--- loncom/interface/lonsource.pm 2014/02/11 15:49:15 1.32
+++ loncom/interface/lonsource.pm 2017/10/07 21:07:17 1.38
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Source Code handler
#
-# $Id: lonsource.pm,v 1.32 2014/02/11 15:49:15 bisitz Exp $
+# $Id: lonsource.pm,v 1.38 2017/10/07 21:07:17 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -37,6 +37,7 @@ use Apache::lonhtmlcommon();
use Apache::lonsequence();
use Apache::Constants qw(:common :http);
use Apache::lonmeta;
+use Apache::lonenc();
use Apache::File;
use Apache::lonlocal;
use HTML::Entities;
@@ -44,15 +45,17 @@ use LONCAPA qw(:DEFAULT :match);
sub make_link {
my ($filename, $listname) = @_;
- my $sourcelink = "/adm/source?inhibitmenu=yes&filename=".$filename."&listname=".$listname;
-
+ my $sourcelink = '/adm/source?inhibitmenu=yes&filename='.
+ &escape(&escape($filename)).'&listname='.
+ &escape(&escape($listname));
return $sourcelink;
}
sub stage_2 {
my ($r, $filename, $listname) = @_;
my ($author)=($filename=~/\/res\/[^\/]+\/([^\/]+)\//);
- $r->print(&Apache::loncommon::start_page('Copy Problem Source Code to Authoring Space')
+ $r->print(&Apache::loncommon::start_page('Copy Problem Source Code to Authoring Space',undef,
+ {'only_body' => 1,})
.&mt('Please enter the directory that you would like the source code to go into.')
.'
'
.&mt('Note: the path is in reference to the root of your Authoring Space,'
@@ -64,7 +67,8 @@ sub stage_2 {
- ');
+ '.
+ &Apache::loncommon::end_page());
return OK;
}
@@ -86,77 +90,65 @@ sub copy_author {
sub copy_stage {
my ($r, $filename, $listname, $newpath) = @_;
-#Figure out if we are author or co-author
- my ($role,$author_name,$domain)=©_author();
-
-# Construct path to copy and filter out any possibly nasty stuff
- my $path_to_new_file = $r->dir_config('lonDocRoot').
- "/priv/$domain/$author_name/$newpath/$listname";
- $path_to_new_file=~s/\.\.//g;
- $path_to_new_file=~s/\~//g;
- $path_to_new_file=~s/\/+/\//g;
-
-#Just checking again for access as we want to make sure that it is really ok now that we have the real path
-
- my ($uname,$udom)= &Apache::lonnet::constructaccess($path_to_new_file);
-
- if (!$uname || !$udom) {
- $r->print(&Apache::loncommon::start_page('Not Allowed'));
- $r->print(&mt('Not allowed to create file [_1]', $path_to_new_file));
- $r->print(&Apache::loncommon::end_page());
- return;
- }
+ my ($path_to_new_file,$uname,$udom) = &get_path_to_newfile($r,$newpath,$listname);
#allowed
- $r->print(&Apache::loncommon::start_page('Copying Source'));
- my $result = &Apache::loncfile::exists($uname, $udom, $path_to_new_file);
- $r->print($result);
- if(($result) && ($result =~ m|published|) ) {
- &delete_copy_file($r, $newpath, $filename, $path_to_new_file, '1');
- } elsif(($result) && ($result =~ m|exists!|)) {
- &confirm($r, $newpath, $filename, $path_to_new_file);
- } else {
- ©_file($r, $newpath, $filename, $path_to_new_file);
+ if ($path_to_new_file) {
+ $r->print(&Apache::loncommon::start_page('Copying Source',undef,{'only_body' => 1}));
+ my $result = &Apache::loncfile::exists($uname, $udom, $path_to_new_file);
+ $r->print($result);
+ if (($result) && ($result =~ /published/)) {
+ &delete_copy_file($r, $newpath, $filename, $path_to_new_file, '1');
+ } elsif (($result) && ($result =~ /exists\!/)) {
+ &confirm($r, $newpath, $filename, $listname);
+ } else {
+ ©_file($r, $newpath, $filename, $path_to_new_file);
+ }
+ $r->print(&Apache::loncommon::end_page());
}
-
- $r->print(&Apache::loncommon::end_page());
+ return;
}
sub confirm {
- my ($r, $newpath, $filename, $path_to_new_file) = @_;
+ my ($r, $newpath, $filename, $listname) = @_;
$r->print(''.&mt('Press delete to remove file and replace it with a copy of the source you are viewing.').' ');
$r->print('
');
+ return;
}
sub delete_copy_file {
my ($r, $newpath, $filename, $path_to_new_file, $type) = @_;
- if($type eq '1') {
+ if ($type eq '1') {
$r->print(''
.&mt('Cannot delete non-obsolete published file.')
.' '
.&mt('Please use the code view in previous window to use shared code.')
.' ');
- $r->print(' print('
');
+ return;
} else {
- if(-e $path_to_new_file) {
- unless(unlink($path_to_new_file)) {
+ $r->print(&Apache::loncommon::start_page('Copying Source',undef,{'only_body' => 1}));
+ if (-e $path_to_new_file) {
+ unless (unlink($path_to_new_file)) {
$r->print(''.&mt('Error:').' '.$!.'
');
return 0;
}
} else {
- $r->print(''.&mt('No such file').'
');
+ $r->print(''.&mt('No such file').'
');
return 0;
}
©_file($r, $newpath, $filename, $path_to_new_file);
+ $r->print(&Apache::loncommon::end_page());
+ return;
}
}
@@ -196,21 +188,36 @@ sub copy_file {
print $fs $file_output;
}
$r->print(" ");
- $r->print(' ');
+ $r->print('');
#Some 1.3'ish feature is to include the derivative feature, will go here..'
+ return;
}
sub print_item {
- my ($r,$filename,$listname) = @_;
- my $file_output =
- &includemeta(&Apache::lonnet::getfile($Apache::lonnet::perlvar{'lonDocRoot'}.$filename),
- $filename);
+ my ($r,$filename,$listname,$context) = @_;
+ my $file_output;
+ if ($context eq 'view') {
+ $file_output =
+ &Apache::lonnet::getfile($Apache::lonnet::perlvar{'lonDocRoot'}.$filename);
+ } else {
+ $file_output =
+ &includemeta(&Apache::lonnet::getfile($Apache::lonnet::perlvar{'lonDocRoot'}.$filename),
+ $filename);
+ }
$r->print(&Apache::loncommon::start_page('View Source Code',undef,
{'only_body' => 1}));
if ($file_output ne '') {
my $access_to_cstr;
my $lonhost = $r->dir_config('lonHostID');
- if (&Apache::lonnet::is_library($lonhost)) {
+ if ($context eq 'view') {
+ $r->print(' ');
+ } elsif (&Apache::lonnet::is_library($lonhost)) {
my @possdoms = &Apache::lonnet::current_machine_domains();
foreach my $dom (@possdoms) {
if ($env{"user.role.au./$dom/"}) {
@@ -299,35 +306,111 @@ sub includemeta {
}
}
+sub get_path_to_newfile {
+ my ($r,$newpath,$listname) = @_;
+
+ #Figure out if we are author or co-author
+ my ($role,$author_name,$domain) = ©_author();
+
+ # Construct path to copy and filter out any possibly nasty stuff
+ my $path = $r->dir_config('lonDocRoot')."/priv/$domain/$author_name/";
+ my $path_to_new_file = $path."$newpath/$listname";
+ $path_to_new_file=~s/\.\.//g;
+ $path_to_new_file=~s/\~//g;
+ $path_to_new_file=~s/\/+/\//g;
+
+ #Just checking again for access as we want to make sure that it is really ok
+ #now that we have the real path
+
+ my ($uname,$udom)= &Apache::lonnet::constructaccess($path_to_new_file);
+
+ if (!$uname || !$udom) {
+ $r->print(&Apache::loncommon::start_page('Not Allowed',undef,{'only_body' => 1}));
+ $r->print(&mt('Not allowed to create file [_1]', $path_to_new_file));
+ $r->print(&Apache::loncommon::end_page());
+ if (wantarray) {
+ return();
+ } else {
+ return;
+ }
+ }
+ if (wantarray) {
+ return ($path_to_new_file,$uname,$udom);
+ } else {
+ return $path_to_new_file;
+ }
+}
+
sub handler {
my $r=shift;
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
- ['filename','listname']);
+ ['filename','listname','viewonly']);
my $filename = $env{'form.filename'};
+ my $shownfilename = $filename;
+ $shownfilename =~ s/(`)/'/g;
+ $shownfilename =~ s/\$/\(\$\)/g;
my $listname = $env{'form.listname'};
- my $source = &Apache::lonnet::metadata($filename,'sourceavail');
- if ($source ne 'open') {
- $env{'user.error.msg'}="$filename:cre:1:1:Source code not available";
+ my $viewonly = $env{'form.viewonly'};
+
+ if ($viewonly) {
+ my $canview;
+ $filename =~ s/\.\.//g;
+ $filename =~ s/\~//g;
+ $filename =~ s/\/+/\//g;
+ if (($env{'request.course.id'}) && (&Apache::lonnet::is_on_map($filename))) {
+ if ((&Apache::lonnet::metadata(&Apache::lonenc::check_decrypt($filename)) eq 'open') &&
+ (&Apache::lonnet::allowed('cre','/'))) {
+ $canview = 1;
+ } elsif (&Apache::lonnet::allowed('vxc',$env{'request.course.id'})) {
+ my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ &Apache::lonenc::check_decrypt(\$filename);
+ if (($env{'request.role.domain'} eq $cdom) && ($filename =~ /$LONCAPA::assess_re/)) {
+ my ($auname) = ($filename =~ m{^\Q/res/$cdom/\E($match_username)/});
+ if (($auname ne '') && ($env{'request.course.adhocsrcaccess'} ne '') &&
+ (grep(/^\Q$auname\E$/,split(/,/,$env{'request.course.adhocsrcaccess'})))) {
+ $canview = 1;
+ } elsif ((&Apache::lonnet::metadata($filename) eq 'open') &&
+ ($filename =~ m{^\Q/res/$cdom/}) &&
+ (&Apache::lonnet::allowed('bre','/'))) {
+ $canview = 1;
+ }
+ }
+ }
+ }
+ unless ($canview) {
+ $env{'user.error.msg'}="$shownfilename:cre:1:1:Source code not available";
+ return HTTP_NOT_ACCEPTABLE;
+ }
+ } elsif (&Apache::lonnet::metadata($filename,'sourceavail') ne 'open') {
+ $env{'user.error.msg'}="$shownfilename:cre:1:1:Source code not available";
return HTTP_NOT_ACCEPTABLE;
}
unless (&Apache::lonnet::allowed('bre',$filename)) {
- $env{'user.error.msg'}="$filename:bre:1:1:Access to resource denied";
+ $env{'user.error.msg'}="$shownfilename:bre:1:1:Access to resource denied";
return HTTP_NOT_ACCEPTABLE;
}
- unless (&Apache::lonnet::allowed('cre','/')) {
- $env{'user.error.msg'}="$filename:cre:1:1:Access to source code denied";
- return HTTP_NOT_ACCEPTABLE;
+ unless ($viewonly) {
+ unless (&Apache::lonnet::allowed('cre','/')) {
+ $env{'user.error.msg'}="$shownfilename:cre:1:1:Access to source code denied";
+ return HTTP_NOT_ACCEPTABLE;
+ }
}
+ my $newpath = $env{'form.newpath'};
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
- if ($env{'form.action'} eq 'stage2') {
+ if ($viewonly) {
+ &print_item($r,$filename,$listname,'view');
+ } elsif ($env{'form.action'} eq 'stage2') {
&stage_2($r,$filename,$listname);
} elsif($env{'form.action'} eq 'copy_stage') {
- ©_stage($r,$filename,$listname,$env{'form.newpath'});
+ ©_stage($r,$filename,$listname,$newpath);
} elsif($env{'form.action'} eq 'delete_confirm') {
- &delete_copy_file($r,$env{'form.newpath'},$filename, $env{'form.path'}, '0');
+ my $path_to_new_file = &get_path_to_newfile($r,$newpath,$listname);
+ if ($path_to_new_file) {
+ &delete_copy_file($r, $newpath, $filename, $path_to_new_file, '0');
+ }
} else {
&print_item($r,$filename,$listname);
}