loncom/auth/lonacc.pm - diff

Return to lonacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonacc.pm between versions 1.85 and 1.88

version 1.85, 2006/07/10 03:58:45	version 1.88, 2006/07/21 16:07:48
Line 35 use Apache::File;	Line 35 use Apache::File;
use Apache::lonnet;	use Apache::lonnet;
use Apache::loncommon();	use Apache::loncommon();
use Apache::lonlocal;	use Apache::lonlocal;
	use Apache::restrictedaccess();
use CGI::Cookie();	use CGI::Cookie();
use Fcntl qw(:flock);	use Fcntl qw(:flock);
use LONCAPA;	use LONCAPA;
Line 137 sub get_posted_cgi {	Line 138 sub get_posted_cgi {
}	}

sub portfolio_access {	sub portfolio_access {
	my ($r,$requrl) = @_;
	my $access=&Apache::lonnet::allowed('bre',$requrl);
	if ($access eq '2' \|\| $access eq 'F') {
	return OK;
	}
	my (undef,$udom,$unum,$file_name,$group) = &parse_portfolio_url($requrl);
	my $result = &get_portfolio_access($udom,$unum,$file_name,$group);
	&Apache::lonnet::logthis("got pa of $result");
	if ($result eq 'ok') {
	return OK;
	} elsif ($result =~ /^[^:]+:guest_/) {
	&Apache::lonnet::logthis("doign pac $result");
	&passphrase_access_checker($r,$result,$requrl);
	return OK;
	}
	return undef;
	}

	sub get_portfolio_access {
my ($udom,$unum,$file_name,$group) = @_;	my ($udom,$unum,$file_name,$group) = @_;

my $current_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum);	my $current_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum);
my %access_controls = &Apache::lonnet::get_access_controls(	my %access_controls = &Apache::lonnet::get_access_controls(
$current_perms,$group,$file_name);	$current_perms,$group,$file_name);
Line 178 sub portfolio_access {	Line 199 sub portfolio_access {
} else {	} else {
if (@domains > 0) {	if (@domains > 0) {
foreach my $domkey (@domains) {	foreach my $domkey (@domains) {
my %content = &Apache::lonnet::parse_access_controls($$access_hash{$domkey});	if (ref($access_hash->{$domkey}{'dom'}) eq 'ARRAY') {
if (ref($content{'dom'}) eq 'ARRAY') {	if (grep(/^\Q$env{'user.domain'}\E$/,@{$access_hash->{$domkey}{'dom'}})) {
if (grep(/^\Q$env{'user.domain'}\E$/,@{$content{'dom'}})) {
return 'ok';	return 'ok';
}	}
}	}
Line 188 sub portfolio_access {	Line 208 sub portfolio_access {
}	}
if (@users > 0) {	if (@users > 0) {
foreach my $userkey (@users) {	foreach my $userkey (@users) {
my %content = &Apache::lonnet::parse_access_controls($$access_hash{$userkey});	if (exists($access_hash->{$userkey}{'users'}{$env{'user.name'}.':'.$env{'user.domain'}})) {
if (exists($content{'users'}{$env{'user.name'}.':'.$env{'user.domain'}})) {
return 'ok';	return 'ok';
}	}
}	}
Line 228 sub portfolio_access {	Line 247 sub portfolio_access {
return;	return;
}	}
foreach my $key (@courses_and_groups) {	foreach my $key (@courses_and_groups) {
my %content = &Apache::lonnet::parse_access_controls($$access_hash{$key});	my %content = %{$$access_hash{$key}};
my $cnum = $content{'number'};	my $cnum = $content{'number'};
my $cdom = $content{'domain'};	my $cdom = $content{'domain'};
my $cid = $cdom.'_'.$cnum;	my $cid = $cdom.'_'.$cnum;
Line 292 sub passphrase_access_checker {	Line 311 sub passphrase_access_checker {
}	}
}	}
}	}
my $login = $r->dir_config('Login');	$r->set_handlers('PerlHandler'=> \&Apache::restrictedaccess::handler);
$login .= '?origurl='.&escape($requrl);	$r->content_type('perl-script');
$r->custom_response(FORBIDDEN,$login);
return;	return;
}	}

Line 322 sub course_group_datechecker {	Line 340 sub course_group_datechecker {
return;	return;
}	}

	sub parse_portfolio_url {
	my ($url) = @_;

	my ($type,$udom,$unum,$group,$file_name);

	if ($url =~ m-/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$-) {
	$type = 1;
	$udom = $1;
	$unum = $2;
	$file_name = $3;
	} elsif ($url =~ m-/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$-) {
	$type = 2;
	$udom = $1;
	$unum = $2;
	$group = $3;
	$file_name = $3.'/'.$4;
	}
	if (wantarray) {
	return ($type,$udom,$unum,$file_name,$group);
	}
	return $type;
	}

	sub is_portfolio_url {
	my ($url) = @_;
	return scalar(&parse_portfolio_url($url));
	}

sub handler {	sub handler {
my $r = shift;	my $r = shift;
my $requrl=$r->uri;	my $requrl=$r->uri;
Line 384 sub handler {	Line 430 sub handler {

# ---------------------------------------------------------------- Check access	# ---------------------------------------------------------------- Check access
my $now = time;	my $now = time;
if ($requrl =~ m\|/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$\|) {	if (&is_portfolio_url($requrl)) {
my $result = &portfolio_access($1,$2,$3);	my $result = &portfolio_access($r,$requrl);
if ($result eq 'ok') {	if (defined($result)) { return $result; }
return OK;	}
} elsif ($result =~ /^[^:]+:guest_/) {
if (&passphrase_access_checker($r,$result,$requrl) eq 'ok') {
return OK;
} else {
return FORBIDDEN;
}
}
} elsif ($requrl =~ m\|/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$\|) {
my $result = &portfolio_access($1,$2,$3.'/'.$4,$3);
if ($result eq 'ok') {
return OK;
} elsif ($result =~ /^[^:]+:guest_/) {
if (&passphrase_access_checker($r,$result,$requrl) eq 'ok') {
return OK;
} else {
return FORBIDDEN;
}
}
}
if ($requrl!~/^\/adm\|public\|prtspool\//) {	if ($requrl!~/^\/adm\|public\|prtspool\//) {
my $access=&Apache::lonnet::allowed('bre',$requrl);	my $access=&Apache::lonnet::allowed('bre',$requrl);
if ($access eq '1') {	if ($access eq '1') {
Line 497 sub handler {	Line 524 sub handler {
} else {	} else {
$r->log_reason("Cookie $handle not valid", $r->filename);	$r->log_reason("Cookie $handle not valid", $r->filename);
}	}
}	}

# -------------------------------------------- See if this is a public resource	# -------------------------------------------- See if this is a public resource
if ($requrl=~m\|^/public/\|	if ($requrl=~m\|^/public/\|
Line 520 sub handler {	Line 547 sub handler {
return OK;	return OK;
}	}
# ------------------------------------- See if this is a viewable portfolio file	# ------------------------------------- See if this is a viewable portfolio file
if ($requrl =~ m\|/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$\|) {	if (&is_portfolio_url($requrl)) {
my $result = &portfolio_access($1,$2,$3);	my $result = &portfolio_access($r,$requrl);
if ($result eq 'ok') {	if (defined($result)) { return $result; }
return OK;
} elsif ($result =~ /^[^:]+:guest_/) {
if (&passphrase_access_checker($r,$result,$requrl) eq 'ok') {
return OK;
} else {
return FORBIDDEN;
}
}
} elsif ($requrl =~ m\|/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$\|) {
my $result = &portfolio_access($1,$2,$3.'/'.$4,$3);
if ($result eq 'ok') {
return OK;
} elsif ($result =~ /^[^:]+:guest_/) {
if (&passphrase_access_checker($r,$result,$requrl) eq 'ok') {
return OK;
} else {
return FORBIDDEN;
}
}
}	}

# -------------------------------------------------------------- Not authorized	# -------------------------------------------------------------- Not authorized
$requrl=~/\.(\w+)$/;	$requrl=~/\.(\w+)$/;
# if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') \|\|	# if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') \|\|

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.85
changed lines
	Added in v.1.88