--- loncom/auth/loncacc.pm	2002/12/10 20:37:21	1.24
+++ loncom/auth/loncacc.pm	2011/10/21 16:03:11	1.54
@@ -2,7 +2,7 @@
 # Cookie Based Access Handler for Construction Area
 # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer)
 #
-# $Id: loncacc.pm,v 1.24 2002/12/10 20:37:21 matthew Exp $
+# $Id: loncacc.pm,v 1.54 2011/10/21 16:03:11 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -26,164 +26,8 @@
 #
 # http://www.lon-capa.org/
 #
-# YEAR=2000
-# 6/15,16/11,22/11,
-# YEAR=2001
-# 01/06,01/11,6/1,9/25,9/28,11/22,12/25,12/26,
-# 01/06/01,05/04,05/05,05/09 Gerd Kortemeyer
-# 12/21 Scott Harrison
-# YEAR=2002
-# 1/4 Gerd Kortemeyer
-###
 
-package Apache::loncacc;
-
-use strict;
-use Apache::Constants qw(:common :http :methods);
-use Apache::File;
-use CGI::Cookie();
-use Fcntl qw(:flock);
-
-sub constructaccess {
-    my ($url,$ownerdomain)=@_;
-    my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)(\w+)/);
-    unless (($ownername) && ($ownerdomain)) { return ''; }
-    # We do not allow editing of previous versions of files.
-    if ($url=~/\.(\d+)\.(\w+)$/) { return ''; }
-    if (($ownername eq $ENV{'user.name'}) &&
-        ($ownerdomain eq $ENV{'user.domain'})) {
-	return ($ownername,$ownerdomain);
-    }
-
-    my $capriv='user.priv.ca./'.
-               $ownerdomain.'/'.$ownername.'./'.
-	       $ownerdomain.'/'.$ownername;
-    foreach (keys %ENV) {
-        if ($_ eq $capriv) {
-           return ($ownername,$ownerdomain);
-        }
-    }
-
-    return '';
-}
-
-sub handler {
-    my $r = shift;
-    my $requrl=$r->uri;
-    $ENV{'request.editurl'}=$requrl;
-    my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
-    my $lonid=$cookies{'lonID'};
-    my $cookie;
-    if ($lonid) {
-	my $handle=$lonid->value;
-        $handle=~s/\W//g;
-        my $lonidsdir=$r->dir_config('lonIDsDir');
-        if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
-            my @profile;
-	    {
-             my $idf=Apache::File->new("$lonidsdir/$handle.id");
-             flock($idf,LOCK_SH);
-             @profile=<$idf>;
-             $idf->close();
-	    }
-            my $envi;
-            for ($envi=0;$envi<=$#profile;$envi++) {
-		chomp($profile[$envi]);
-		my ($envname,$envvalue)=split(/=/,$profile[$envi]);
-                $ENV{$envname} = $envvalue;
-            }
-            $ENV{'user.environment'} = "$lonidsdir/$handle.id";
-            $ENV{'request.state'}    = "construct";
-            $ENV{'request.filename'} = $r->filename;
-
-            unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) {
-                $r->log_reason("Unauthorized $requrl", $r->filename); 
-	        return HTTP_NOT_ACCEPTABLE;
-            }
-
-# -------------------------------------------------------- Load POST parameters
-
-
-        my $buffer;
-
-        $r->read($buffer,$r->header_in('Content-length'));
-
-	unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) {
-            my @pairs=split(/&/,$buffer);
-            my $pair;
-            foreach $pair (@pairs) {
-               my ($name,$value) = split(/=/,$pair);
-               $value =~ tr/+/ /;
-               $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
-               $name  =~ tr/+/ /;
-               $name  =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
-	       &Apache::loncommon::add_to_env("form.$name",$value);
-            } 
-        } else {
-	    my $contentsep=$1;
-            my @lines = split (/\n/,$buffer);
-            my $name='';
-            my $value='';
-            my $fname='';
-            my $fmime='';
-            my $i;
-            for ($i=0;$i<=$#lines;$i++) {
-		if ($lines[$i]=~/^$contentsep/) {
-		    if ($name) {
-                        chomp($value);
-			if ($fname) {
-			    $ENV{"form.$name.filename"}=$fname;
-                            $ENV{"form.$name.mimetype"}=$fmime;
-                        } else {
-                            $value=~s/\s+$//s;
-                        }
-			&Apache::loncommon::add_to_env("form.$name",$value);
-                    }
-                    if ($i<$#lines) {
-			$i++;
-                        $lines[$i]=~
-		 /Content\-Disposition\:\s*form\-data\;\s*name\=\"([^\"]+)\"/i;
-                        $name=$1;
-                        $value='';
-                        if ($lines[$i]=~/filename\=\"([^\"]+)\"/i) {
-			   $fname=$1;
-                           if 
-                            ($lines[$i+1]=~/Content\-Type\:\s*([\w\-\/]+)/i) {
-			      $fmime=$1;
-                              $i++;
-			   } else {
-                              $fmime='';
-                           }
-                        } else {
-			    $fname='';
-                            $fmime='';
-                        }
-                        $i++;
-                    }
-                } else {
-		    $value.=$lines[$i]."\n";
-                }
-            }
-	}
-            $ENV{'request.method'}=$ENV{'REQUEST_METHOD'};
-            $r->method_number(M_GET);
-	    $r->method('GET');
-            $r->headers_in->unset('Content-length');
-
-            return OK; 
-        } else { 
-            $r->log_reason("Cookie $handle not valid", $r->filename) 
-        };
-    }
-
-# ----------------------------------------------- Store where they wanted to go
-
-    $ENV{'request.firsturl'}=$requrl;
-    return FORBIDDEN;
-}
-
-1;
-__END__
+=pod
 
 =head1 NAME
 
@@ -229,11 +73,11 @@ store where they wanted to go (first url
 
 =head1 OTHERSUBROUTINES
 
-=over 4
+=over
 
-=item *
+=item constructaccess($url,$ownerdomain)
 
-constructaccess($url,$ownerdomain) : See if the owner domain and name
+See if the owner domain and name
 in the URL match those in the expected environment.  If so, return 
 two element list ($ownername,$ownerdomain).  Else, return null string.
 
@@ -242,6 +86,121 @@ two element list ($ownername,$ownerdomai
 =cut
 
 
+package Apache::loncacc;
+
+use strict;
+use Apache::Constants qw(:common :http :methods REDIRECT);
+use Fcntl qw(:flock);
+use Apache::lonlocal;
+use Apache::lonnet;
+use Apache::lonacc;
+use LONCAPA qw(:DEFAULT :match);
+
+sub constructaccess {
+    my ($url,$setpriv)=@_;
+
+# We do not allow editing of previous versions of files
+    if ($url=~/\.(\d+)\.(\w+)$/) { return ''; }
+
+# Get username and domain from URL
+    my ($ownerdomain,$ownername)=($url=~/^\/priv\/($match_domain)\/($match_username)\//);
+
+# The URL does not really point to any authorspace, forget it
+    unless (($ownername) && ($ownerdomain)) { return ''; }
+  
+# Now we need to see if the user has access to the authorspace of
+# $ownername at $ownerdomain
+
+    if (($ownername eq $env{'user.name'}) && ($ownerdomain eq $env{'user.domain'})) {
+# Real author for this?
+       if (exists($env{'user.priv.au./'.$ownerdomain.'/./'})) {
+          return ($ownername,$ownerdomain);
+       }
+    } else {
+# Co-author for this?
+	if (exists($env{'user.priv.ca./'.$ownerdomain.'/'.$ownername.'./'}) ||
+	    exists($env{'user.priv.aa./'.$ownerdomain.'/'.$ownername.'./'}) ) {
+	    return ($ownername,$ownerdomain);
+	}
+    }
+# We don't have any access right now. If we are not possibly going to do anything about this,
+# we might as well leave
+   unless ($setpriv) { return ''; }
+
+# Backdoor access?
+    my $allowed=&Apache::lonnet::allowed('eco',$ownerdomain);
+# Nope
+    unless ($allowed) { return ''; }
+# Looks like we may have access, but could be locked by the owner of the construction space
+    if ($allowed eq 'U') {
+        my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],
+                                         $ownerdomain,$ownername);
+# Is blocked by owner
+        if ($blocked{'domcoord.author'} eq 'blocked') { return ''; }
+    }
+    if (($allowed eq 'F') || ($allowed eq 'U')) {
+# Grant temporary access
+        my $then=$env{'user.login.time'};
+        my $update==$env{'user.update.time'};
+        if (!$update) { $update = $then; }
+        my $refresh=$env{'user.refresh.time'};
+        if (!$refresh) { $refresh = $update; }
+        my $now = time;
+        &Apache::lonnet::check_adhoc_privs($ownerdomain,$ownername,
+                                           $update,$refresh,$now,'ca',
+                                           'constructaccess');
+        return($ownername,$ownerdomain);
+    }
+# No business here
+    return '';
+}
+
+sub handler {
+    my $r = shift;
+    my $requrl=$r->uri;
+    $env{'request.editurl'}=$requrl;
+
+    my $handle =  &Apache::lonnet::check_for_valid_session($r);
+    if ($handle ne '') {
+
+# ------------------------------------------------------ Initialize Environment
+        my $lonidsdir=$r->dir_config('lonIDsDir');
+	&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
+
+# --------------------------------------------------------- Initialize Language
+ 
+	&Apache::lonlocal::get_language_handle($r);
+
+# -------------------------------------------------------------- Resource State
+
+	$env{'request.state'}    = "construct";
+	$env{'request.filename'} = $r->filename;
+
+	unless (&constructaccess($requrl,'setpriv')) {
+	    $r->log_reason("Unauthorized $requrl", $r->filename); 
+	    return HTTP_NOT_ACCEPTABLE;
+	}
+
+# -------------------------------------------------------- Load POST parameters
+
+	&Apache::lonacc::get_posted_cgi($r);
+
+	return OK; 
+    } else { 
+	$r->log_reason("Cookie $handle not valid", $r->filename) 
+    }
+
+# ----------------------------------------------- Store where they wanted to go
+
+    $env{'request.firsturl'}=$requrl;
+    return FORBIDDEN;
+}
+
+1;
+__END__
+
+
+