version 1.39, 2020/02/03 19:02:18
|
version 1.40, 2020/02/17 23:04:18
|
Line 354 sub handler {
|
Line 354 sub handler {
|
|
|
if ($viewonly) { |
if ($viewonly) { |
my $canview; |
my $canview; |
$filename =~ s/\.\.//g; |
if ((&Apache::lonnet::metadata($filename,'sourceavail') eq 'open') && |
$filename =~ s/\~//g; |
(&Apache::lonnet::allowed('cre','/'))) { |
$filename =~ s/\/+/\//g; |
$canview = 1; |
if (($env{'request.course.id'}) && (&Apache::lonnet::is_on_map($filename))) { |
} elsif (($env{'request.course.id'}) && (&Apache::lonnet::is_on_map($filename))) { |
if ((&Apache::lonnet::metadata(&Apache::lonenc::check_decrypt($filename),'sourceavail') eq 'open') && |
my $crs_sec = $env{'request.course.id'} . (($env{'request.course.sec'} ne '') |
(&Apache::lonnet::allowed('cre','/'))) { |
? "/$env{'request.course.sec'}" |
$canview = 1; |
: ''); |
} elsif (&Apache::lonnet::allowed('vxc',$env{'request.course.id'})) { |
if (&Apache::lonnet::allowed('vxc',$crs_sec)) { |
my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; |
my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; |
&Apache::lonenc::check_decrypt(\$filename); |
&Apache::lonenc::check_decrypt(\$filename); |
if (($env{'request.role.domain'} eq $cdom) && ($filename =~ /$LONCAPA::assess_re/)) { |
if (($env{'request.role.domain'} eq $cdom) && ($filename =~ /$LONCAPA::assess_re/)) { |
Line 371 sub handler {
|
Line 371 sub handler {
|
$canview = 1; |
$canview = 1; |
} elsif ((&Apache::lonnet::metadata($filename,'sourceavail') eq 'open') && |
} elsif ((&Apache::lonnet::metadata($filename,'sourceavail') eq 'open') && |
($filename =~ m{^\Q/res/$cdom/}) && |
($filename =~ m{^\Q/res/$cdom/}) && |
(&Apache::lonnet::allowed('bre','/'))) { |
(&Apache::lonnet::allowed('bre',$crs_sec))) { |
$canview = 1; |
$canview = 1; |
} |
} |
} |
} |
Line 389 sub handler {
|
Line 389 sub handler {
|
$env{'user.error.msg'}="$shownfilename:bre:1:1:Access to resource denied"; |
$env{'user.error.msg'}="$shownfilename:bre:1:1:Access to resource denied"; |
return HTTP_NOT_ACCEPTABLE; |
return HTTP_NOT_ACCEPTABLE; |
} |
} |
unless ($viewonly) { |
unless (($viewonly) || (&Apache::lonnet::allowed('cre','/'))) { |
unless (&Apache::lonnet::allowed('cre','/')) { |
$env{'user.error.msg'}="$shownfilename:cre:1:1:Access to source code denied"; |
$env{'user.error.msg'}="$shownfilename:cre:1:1:Access to source code denied"; |
return HTTP_NOT_ACCEPTABLE; |
return HTTP_NOT_ACCEPTABLE; |
|
} |
|
} |
} |
my $newpath = $env{'form.newpath'}; |
my $newpath = $env{'form.newpath'}; |
|
|