Index: openacs-4/packages/dotlrn/sql/oracle/dotlrn-security-create.sql =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/sql/oracle/Attic/dotlrn-security-create.sql,v diff -u -N -r1.2 -r1.3 --- openacs-4/packages/dotlrn/sql/oracle/dotlrn-security-create.sql 29 Nov 2001 06:05:37 -0000 1.2 +++ openacs-4/packages/dotlrn/sql/oracle/dotlrn-security-create.sql 3 Dec 2001 02:51:27 -0000 1.3 @@ -15,6 +15,9 @@ DECLARE BEGIN + -- the ability to browse dotLRN in general + acs_privilege.create_privilege('dotlrn_browse'); + -- the ability to even view that a community exists acs_privilege.create_privilege('dotlrn_view_community'); @@ -49,6 +52,9 @@ acs_privilege.add_child('admin', 'dotlrn_admin_community'); acs_privilege.add_child('admin', 'dotlrn_admin_community_type'); + -- for now, we only want admins to be able to browse by default + acs_privilege.add_child('admin', 'dotlrn_browse'); + -- no default permissions end; Index: openacs-4/packages/dotlrn/tcl/community-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/tcl/community-procs.tcl,v diff -u -N -r1.31 -r1.32 --- openacs-4/packages/dotlrn/tcl/community-procs.tcl 1 Dec 2001 23:34:55 -0000 1.31 +++ openacs-4/packages/dotlrn/tcl/community-procs.tcl 3 Dec 2001 02:51:27 -0000 1.32 @@ -254,6 +254,7 @@ set admin_segment_id [rel_segments_new $community_id dotlrn_admin_rel "Admins of $community_name"] # Grant permissions + ad_permission_grant $member_segment_id $community_id read ad_permission_grant $member_segment_id $community_id write ad_permission_grant $admin_segment_id $community_id admin } Index: openacs-4/packages/dotlrn/tcl/dotlrn-init.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/tcl/dotlrn-init.tcl,v diff -u -N -r1.2 -r1.3 --- openacs-4/packages/dotlrn/tcl/dotlrn-init.tcl 20 Sep 2001 21:04:56 -0000 1.2 +++ openacs-4/packages/dotlrn/tcl/dotlrn-init.tcl 3 Dec 2001 02:51:27 -0000 1.3 @@ -17,5 +17,28 @@ } -# ad_register_filter preauth GET /* dotlrn_filter +# We go through all Applets and make sure they are added. +# NOTE FROM BEN TO ARJUN: Add code here +# +# + +# We check to see if dotLRN has been installed, and if so, if permissions +# have been granted + +set main_package_id [dotlrn::get_package_id] + +# if installed +if {![empty_string_p $main_package_id]} { + # Grantee + set grantee_id [dotlrn::get_full_users_rel_segment_id] + + # Grant the permission + if {![ad_permission_p -user_id $grantee_id $main_package_id dotlrn_browse]} { + ad_permission_grant $grantee_id $main_package_id dotlrn_browse + } +} + +# Make sure that privacy is turned on +acs_privacy::privacy_control_set 1 + Index: openacs-4/packages/dotlrn/tcl/dotlrn-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/tcl/dotlrn-procs.tcl,v diff -u -N -r1.14 -r1.15 --- openacs-4/packages/dotlrn/tcl/dotlrn-procs.tcl 1 Dec 2001 23:34:55 -0000 1.14 +++ openacs-4/packages/dotlrn/tcl/dotlrn-procs.tcl 3 Dec 2001 02:51:27 -0000 1.15 @@ -52,6 +52,18 @@ return $node(object_id) } + ad_proc -public get_users_rel_segment_id {} { + returns the rel_segment_id of the dotLRN users segment + } { + return [db_string select_user_rel_segment {}] + } + + ad_proc -public get_full_users_rel_segment_id {} { + returns the rel_segment_id of the dotLRN full users segment + } { + return [db_string select_user_rel_segment {}] + } + ad_proc -public get_user_theme { user_id } { Index: openacs-4/packages/dotlrn/tcl/dotlrn-procs.xql =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/tcl/dotlrn-procs.xql,v diff -u -N -r1.6 -r1.7 --- openacs-4/packages/dotlrn/tcl/dotlrn-procs.xql 1 Dec 2001 23:16:27 -0000 1.6 +++ openacs-4/packages/dotlrn/tcl/dotlrn-procs.xql 3 Dec 2001 02:51:27 -0000 1.7 @@ -2,24 +2,18 @@ - + -select count(*) from acs_object_types where object_type=:group_type_key +select segment_id from rel_segments where segment_name='dotLRN Users' - + -select count(*) from acs_object_types where object_type=:class_group_type_key +select segment_id from rel_segments where segment_name='dotLRN Full Access Users' - - -select count(*) from acs_object_types where object_type=:club_group_type_key - - - select theme_id from dotlrn_full_users where user_id = :user_id Index: openacs-4/packages/dotlrn/tcl/dotlrn-security-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/tcl/dotlrn-security-procs.tcl,v diff -u -N -r1.8 -r1.9 --- openacs-4/packages/dotlrn/tcl/dotlrn-security-procs.tcl 1 Dec 2001 23:16:27 -0000 1.8 +++ openacs-4/packages/dotlrn/tcl/dotlrn-security-procs.tcl 3 Dec 2001 02:51:27 -0000 1.9 @@ -90,12 +90,7 @@ } { Check is a user can browse dotLRN } { - if {[empty_string_p $user_id]} { - set user_id [ad_conn user_id] - } - - # FIXME: must check that a user can browse - return 1 + return [ad_permission_p -user_id $user_id [dotlrn::get_package_id] dotlrn_browse] } ad_proc -public require_user_browse { @@ -108,25 +103,35 @@ } } - ad_proc -public user_can_read_sensitive_data_p { + ad_proc -public set_user_read_private_data { + {-user_id:required} + val + } { + set whether or not a user can read private data + } { + acs_privacy::set_user_read_private_data -user_id $user_id -object_id [dotlrn::get_package_id] $val + } + + ad_proc -public user_can_read_private_data_p { {user_id ""} } { Check if a user can read sensitive data in dotLRN } { if {[empty_string_p $user_id]} { set user_id [ad_conn user_id] } + + ns_log Notice "BEN: dotlrn::user_can_read_private_data_p -- got the call, user_id = $user_id" - # FIXME - return 1 + return [acs_privacy::user_can_read_private_data_p -user_id $user_id -object_id [dotlrn::get_package_id]] } - - ad_proc -public require_user_read_sensitive_data { + + ad_proc -public require_user_read_private_data { {user_id ""} } { Require that a user be able to read sensitive data } { - if {![user_can_read_sensitive_data_p -user_id $user_id]} { + if {![user_can_read_private_data_p -user_id $user_id]} { do_abort } } @@ -138,9 +143,10 @@ Check if a user can read a community type } { # FIXME: permission hack + # NOT SURE HOW TO FIX THIS WITHOUT object_ids on community types return 1 } - + ad_proc -public require_user_read_community_type { {-user_id ""} community_type @@ -151,7 +157,7 @@ do_abort } } - + ad_proc -public user_can_read_community_p { {-user_id ""} community_id @@ -178,8 +184,11 @@ } { check if a user is a member of a community } { - # FIXME: security hack - return 1 + if {[empty_string_p $user_id]} { + set user_id [ad_conn user_id] + } + + return [dotlrn_community::member_p $community_id $user_id] } ad_proc -public require_user_community_member { @@ -192,7 +201,7 @@ do_abort } } - + ad_proc -public user_can_admin_community_p { {-user_id ""} community_id @@ -201,7 +210,7 @@ } { return [ad_permission_p -user_id $user_id $community_id dotlrn_admin_community] } - + ad_proc -public require_user_admin_community { {-user_id ""} community_id Index: openacs-4/packages/dotlrn/www/community-user-add-2.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/www/community-user-add-2.tcl,v diff -u -N -r1.2 -r1.3 --- openacs-4/packages/dotlrn/www/community-user-add-2.tcl 28 Nov 2001 00:11:48 -0000 1.2 +++ openacs-4/packages/dotlrn/www/community-user-add-2.tcl 3 Dec 2001 02:51:27 -0000 1.3 @@ -11,7 +11,7 @@ set community_id [dotlrn_community::get_community_id] # Get user information -db_1row select_user_info "select first_names, last_name, email from dotlrn_users_full where user_id=:user_id" +db_1row select_user_info "select first_names, last_name, email from dotlrn_full_users where user_id=:user_id" # Depending on the community_type, we have allowable rel_types set rel_types [dotlrn_community::get_allowed_rel_types -community_id $community_id] Index: openacs-4/packages/dotlrn/www/community-user-add.xql =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/www/community-user-add.xql,v diff -u -N -r1.1 -r1.2 --- openacs-4/packages/dotlrn/www/community-user-add.xql 27 Nov 2001 23:32:03 -0000 1.1 +++ openacs-4/packages/dotlrn/www/community-user-add.xql 3 Dec 2001 02:51:27 -0000 1.2 @@ -4,7 +4,7 @@ -select user_id, first_names, last_name, email from dotlrn_users_full where lower(last_name) like lower('%' || :search_text || '%') or lower(email) like lower('%' || :search_text || '%') and user_id not in (select user_id from dotlrn_member_rels_full where community_id= :community_id) +select user_id, first_names, last_name, email from dotlrn_full_users where lower(last_name) like lower('%' || :search_text || '%') or lower(email) like lower('%' || :search_text || '%') and user_id not in (select user_id from dotlrn_member_rels_full where community_id= :community_id) Index: openacs-4/packages/dotlrn/www/one-community.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/www/one-community.tcl,v diff -u -N -r1.8 -r1.9 --- openacs-4/packages/dotlrn/www/one-community.tcl 1 Dec 2001 23:16:27 -0000 1.8 +++ openacs-4/packages/dotlrn/www/one-community.tcl 3 Dec 2001 02:51:27 -0000 1.9 @@ -7,6 +7,9 @@ } { } +ns_log Notice "BEN TEST!" + + # Check that this is a community type if {[ad_parameter community_level_p] != 1} { ns_returnredirect "./"