File:
[LON-CAPA] /
loncom /
auth /
publiccheck.pm
Revision
1.29:
download - view:
text,
annotated -
select for diffs
Thu Dec 28 18:14:08 2023 UTC (11 months, 4 weeks ago) by
raeburn
Branches:
MAIN
CVS tags:
version_2_12_X,
HEAD
- Internal name for conditional portfolio sharing for specific IP addresses
ranges when set by a user is now userip, to distinguish from those set
for externalresponse (inrenal name: ip).
- Portfolio shareability setting in domain defaults (by affiliation), with
possible override for an individual user will apply to portfolio file
requests to a LON-CAPA node running 2.11, when the file owner's homeserver
is 2.12 (or later).
# The LearningOnline Network
# Cookie Based Access Handler
#
# $Id: publiccheck.pm,v 1.29 2023/12/28 18:14:08 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#
###
package Apache::publiccheck;
use strict;
use Apache::Constants qw(:common :http :methods);
use Apache::lonnet;
use Apache::loncommon();
use Apache::lonlocal;
use Fcntl qw(:flock);
use Apache::lonacc();
use LONCAPA();
sub handler {
my $r = shift;
my $requrl=$r->uri;
if (&Apache::lonnet::is_domainimage($requrl)) {
return OK;
}
if ($requrl =~ m{^/res/adm/pages/[^/]+\.(gif|png)$}) {
return OK;
}
my $handle = &Apache::lonnet::check_for_valid_session($r);
if ($handle ne '') {
my $lonidsdir=$r->dir_config('lonIDsDir');
&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
if ($env{'user.name'} ne 'public'
&& $env{'user.domain'} ne 'public') {
return OK;
}
}
if ($requrl=~m|^/public/|
|| $requrl=~m|^/adm/help/.*\.hlp$|
|| $requrl=~m|^/adm/[^/]+/[^/]+/aboutme/portfolio$|
|| (&Apache::lonnet::metadata($requrl,'copyright') eq 'public')
|| $requrl=~m|^/adm/blockingstatus/.*$|) {
&process_public($r,$requrl);
return OK;
} elsif (&Apache::lonnet::is_portfolio_url($requrl)) {
my (undef,$udom,$unum,$file_name,$group) =
&Apache::lonnet::parse_portfolio_url($requrl);
my $access = &process_portfolio($r,$udom,$unum,$file_name,$group);
if ($access) {
&process_public($r,$requrl,$access);
return OK;
}
} elsif ($requrl eq '/adm/restrictedaccess') {
&process_public($r,$requrl);
return OK;
} elsif ($requrl eq '/adm/blockedaccess') {
&process_public($r,$requrl);
return OK;
}
return DECLINED;
}
sub process_public {
my ($r,$requrl,$access) = @_;
&Apache::lonnet::logthis('Granting public access: '.$requrl);
if ($env{'user.name'} ne 'public' && $env{'user.domain'} ne 'public') {
my $cookie=&Apache::lonauth::success($r,'public','public','public');
my $lonidsdir=$r->dir_config('lonIDsDir');
&Apache::lonnet::transfer_profile_to_env($lonidsdir,$cookie);
$r->err_header_out('Set-cookie',"lonPubID=$cookie; path=/; HttpOnly");
}
&Apache::lonacc::get_posted_cgi($r);
$env{'request.state'} = "published";
$env{'request.publicaccess'} = 1;
$env{'request.filename'} = $r->filename;
return;
}
sub process_portfolio {
my ($r,$udom,$unum,$file_name,$group) = @_;
my $current_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum);
my %access_controls = &Apache::lonnet::get_access_controls($current_perms,$group,$file_name);
return unless (ref($access_controls{$file_name}) eq 'HASH');
my $access = '';
my $now = time;
my $clientip = &Apache::lonnet::get_requestor_ip($r);
my $portaccess = &Apache::lonnet::usertools_access($unum,$udom,'portaccess',undef,'tools');
foreach my $key (keys(%{$access_controls{$file_name}})) {
my ($num,$scope,$end,$start) = ($key =~ /^([^:]+):([a-z]+)_(\d*)_?(\d*)$/);
if (!$portaccess) {
next unless ($scope eq 'ip');
}
if ($start > $now) {
next;
}
if ($end && $end<$now) {
next;
}
if ($scope eq 'public') {
$access = 'public';
last;
}
if (($scope eq 'ip') || ($scope eq 'userip')) {
if (ref($access_controls{$file_name}{$key}) eq 'HASH') {
if (ref($access_controls{$file_name}{$key}{'ip'}) eq 'ARRAY') {
if (&Apache::loncommon::check_ip_acc(join(',',@{$access_controls{$file_name}{$key}{'ip'}}),$clientip)) {
$access = 'ip';
last;
}
}
}
}
if ($scope eq 'guest') {
$access = 'guest';
}
}
return $access;
}
1;
__END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>