--- loncom/auth/loncacc.pm 2011/10/21 16:03:11 1.54 +++ loncom/auth/loncacc.pm 2011/10/30 20:31:02 1.57 @@ -2,7 +2,7 @@ # Cookie Based Access Handler for Construction Area # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer) # -# $Id: loncacc.pm,v 1.54 2011/10/21 16:03:11 www Exp $ +# $Id: loncacc.pm,v 1.57 2011/10/30 20:31:02 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -42,11 +42,11 @@ Invoked (for various locations) by /etc/ =head1 INTRODUCTION This module enables cookie based authentication for construction area -and is used to control access for three (essentially equivalent) URIs. +and is used to control access for the following two types of URI +(one for files, and one for directories): - - + Whenever the client sends the cookie back to the server, if the cookie is missing or invalid, the user is re-challenged @@ -75,12 +75,12 @@ store where they wanted to go (first url =over -=item constructaccess($url,$ownerdomain) +=item constructaccess($url,$setpriv) See if the owner domain and name in the URL match those in the expected environment. If so, return two element list ($ownername,$ownerdomain). Else, return null string. - +If 'setpriv' is set to 'setpriv', it actually assigns the privileges. =back =cut @@ -103,7 +103,8 @@ sub constructaccess { if ($url=~/\.(\d+)\.(\w+)$/) { return ''; } # Get username and domain from URL - my ($ownerdomain,$ownername)=($url=~/^\/priv\/($match_domain)\/($match_username)\//); + my $londocroot = $Apache::lonnet::perlvar{'lonDocRoot'}; + my ($ownerdomain,$ownername)=($url=~ m{^(?:\Q$londocroot\E|)/priv/($match_domain)/($match_username)/}); # The URL does not really point to any authorspace, forget it unless (($ownername) && ($ownerdomain)) { return ''; }