--- loncom/homework/daxesave.pm 2015/12/10 16:26:43 1.2
+++ loncom/homework/daxesave.pm 2016/02/17 00:05:14 1.3
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Convert and save a problem from Daxe.
#
-# $Id: daxesave.pm,v 1.2 2015/12/10 16:26:43 damieng Exp $
+# $Id: daxesave.pm,v 1.3 2016/02/17 00:05:14 damieng Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -43,17 +43,31 @@ sub handler {
$request->content_type('text/plain');
- my $path = $env{'form.path'}; # should be in the form "/daxeopen/priv/..."
+ # path should be in the form "/daxeopen/priv/..."
+ # or ^/daxeopen/uploaded/[^/]+/[^/]+/supplemental/.*html?$
+ my $path = $env{'form.path'};
$path =~ s/^\/daxeopen//;
- my $allowed;
- my ($ownername,$ownerdom,$ownerhome) =
- &Apache::lonnet::constructaccess($path, 'setpriv');
- if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) {
- unless ($ownerhome eq 'no_host') {
- my @hosts = &Apache::lonnet::current_machine_ids();
- if (grep(/^\Q$ownerhome\E$/,@hosts)) {
- $allowed = 1;
+ my $allowed = 0;
+ if ($path =~ /^\/priv/) {
+ my ($ownername,$ownerdom,$ownerhome) =
+ &Apache::lonnet::constructaccess($path, 'setpriv');
+ if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) {
+ unless ($ownerhome eq 'no_host') {
+ my @hosts = &Apache::lonnet::current_machine_ids();
+ if (grep(/^\Q$ownerhome\E$/,@hosts)) {
+ $allowed = 1;
+ }
+ }
+ }
+ } elsif ($path =~ m|^/uploaded/[^/]+/[^/]+/supplemental/|) {
+ if ($env{'user.name'} ne '' && $env{'user.domain'} ne '' && $env{'request.course.id'}) {
+ $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+ if ($path =~ m|^/uploaded/\Q$cdom\E/\Q$cnum\E/supplemental/| && $path !~ /\.\./) {
+ if (&Apache::lonnet::allowed('mdc', $env{'request.course.id'})) {
+ $allowed = 1;
+ }
}
}
}