Annotation of loncom/auth/publiccheck.pm, revision 1.28

1.1       albertel    1: # The LearningOnline Network
                      2: # Cookie Based Access Handler
                      3: #
1.28    ! raeburn     4: # $Id: publiccheck.pm,v 1.27 2020/12/18 15:23:03 raeburn Exp $
1.1       albertel    5: #
                      6: # Copyright Michigan State University Board of Trustees
                      7: #
                      8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
                      9: #
                     10: # LON-CAPA is free software; you can redistribute it and/or modify
                     11: # it under the terms of the GNU General Public License as published by
                     12: # the Free Software Foundation; either version 2 of the License, or
                     13: # (at your option) any later version.
                     14: #
                     15: # LON-CAPA is distributed in the hope that it will be useful,
                     16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
                     17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
                     18: # GNU General Public License for more details.
                     19: #
                     20: # You should have received a copy of the GNU General Public License
                     21: # along with LON-CAPA; if not, write to the Free Software
                     22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
                     23: #
                     24: # /home/httpd/html/adm/gpl.txt
                     25: #
                     26: # http://www.lon-capa.org/
                     27: #
                     28: ###
                     29: 
                     30: package Apache::publiccheck;
                     31: 
                     32: use strict;
                     33: use Apache::Constants qw(:common :http :methods);
                     34: use Apache::lonnet;
                     35: use Apache::loncommon();
                     36: use Apache::lonlocal;
                     37: use Fcntl qw(:flock);
1.2       albertel   38: use Apache::lonacc();
1.13      albertel   39: use LONCAPA();
1.1       albertel   40: 
                     41: sub handler {
                     42:     my $r = shift;
1.8       albertel   43: 
1.1       albertel   44:     my $requrl=$r->uri;
1.16      raeburn    45: 
1.14      raeburn    46:     if (&Apache::lonnet::is_domainimage($requrl)) {
                     47:         return OK;
                     48:     }
1.15      albertel   49: 
1.16      raeburn    50:     if ($requrl =~ m{^/res/adm/pages/[^/]+\.(gif|png)$}) {
                     51:         return OK;
                     52:     }
                     53: 
1.15      albertel   54:     my $handle = &Apache::lonnet::check_for_valid_session($r);
                     55:     if ($handle ne '') {
1.1       albertel   56:         my $lonidsdir=$r->dir_config('lonIDsDir');
1.15      albertel   57: 	&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
                     58: 	if ($env{'user.name'} ne 'public'
                     59: 	    && $env{'user.domain'} ne 'public') {
                     60: 	    return OK;
1.1       albertel   61: 	}
                     62:     }
                     63:     if ($requrl=~m|^/public/|
1.4       albertel   64: 	|| $requrl=~m|^/adm/help/.*\.hlp$|
1.10      albertel   65: 	|| $requrl=~m|^/adm/[^/]+/[^/]+/aboutme/portfolio$|
1.17      droeschl   66: 	|| (&Apache::lonnet::metadata($requrl,'copyright') eq 'public') 
1.22      raeburn    67:     || $requrl=~m|^/adm/blockingstatus/.*$|) {
1.3       raeburn    68:         &process_public($r,$requrl);
1.1       albertel   69:         return OK;
1.8       albertel   70:     } elsif (&Apache::lonnet::is_portfolio_url($requrl)) {
1.7       albertel   71: 	my (undef,$udom,$unum,$file_name,$group) = 
1.8       albertel   72: 	    &Apache::lonnet::parse_portfolio_url($requrl);
1.24      raeburn    73:         my $access = &process_portfolio($r,$udom,$unum,$file_name,$group);
1.5       raeburn    74:         if ($access) {
                     75:             &process_public($r,$requrl,$access);
1.3       raeburn    76:             return OK;
                     77:         } 
1.5       raeburn    78:     } elsif ($requrl eq '/adm/restrictedaccess') {
                     79:         &process_public($r,$requrl);
1.8       albertel   80: 	return OK;
1.12      raeburn    81:     } elsif ($requrl eq '/adm/blockedaccess') {
                     82:        &process_public($r,$requrl);
                     83:        return OK;
1.18      droeschl   84:     }
1.1       albertel   85:     return DECLINED;
                     86: }
                     87: 
1.3       raeburn    88: sub process_public {
1.5       raeburn    89:     my ($r,$requrl,$access) = @_;
1.3       raeburn    90:     &Apache::lonnet::logthis('Granting public access: '.$requrl);
                     91:     if ($env{'user.name'} ne 'public' && $env{'user.domain'} ne 'public') {
                     92:         my $cookie=&Apache::lonauth::success($r,'public','public','public');
                     93:         my $lonidsdir=$r->dir_config('lonIDsDir');
                     94:         &Apache::lonnet::transfer_profile_to_env($lonidsdir,$cookie);
1.26      raeburn    95: 	$r->err_header_out('Set-cookie',"lonPubID=$cookie; path=/; HttpOnly");
1.3       raeburn    96:     }
                     97:     &Apache::lonacc::get_posted_cgi($r);
                     98:     $env{'request.state'} = "published";
                     99:     $env{'request.publicaccess'} = 1;
                    100:     $env{'request.filename'} = $r->filename;
                    101:     return;
                    102: }
                    103: 
                    104: sub process_portfolio {
1.24      raeburn   105:     my ($r,$udom,$unum,$file_name,$group) = @_;
1.3       raeburn   106:     my $current_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum);
                    107:     my %access_controls = &Apache::lonnet::get_access_controls($current_perms,$group,$file_name);
1.28    ! raeburn   108:     return unless (ref($access_controls{$file_name}) eq 'HASH');
1.5       raeburn   109:     my $access = '';
1.3       raeburn   110:     my $now = time;
1.27      raeburn   111:     my $clientip = &Apache::lonnet::get_requestor_ip($r);
1.28    ! raeburn   112:     my $portaccess = &Apache::lonnet::usertools_access($unum,$udom,'portaccess',undef,'tools');
1.3       raeburn   113:     foreach my $key (keys(%{$access_controls{$file_name}})) {
                    114:         my ($num,$scope,$end,$start) = ($key =~ /^([^:]+):([a-z]+)_(\d*)_?(\d*)$/);
1.28    ! raeburn   115:         if (!$portaccess) {
        !           116:             next unless ($scope eq 'ip');
        !           117:         }
1.3       raeburn   118:         if ($start > $now) {
                    119:             next;
                    120:         }
                    121:         if ($end && $end<$now) {
                    122:             next;
                    123:         }
                    124:         if ($scope eq 'public') {
1.5       raeburn   125:             $access = 'public';
1.3       raeburn   126:             last;
                    127:         }
1.24      raeburn   128:         if ($scope eq 'ip') {
                    129:             if (ref($access_controls{$file_name}{$key}) eq 'HASH') {
                    130:                 if (ref($access_controls{$file_name}{$key}{'ip'}) eq 'ARRAY') {
                    131:                     if (&Apache::loncommon::check_ip_acc(join(',',@{$access_controls{$file_name}{$key}{'ip'}}),$clientip)) {
                    132:                         $access = 'ip';
                    133:                         last;
                    134:                     }
                    135:                 }
                    136:             }
                    137:         }
1.5       raeburn   138:         if ($scope eq 'guest') {
                    139:             $access = 'guest';
                    140:         }
1.3       raeburn   141:     }
1.5       raeburn   142:     return $access;
1.3       raeburn   143: }
                    144: 
1.1       albertel  145: 1;
                    146: 
                    147: __END__

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>