--- loncom/interface/lonsource.pm 2017/09/18 16:58:08 1.36
+++ loncom/interface/lonsource.pm 2017/09/29 19:18:10 1.37
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Source Code handler
#
-# $Id: lonsource.pm,v 1.36 2017/09/18 16:58:08 raeburn Exp $
+# $Id: lonsource.pm,v 1.37 2017/09/29 19:18:10 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -37,6 +37,7 @@ use Apache::lonhtmlcommon();
use Apache::lonsequence();
use Apache::Constants qw(:common :http);
use Apache::lonmeta;
+use Apache::lonenc();
use Apache::File;
use Apache::lonlocal;
use HTML::Entities;
@@ -196,16 +197,27 @@ sub copy_file {
}
sub print_item {
- my ($r,$filename,$listname) = @_;
- my $file_output =
- &includemeta(&Apache::lonnet::getfile($Apache::lonnet::perlvar{'lonDocRoot'}.$filename),
- $filename);
+ my ($r,$filename,$listname,$context) = @_;
+ my $file_output;
+ if ($context eq 'view') {
+ $file_output =
+ &Apache::lonnet::getfile($Apache::lonnet::perlvar{'lonDocRoot'}.$filename);
+ } else {
+ $file_output =
+ &includemeta(&Apache::lonnet::getfile($Apache::lonnet::perlvar{'lonDocRoot'}.$filename),
+ $filename);
+ }
$r->print(&Apache::loncommon::start_page('View Source Code',undef,
{'only_body' => 1}));
if ($file_output ne '') {
my $access_to_cstr;
my $lonhost = $r->dir_config('lonHostID');
- if (&Apache::lonnet::is_library($lonhost)) {
+ if ($context eq 'view') {
+ $r->print('
');
+ } elsif (&Apache::lonnet::is_library($lonhost)) {
my @possdoms = &Apache::lonnet::current_machine_domains();
foreach my $dom (@possdoms) {
if ($env{"user.role.au./$dom/"}) {
@@ -332,29 +344,61 @@ sub get_path_to_newfile {
sub handler {
my $r=shift;
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
- ['filename','listname']);
+ ['filename','listname','viewonly']);
my $filename = $env{'form.filename'};
+ my $shownfilename = $filename;
+ $shownfilename =~ s/(`)/'/g;
+ $shownfilename =~ s/\$/\(\$\)/g;
my $listname = $env{'form.listname'};
+ my $viewonly = $env{'form.viewonly'};
- my $source = &Apache::lonnet::metadata($filename,'sourceavail');
- if ($source ne 'open') {
- $env{'user.error.msg'}="$filename:cre:1:1:Source code not available";
+ if ($viewonly) {
+ my $canview;
+ $filename =~ s/\.\.//g;
+ $filename =~ s/\~//g;
+ $filename =~ s/\/+/\//g;
+ if (($env{'request.course.id'}) && (&Apache::lonnet::is_on_map($filename))) {
+ if ((&Apache::lonnet::metadata(&Apache::lonenc::check_decrypt($filename)) eq 'open') &&
+ (&Apache::lonnet::allowed('cre','/'))) {
+ $canview = 1;
+ } elsif (&Apache::lonnet::allowed('vxc',$env{'request.course.id'})) {
+ my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ &Apache::lonenc::check_decrypt(\$filename);
+ if (($env{'request.role.domain'} eq $cdom) && ($filename =~ /$LONCAPA::assess_re/)) {
+ my ($auname) = ($filename =~ m{^\Q/res/$cdom/\E($match_username)/});
+ if (($env{'request.course.adhocsrcaccess'} ne '') &&
+ (grep(/^\Q$auname\E$/,split(/,/,$env{'request.course.adhocsrcaccess'})))) {
+ $canview = 1;
+ }
+ }
+ }
+ }
+ unless ($canview) {
+ $env{'user.error.msg'}="$shownfilename:cre:1:1:Source code not available";
+ return HTTP_NOT_ACCEPTABLE;
+ }
+ } elsif (&Apache::lonnet::metadata($filename,'sourceavail') ne 'open') {
+ $env{'user.error.msg'}="$shownfilename:cre:1:1:Source code not available";
return HTTP_NOT_ACCEPTABLE;
}
unless (&Apache::lonnet::allowed('bre',$filename)) {
- $env{'user.error.msg'}="$filename:bre:1:1:Access to resource denied";
+ $env{'user.error.msg'}="$shownfilename:bre:1:1:Access to resource denied";
return HTTP_NOT_ACCEPTABLE;
}
- unless (&Apache::lonnet::allowed('cre','/')) {
- $env{'user.error.msg'}="$filename:cre:1:1:Access to source code denied";
- return HTTP_NOT_ACCEPTABLE;
+ unless ($viewonly) {
+ unless (&Apache::lonnet::allowed('cre','/')) {
+ $env{'user.error.msg'}="$shownfilename:cre:1:1:Access to source code denied";
+ return HTTP_NOT_ACCEPTABLE;
+ }
}
my $newpath = $env{'form.newpath'};
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
- if ($env{'form.action'} eq 'stage2') {
+ if ($viewonly) {
+ &print_item($r,$filename,$listname,'view');
+ } elsif ($env{'form.action'} eq 'stage2') {
&stage_2($r,$filename,$listname);
} elsif($env{'form.action'} eq 'copy_stage') {
©_stage($r,$filename,$listname,$newpath);