Annotation of loncom/auth/publiccheck.pm, revision 1.28
1.1 albertel 1: # The LearningOnline Network
2: # Cookie Based Access Handler
3: #
1.28 ! raeburn 4: # $Id: publiccheck.pm,v 1.27 2020/12/18 15:23:03 raeburn Exp $
1.1 albertel 5: #
6: # Copyright Michigan State University Board of Trustees
7: #
8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
9: #
10: # LON-CAPA is free software; you can redistribute it and/or modify
11: # it under the terms of the GNU General Public License as published by
12: # the Free Software Foundation; either version 2 of the License, or
13: # (at your option) any later version.
14: #
15: # LON-CAPA is distributed in the hope that it will be useful,
16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18: # GNU General Public License for more details.
19: #
20: # You should have received a copy of the GNU General Public License
21: # along with LON-CAPA; if not, write to the Free Software
22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23: #
24: # /home/httpd/html/adm/gpl.txt
25: #
26: # http://www.lon-capa.org/
27: #
28: ###
29:
30: package Apache::publiccheck;
31:
32: use strict;
33: use Apache::Constants qw(:common :http :methods);
34: use Apache::lonnet;
35: use Apache::loncommon();
36: use Apache::lonlocal;
37: use Fcntl qw(:flock);
1.2 albertel 38: use Apache::lonacc();
1.13 albertel 39: use LONCAPA();
1.1 albertel 40:
41: sub handler {
42: my $r = shift;
1.8 albertel 43:
1.1 albertel 44: my $requrl=$r->uri;
1.16 raeburn 45:
1.14 raeburn 46: if (&Apache::lonnet::is_domainimage($requrl)) {
47: return OK;
48: }
1.15 albertel 49:
1.16 raeburn 50: if ($requrl =~ m{^/res/adm/pages/[^/]+\.(gif|png)$}) {
51: return OK;
52: }
53:
1.15 albertel 54: my $handle = &Apache::lonnet::check_for_valid_session($r);
55: if ($handle ne '') {
1.1 albertel 56: my $lonidsdir=$r->dir_config('lonIDsDir');
1.15 albertel 57: &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
58: if ($env{'user.name'} ne 'public'
59: && $env{'user.domain'} ne 'public') {
60: return OK;
1.1 albertel 61: }
62: }
63: if ($requrl=~m|^/public/|
1.4 albertel 64: || $requrl=~m|^/adm/help/.*\.hlp$|
1.10 albertel 65: || $requrl=~m|^/adm/[^/]+/[^/]+/aboutme/portfolio$|
1.17 droeschl 66: || (&Apache::lonnet::metadata($requrl,'copyright') eq 'public')
1.22 raeburn 67: || $requrl=~m|^/adm/blockingstatus/.*$|) {
1.3 raeburn 68: &process_public($r,$requrl);
1.1 albertel 69: return OK;
1.8 albertel 70: } elsif (&Apache::lonnet::is_portfolio_url($requrl)) {
1.7 albertel 71: my (undef,$udom,$unum,$file_name,$group) =
1.8 albertel 72: &Apache::lonnet::parse_portfolio_url($requrl);
1.24 raeburn 73: my $access = &process_portfolio($r,$udom,$unum,$file_name,$group);
1.5 raeburn 74: if ($access) {
75: &process_public($r,$requrl,$access);
1.3 raeburn 76: return OK;
77: }
1.5 raeburn 78: } elsif ($requrl eq '/adm/restrictedaccess') {
79: &process_public($r,$requrl);
1.8 albertel 80: return OK;
1.12 raeburn 81: } elsif ($requrl eq '/adm/blockedaccess') {
82: &process_public($r,$requrl);
83: return OK;
1.18 droeschl 84: }
1.1 albertel 85: return DECLINED;
86: }
87:
1.3 raeburn 88: sub process_public {
1.5 raeburn 89: my ($r,$requrl,$access) = @_;
1.3 raeburn 90: &Apache::lonnet::logthis('Granting public access: '.$requrl);
91: if ($env{'user.name'} ne 'public' && $env{'user.domain'} ne 'public') {
92: my $cookie=&Apache::lonauth::success($r,'public','public','public');
93: my $lonidsdir=$r->dir_config('lonIDsDir');
94: &Apache::lonnet::transfer_profile_to_env($lonidsdir,$cookie);
1.26 raeburn 95: $r->err_header_out('Set-cookie',"lonPubID=$cookie; path=/; HttpOnly");
1.3 raeburn 96: }
97: &Apache::lonacc::get_posted_cgi($r);
98: $env{'request.state'} = "published";
99: $env{'request.publicaccess'} = 1;
100: $env{'request.filename'} = $r->filename;
101: return;
102: }
103:
104: sub process_portfolio {
1.24 raeburn 105: my ($r,$udom,$unum,$file_name,$group) = @_;
1.3 raeburn 106: my $current_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum);
107: my %access_controls = &Apache::lonnet::get_access_controls($current_perms,$group,$file_name);
1.28 ! raeburn 108: return unless (ref($access_controls{$file_name}) eq 'HASH');
1.5 raeburn 109: my $access = '';
1.3 raeburn 110: my $now = time;
1.27 raeburn 111: my $clientip = &Apache::lonnet::get_requestor_ip($r);
1.28 ! raeburn 112: my $portaccess = &Apache::lonnet::usertools_access($unum,$udom,'portaccess',undef,'tools');
1.3 raeburn 113: foreach my $key (keys(%{$access_controls{$file_name}})) {
114: my ($num,$scope,$end,$start) = ($key =~ /^([^:]+):([a-z]+)_(\d*)_?(\d*)$/);
1.28 ! raeburn 115: if (!$portaccess) {
! 116: next unless ($scope eq 'ip');
! 117: }
1.3 raeburn 118: if ($start > $now) {
119: next;
120: }
121: if ($end && $end<$now) {
122: next;
123: }
124: if ($scope eq 'public') {
1.5 raeburn 125: $access = 'public';
1.3 raeburn 126: last;
127: }
1.24 raeburn 128: if ($scope eq 'ip') {
129: if (ref($access_controls{$file_name}{$key}) eq 'HASH') {
130: if (ref($access_controls{$file_name}{$key}{'ip'}) eq 'ARRAY') {
131: if (&Apache::loncommon::check_ip_acc(join(',',@{$access_controls{$file_name}{$key}{'ip'}}),$clientip)) {
132: $access = 'ip';
133: last;
134: }
135: }
136: }
137: }
1.5 raeburn 138: if ($scope eq 'guest') {
139: $access = 'guest';
140: }
1.3 raeburn 141: }
1.5 raeburn 142: return $access;
1.3 raeburn 143: }
144:
1.1 albertel 145: 1;
146:
147: __END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>