs = $cgi->Vars();
18 :
19 :			#for use in strings where $cgi->param is not interpolated correctly or at all
20 :			my $course = $cgi->param('course');
21 :			my $user = $cgi->param('user');
22 :			my $session_key = $cgi->param('key');
23 :
24 :			my $currentFile = $cgi->param('filename');
25 :			my $currentDir = $cgi->param('dir'); # relative to extDir below
26 :			$currentDir ='' unless defined $currentDir;
27 :			my $currentExt = $cgi->param('ext'); # this is the expected extension
28 :
29 :			# edit these to add functionality for other file types
30 :			my %validExt = ('def' => 1,
31 :			'ph' => 1,
32 :			'pg' => 1);
33 :
34 :			my %extName = ( 'def' => "Set Definition",
35 :			'ph' => "Course Environment",
36 :			'pg' => "Set Header");
37 :
38 :			my %extDir = ( 'def' => "/templates/",
39 :			'ph' => "/",
40 :			'pg' => "/templates/");
41 :
42 :			&Global::getCourseEnvironment($course);
43 :
44 :			my $scriptDirectory = $Global::scriptDirectory;
45 :			my $databaseDirectory = $Global::databaseDirectory;
46 :			my $htmlURL = $Global::htmlURL;
47 :			my $cgiURL = $Global::cgiWebworkURL;
48 :			my $courseDirectory = $Global::coursesDirectory . $course;
49 :			my $courseScriptsDirectory = $Global::courseScriptsDirectory;
50 :			my $templateDirectory = getCourseTemplateDirectory;
51 :			my $feedbackAddress = $Global::feedbackAddress;
52 :
53 :			require "${scriptDirectory}$Global::FILE_pl";
54 :			require "${scriptDirectory}$Global::classlist_DBglue_pl";
55 :			require "${scriptDirectory}$Global::HTMLglue_pl";
56 :			require "${scriptDirectory}$Global::FILE_pl";
57 :
58 :			# log access
59 :			&Global::log_info('', query_string);
60 :
61 :			my $permissionsFile = &Global::getCoursePermissionsFile($course);
62 :			my $permissions = &get_permissions($user, $permissionsFile);
63 :			my $keyFile = &Global::getCourseKeyFile($course);
64 :
65 :
66 :			#verify session key
67 :			&verify_key($user, $session_key, "$keyFile", $course);
68 :
69 :			#verify permissions are correct
70 :			if (($permissions != $Global::instructor_permissions) and ($permissions != $Global::TA_permissions) ) {
71 :			print "permissions = $permissions instructor_permissions = $Global::instructor_permissions\n";
72 :			print &html_NO_PERMISSION;
73 :			exit(0);
74 :			}
75 :
76 :			# verify that the file type is valid
77 :			if (!($currentFile =~ /.\.(.)/) \|\| ($1 ne $currentExt) ) {
78 :			&user_error("The file $currentFile is not valid because it does not contain the expected ending: $currentExt");
79 :			}
80 :
81 :			# consolidate relative directory paths into one hard path
82 :			$currentDir = $courseDirectory . $extDir{$currentExt} . $currentDir;
83 :
84 :			#wwerror("current Dir: $currentDir<P>current File:$currentFile <P>current Ext: $currentExt");
85 :			# make sure requested file exists and is a valid file
86 :			if (defined($currentFile) && -e "$currentDir$currentFile") {
87 :			unless ( -R "$currentDir$currentFile") {
88 :			wwerror ('File is not readable', "The file $currentFile is not readable by the webserver. Check that it's permissions are set correctly.");
89 :			}
90 :			} else {
91 :			wwerror('File does not exist', "The file $currentDir$currentFile does appear to exist, please check the filename and try again.");
92 :			}
93 :
94 :			# get row and column info if submitted
95 :			my $rows = (defined($cgi->param('rows'))) ? $cgi->param('rows') : $Global::editor_window_rows;
96 :			my $columns = (defined($cgi->param('columns'))) ? $cgi->param('columns') : $Global::editor_window_columns;
97 :
98 :			# Deal with filled out forms and various actions resulting from different buttons
99 :			if ( defined($cgi->param('action')) ) {
100 :			if (defined($cgi->param('savefilename'))) {
101 :			&user_error("For security reasons, you cannot save a file in any directory higher than the current directory. Please specify a file name to save under.") if ($cgi->param('savefilename') =~ /^[~.]/ \|\| $cgi->param('savefilename') =~ /\.\./);
102 :			}
103 :
104 :			#if Save button was clicked
105 :			if (( $cgi->param('action') eq 'Save') && defined($cgi->param('body')) && defined($cgi->param('savefilename'))) {
106 :
107 :			my $temp_body = $cgi->param('body');
108 :			$temp_body =~ s/\r\n/\n/g; #html textareas tend to leave \r
109 :
110 :			# saveProblem($temp_body, $currentDir . $cgi->param('savefilename'));
111 :			saveProblem($temp_body, $cgi->param('savefilename'));
112 :			$currentFile = $cgi->param('savefilename');
113 :
114 :			#if Save As button was clicked
115 :			} elsif (( $cgi->param('action') eq 'Save as') && defined($cgi->param('body')) && defined($cgi->param('savefilename'))) {
116 :
117 :			$currentFile = $cgi->param('savefilename');
118 :
119 :			# if ($currentFile =~ /^[~.]/ \|\| $currentFile =~ /\.\./) {
120 :			# &user_error("For security reasons, you cannot specify a merge file from a directory higher than the email directory (you can't use ../blah/blah). Please specify a different file or move the needed file to the email directory");
121 :			# }
122 :
123 :
124 :			my $temp_body = $cgi->param('body');
125 :			$temp_body =~ s/\r\n/\n/g;
126 :
127 :			saveNewProblem($temp_body, $currentFile);
128 :
129 :			}
130 :			}
131 :
132 :
133 :
134 :			#Begin Page
135 :			print &htmlTOP("Edit $extName{$currentExt} File(s) for $course"),
136 :			$cgi->a( { -href=>"${cgiURL}login.pl?user=$user&key=$session_key&course=$course" },
137 :
138 :			$cgi->img({ -name=>'upImg',
139 :			-src=>"${Global::upImgUrl}",
140 :			-align=>'right',
141 :			-border=>'1',
142 :			-alt=>'[Up]'
143 :			})
144 :			),
145 :			$cgi->p;
146 :
147 :			print "\n",
148 :			$cgi->hr, $cgi->br,
149 :			"\n\n", $cgi->h3({ -align=>'left' }, "WeBWorK $extName{$currentExt} File(s) Editor for $course"), "\n",
150 :			$cgi->p,
151 :			"From this page, you can edit your $extName{$currentExt} file(s). You can both save over
152 :			old files and create new ones. You can even open one file, make changes and then save those
153 :			changes under a different file name.",
154 :			$cgi->hr, "\n";
155 :
156 :
157 :			# start form with hidden entries to pass info back to profEditCourseFiles.pl
158 :			# the last two are very circular but are necessary to make sure the script
159 :			# continues to know which kind of file it is dealing with
160 :			# They should be set by the original call (most likely in profLogin.pl
161 :			print $cgi->startform(-action=>"${cgiURL}profEditCourseFiles.pl"), "\n",
162 :			$cgi->hidden(-name=>"user", -value=>$user), "\n",
163 :			$cgi->hidden(-name=>"key", -value=>$session_key), "\n",
164 :			$cgi->hidden(-name=>"course", -value=>$course), "\n",
165 :
166 :			$cgi->hidden(-name=>"dir", -value=>$cgi->param("dir")), "\n",
167 :			$cgi->hidden(-name=>"ext", -value=>$cgi->param("ext")), "\n";
168 :
169 :			#get current file
170 :			my ($text, @text);
171 :			if (-e "$currentDir$currentFile") {
172 :			open FILE, "$currentDir$currentFile";
173 :			@text = <FILE>;
174 :			$text = join "", @text;
175 :			} else {
176 :			# wwerror($0, "Message File $currentDir$currentFile does not exist!");
177 :			}
178 :
179 :			#print actual body of message
180 :			print "\n", $cgi->br, $cgi->textarea(-name=>'body', -default=>$text, -rows=>$rows, -columns=>$columns, -override=>1);
181 :
182 :
183 :			#get all message files and create a list
184 :			opendir CURDIR, $currentDir; # or wwerror($0, "Can't open directory $currentDir","","");
185 :			my @filenames = grep /\.$currentExt$/, readdir CURDIR;
186 :			closedir CURDIR;
187 :
188 :			@filenames = sort @filenames;
189 :
190 :			print $cgi->p, $cgi->popup_menu(-name=>'filename', -values=>\@filenames, -default=>$currentFile);
191 :
192 :
193 :			#create all necessary action buttons
194 :			print $cgi->submit(-name=>'action', -value=>'Open'), "\n", $cgi->br,
195 :			$cgi->textfield(-name=>'savefilename', -size => 20, -value=> "$currentFile", -override=>1), ' ',
196 :			$cgi->submit(-name=>'action', -value=>'Save'), " \n",
197 :			$cgi->submit(-name=>'action', -value=>'Save as'), " \n",
198 :			'For "Save As" choose a new filename.', $cgi->br, $cgi->br,
199 :			$cgi->p, $cgi->submit(-name=>'action', -value=>'Revert to original and Resize message window'),
200 :			" Rows: ", $cgi->textfield(-name=>'rows', -size=>3, -value=>$rows),
201 :			" Columns: ", $cgi->textfield(-name=>'columns', -size=>3, -value=>$columns),
202 :			$cgi->br, "If you resize the message window, you will lose all unsaved changes and the students you have selected may be unselected.",
203 :			$cgi->end_form,
204 :			&htmlBOTTOM("profEditCourseFiles", \%inputs);
205 :
206 :			# End of HTML
207 :
208 :
209 :			###### SUBROUTINES ######
210 :			sub saveProblem {
211 :			my ($body, $probFileName)= @_;
212 :
213 :			open (PROBLEM, ">$currentDir$probFileName") \|\|
214 :			wwerror($0, "Could not open $currentDir$probFileName for writing.
215 :			Check that the permissions for this problem are 660 (-rw-rw----)");
216 :			print PROBLEM $body;
217 :			close PROBLEM;
218 :			chmod 0660, "$currentDir$probFileName" \|\|
219 :			print "Content-type: text/html\n\n
220 :			CAN'T CHANGE PERMISSIONS ON FILE $currentDir$probFileName";
221 :
222 :			}
223 :
224 :			sub saveNewProblem {
225 :			my ($body, $new_file_name)= @_;
226 :			#######check that the new file name doesn't exist
227 :			if (-e "$currentDir$new_file_name" ) {
228 :			wwerror("Can not use this file name", "The file\n".
229 :			"$new_file_name\n".
230 :			"already exists.\n" .
231 :			"<b>The new version was not saved.</b>\n" .
232 :			"Go back and choose a different file name or\, if you really want to edit\n".
233 :			"$new_file_name\,\n".
234 :			"go back and hit the \"Save updated version\" button.");
235 :			}
236 :
237 :			wwerror ("Invalid file name", "The file name \"$new_file_name\" does not have a \".$currentExt\" extension.
238 :			<b>The file was not saved.</b>
239 :			Go back and choose a file name with a \".$currentExt\" extension.") unless
240 :			$new_file_name =~ m\|\.$currentExt$\|;
241 :			#######copy new version to the file new_file_name
242 :			open (PROBLEM, ">$currentDir$new_file_name") \|\|
243 :			wwerror($0, "Could not open $currentDir$new_file_name for writing.
244 :			Check that the permissions for the directory $currentDir are 770 (drwxrwx---)");
245 :			print PROBLEM $body;
246 :			close PROBLEM;
247 :			chmod 0660, "$currentDir$new_file_name" \|\|
248 :			print "Content-type: text/html\n\n
249 :			CAN'T CHANGE PERMISSIONS ON FILE $currentDir$new_file_name";
250 :
251 :			}
252 :
253 :			sub user_error {
254 :			my $msg = join " ", @_;
255 :			print $cgi->header,
256 :			$cgi->start_html('-title' => 'User error'),
257 :			$cgi->h1('User error'),
258 :			$cgi->p,
259 :			$cgi->b(HTML::Entities::encode($msg)),
260 :			$cgi->p,
261 :			"Please hit the "<B>Back</B>" button on your browser to ",
262 :			"try again, or notify ", $cgi->br,
263 :			"<", $cgi->a({href=>"mailto:$Global::webmaster"}, $Global::webmaster), "> ",
264 :			"if you believe this message is in error.",
265 :			$cgi->end_html;
266 :			exit(1);
267 :			}

aubreyja at gmail dot com	ViewVC Help
Powered by ViewVC 1.0.9