1 files changed, 47 insertions, 16 deletions
diff --git a/GradeBook.tcl b/GradeBook.tcl
index b469e40..3b7e187 100755
--- a/GradeBook.tcl
+++ b/GradeBook.tcl
@@ -16,13 +16,14 @@ package require md5
 set sortCol LastName
 set user guest
 set password guest
+set action defaultview
 # defaults end
 
 # read cookies
 set user [::ncgi::cookie user]
 set sortCol [::ncgi::cookie sortCol]
 set password [::ncgi::cookie password]
-set action [::ncgi::value action none]
+set action [::ncgi::value action defaultview]
 # end of read cookies
 
 if { [catch {set script_name $env(SCRIPT_NAME)} errStat] } { set script_name unknown}
@@ -70,12 +71,12 @@ proc CreateGradesTable {db} {
 }
 
 proc CreateAccessRightsTable {db} {
-	db eval {CREATE TABLE AccessRightsTable(GroupName text,     sort integer,  addcolumn integer, deletecolumn integer, renamecolumn integer, editcolumn integer)}
-	db eval {INSERT INTO AccessRightsTable VALUES('instructor', 1,             1,                 1,                    1,                    1)}
-	db eval {INSERT INTO AccessRightsTable VALUES('ta',         1,             1,                 1,                    1,                    1)}
-	db eval {INSERT INTO AccessRightsTable VALUES('student',    1,             0,                 0,                    0,                    0)}
+	db eval {CREATE TABLE AccessRightsTable(GroupName text,     showgrades integer, sort integer,  addcolumn integer, deletecolumn integer, renamecolumn integer, editcolumn integer, showcontrols integer)}
+	db eval {INSERT INTO AccessRightsTable VALUES('instructor', 1,                  1,             1,                 1,                    1,                    1,                  1)}
+	db eval {INSERT INTO AccessRightsTable VALUES('ta',         1,                  1,             1,                 1,                    1,                    1,                  1)}
+	db eval {INSERT INTO AccessRightsTable VALUES('student',    1,                  0,             0,                 0,                    0,                    0,                  0)}
 	# guest should have no rights make sure that 0 is evereywhere
-	db eval {INSERT INTO AccessRightsTable VALUES('guest',      0,             0,                 0,                    0,                    0)}
+	db eval {INSERT INTO AccessRightsTable VALUES('guest',      0,                  0,             0,                 0,                    0,                    0,                  0)}
 }
 
 proc htmlDBout {db permission_list {sort_col {}}} {
@@ -221,16 +222,39 @@ proc SetSortColumn {} {
 	::ncgi::setCookie  -name sortCol -value $sortCol
 }
 
+proc isActionGranted { action permission_list user } {
+	array set permission $permission_list
+	if { $action == "defaultview" } { 
+		# this one permitted to everyone
+		return 1;
+	}
+	if { [info exist permission($action) ] && $permission($action) } {
+		dbg "requested action $action is granted" 4
+		return 1;
+	} else {
+		dbg "requested action $action is not granted" 4
+		return 0;
+	}
+}
+
 proc ChoseAction {action permission_list user} {
 	array set permission $permission_list
 	dbg "requested action: $action" 3
-	switch $action {
-		sort { if { $permission(sort) } { SetSortColumn; ChoseAction {} $permission_list $user } } 
-		addcolumn { if { $permission(addcolumn) } { } } 
-		deletecolumn { if { $permission(deletecolumn) } { } } 
-		renamecolumn { if { $permission(renamecolumn) } { } } 
-		default { htmlGradesTable db $permission_list  $user  }
-	}	
+	if { [isActionGranted $action $permission_list $user] } {
+		switch $action {
+			sort { SetSortColumn; ChoseAction defaultview $permission_list $user } 
+			addcolumn { AddColumn } 
+			deletecolumn { } 
+			renamecolumn { } 
+			showcontrols { } 
+			showgrades { htmlGradesTable db $permission_list  $user }
+			defaultview { htmlDefaultView   $permission_list  $user }
+			default { }
+		}	
+	} 
+}
+
+proc AddColumn {} { 
 }
 
 proc AccessGroupRights {db  user password } {
@@ -304,6 +328,13 @@ proc htmlGradesTable {db permission_list  user} {
 	}
 }
 
+proc htmlDefaultView { permission_list user } {
+	ChoseAction showcontrols $permission_list $user
+	ChoseAction showgrades $permission_list $user
+	htmlBottom $permission_list
+}
+
+
 
 ##################### end of procs ####################################
 set timestamp [clock format [clock seconds] -format "%Y-%m-%dT%H:%M:%S"]
@@ -313,8 +344,8 @@ set timestamp [clock format [clock seconds] -format "%Y-%m-%dT%H:%M:%S"]
 #CreateAccessRightsTable db
 dbg [::ncgi::names] 4
 # logon and logoff actions are granted to everyone
-if { $action == "logon" } { LogMeOn }   
-if { $action == "logoff" } { LogMeOff } 
+if { $action == "logon"  } { LogMeOn;   set action none }   
+if { $action == "logoff" } { LogMeOff;  set action none } 
 
 dbg "===== Connection at $timestamp for user $user ====="
 set permission_list [AccessGroupRights db $user $password]
@@ -322,9 +353,9 @@ set permission_list [AccessGroupRights db $user $password]
 ::ncgi::header
 htmlTop $permission_list
 ChoseAction $action $permission_list $user
+#htmlDefaultView     $permission_list $user
 #htmlGradesTable db $permission_list  $user
 #htmlDBout db $sortCol
-htmlBottom $permission_list