|
version 1.49, 2000/10/25 20:52:31
|
version 1.75, 2000/12/02 12:41:48
|
|
Line 24
|
Line 24
|
| # revokerole (udom,uname,url,role) : Revoke a role for url |
# revokerole (udom,uname,url,role) : Revoke a role for url |
| # revokecustomrole (udom,uname,url,rdom,rnam,rolename) : Revoke a custom role |
# revokecustomrole (udom,uname,url,rdom,rnam,rolename) : Revoke a custom role |
| # appenv(hash) : adds hash to session environment |
# appenv(hash) : adds hash to session environment |
| |
# delenv(varname) : deletes all environment entries starting with varname |
| # store(hash) : stores hash permanently for this url |
# store(hash) : stores hash permanently for this url |
| # cstore(hash) : critical store |
# cstore(hash) : critical store |
| # restore : returns hash for this url |
# restore : returns hash for this url |
|
Line 41
|
Line 42
|
| # directcondval(index) : reading condition value of single condition from |
# directcondval(index) : reading condition value of single condition from |
| # state string |
# state string |
| # condval(index) : value of condition index based on state |
# condval(index) : value of condition index based on state |
| # varval(name) : value of a variable |
# EXT(name) : value of a variable |
| # refreshstate() : refresh the state information string |
|
| # symblist(map,hash) : Updates symbolic storage links |
# symblist(map,hash) : Updates symbolic storage links |
| # symbread([filename]) : returns the data handle (filename optional) |
# symbread([filename]) : returns the data handle (filename optional) |
| # rndseed() : returns a random seed |
# rndseed() : returns a random seed |
|
Line 52
|
Line 52
|
| # from the directory dir |
# from the directory dir |
| # hreflocation(dir,file) : same as filelocation, but for hrefs |
# hreflocation(dir,file) : same as filelocation, but for hrefs |
| # log(domain,user,home,msg) : write to permanent log for user |
# log(domain,user,home,msg) : write to permanent log for user |
| |
# usection(domain,user,courseid) : output of section name/number or '' for |
| |
# "not in course" and '-1' for "no section" |
| |
# userenvironment(domain,user,what) : puts out any environment parameter |
| |
# for a user |
| |
# idput(domain,hash) : writes IDs for users from hash (name=>id,name=>id) |
| |
# idget(domain,array): returns hash with usernames (id=>name,id=>name) for |
| |
# an array of IDs |
| |
# idrget(domain,array): returns hash with IDs for usernames (name=>id,...) for |
| |
# an array of names |
| |
# metadata(file,entry): returns the metadata entry for a file. entry='keys' |
| |
# returns a comma separated list of keys |
| # |
# |
| # 6/1/99,6/2,6/10,6/11,6/12,6/14,6/26,6/28,6/29,6/30, |
# 6/1/99,6/2,6/10,6/11,6/12,6/14,6/26,6/28,6/29,6/30, |
| # 7/1,7/2,7/9,7/10,7/12,7/14,7/15,7/19, |
# 7/1,7/2,7/9,7/10,7/12,7/14,7/15,7/19, |
|
Line 66
|
Line 77
|
| # 08/22,08/28,08/31,09/01,09/02,09/04,09/05,09/25,09/28,09/30 Gerd Kortemeyer |
# 08/22,08/28,08/31,09/01,09/02,09/04,09/05,09/25,09/28,09/30 Gerd Kortemeyer |
| # 10/04 Gerd Kortemeyer |
# 10/04 Gerd Kortemeyer |
| # 10/04 Guy Albertelli |
# 10/04 Guy Albertelli |
| # 10/06,10/09,10/10,10/11,10/14,10/20,10/23,10/25 Gerd Kortemeyer |
# 10/06,10/09,10/10,10/11,10/14,10/20,10/23,10/25,10/26,10/27,10/28,10/29, |
| |
# 10/30,10/31, |
| |
# 11/2,11/14,11/15,11/16,11/20,11/21,11/22,11/25,11/27, |
| |
# 12/02 Gerd Kortemeyer |
| |
|
| package Apache::lonnet; |
package Apache::lonnet; |
| |
|
|
Line 75 use Apache::File;
|
Line 89 use Apache::File;
|
| use LWP::UserAgent(); |
use LWP::UserAgent(); |
| use HTTP::Headers; |
use HTTP::Headers; |
| use vars |
use vars |
| qw(%perlvar %hostname %homecache %spareid %hostdom %libserv %pr %prp %fe %fd $readit); |
qw(%perlvar %hostname %homecache %spareid %hostdom %libserv %pr %prp %fe %fd $readit %metacache); |
| use IO::Socket; |
use IO::Socket; |
| use GDBM_File; |
use GDBM_File; |
| use Apache::Constants qw(:common :http); |
use Apache::Constants qw(:common :http); |
| |
use HTML::TokeParser; |
| |
|
| # --------------------------------------------------------------------- Logging |
# --------------------------------------------------------------------- Logging |
| |
|
|
Line 121 sub reply {
|
Line 136 sub reply {
|
| my ($cmd,$server)=@_; |
my ($cmd,$server)=@_; |
| my $answer=subreply($cmd,$server); |
my $answer=subreply($cmd,$server); |
| if ($answer eq 'con_lost') { $answer=subreply($cmd,$server); } |
if ($answer eq 'con_lost') { $answer=subreply($cmd,$server); } |
| if (($answer=~/^error:/) || ($answer=~/^refused/) || |
if (($answer=~/^refused/) || ($answer=~/^rejected/)) { |
| ($answer=~/^rejected/)) { |
|
| &logthis("<font color=blue>WARNING:". |
&logthis("<font color=blue>WARNING:". |
| " $cmd to $server returned $answer</font>"); |
" $cmd to $server returned $answer</font>"); |
| } |
} |
|
Line 249 sub appenv {
|
Line 263 sub appenv {
|
| } |
} |
| return 'ok'; |
return 'ok'; |
| } |
} |
| |
# ----------------------------------------------------- Delete from Environment |
| |
|
| |
sub delenv { |
| |
my $delthis=shift; |
| |
my %newenv=(); |
| |
if (($delthis=~/user\.role/) || ($delthis=~/user\.priv/)) { |
| |
&logthis("<font color=blue>WARNING: ". |
| |
"Attempt to delete from environment ".$delthis); |
| |
return 'error'; |
| |
} |
| |
my @oldenv; |
| |
{ |
| |
my $fh; |
| |
unless ($fh=Apache::File->new("$ENV{'user.environment'}")) { |
| |
return 'error'; |
| |
} |
| |
@oldenv=<$fh>; |
| |
} |
| |
{ |
| |
my $fh; |
| |
unless ($fh=Apache::File->new(">$ENV{'user.environment'}")) { |
| |
return 'error'; |
| |
} |
| |
map { |
| |
unless ($_=~/^$delthis/) { print $fh $_; } |
| |
} @oldenv; |
| |
} |
| |
return 'ok'; |
| |
} |
| |
|
| # ------------------------------ Find server with least workload from spare.tab |
# ------------------------------ Find server with least workload from spare.tab |
| |
|
|
Line 327 sub homeserver {
|
Line 370 sub homeserver {
|
| return 'no_host'; |
return 'no_host'; |
| } |
} |
| |
|
| |
# ------------------------------------- Find the usernames behind a list of IDs |
| |
|
| |
sub idget { |
| |
my ($udom,@ids)=@_; |
| |
my %returnhash=(); |
| |
|
| |
my $tryserver; |
| |
foreach $tryserver (keys %libserv) { |
| |
if ($hostdom{$tryserver} eq $udom) { |
| |
my $idlist=join('&',@ids); |
| |
$idlist=~tr/A-Z/a-z/; |
| |
my $reply=&reply("idget:$udom:".$idlist,$tryserver); |
| |
my @answer=(); |
| |
if ($reply ne 'con_lost') { |
| |
@answer=split(/\&/,$reply); |
| |
} ; |
| |
my $i; |
| |
for ($i=0;$i<=$#ids;$i++) { |
| |
if ($answer[$i]) { |
| |
$returnhash{$ids[$i]}=$answer[$i]; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
return %returnhash; |
| |
} |
| |
|
| |
# ------------------------------------- Find the IDs behind a list of usernames |
| |
|
| |
sub idrget { |
| |
my ($udom,@unames)=@_; |
| |
my %returnhash=(); |
| |
map { |
| |
$returnhash{$_}=(&userenvironment($udom,$_,'id'))[1]; |
| |
} @unames; |
| |
return %returnhash; |
| |
} |
| |
|
| |
# ------------------------------- Store away a list of names and associated IDs |
| |
|
| |
sub idput { |
| |
my ($udom,%ids)=@_; |
| |
my %servers=(); |
| |
map { |
| |
my $uhom=&homeserver($_,$udom); |
| |
if ($uhom ne 'no_host') { |
| |
my $id=&escape($ids{$_}); |
| |
$id=~tr/A-Z/a-z/; |
| |
my $unam=&escape($_); |
| |
if ($servers{$uhom}) { |
| |
$servers{$uhom}.='&'.$id.'='.$unam; |
| |
} else { |
| |
$servers{$uhom}=$id.'='.$unam; |
| |
} |
| |
&critical('put:'.$udom.':'.$unam.':environment:id='.$id,$uhom); |
| |
} |
| |
} keys %ids; |
| |
map { |
| |
&critical('idput:'.$udom.':'.$servers{$_},$_); |
| |
} keys %servers; |
| |
} |
| |
|
| |
# ------------------------------------- Find the section of student in a course |
| |
|
| |
sub usection { |
| |
my ($udom,$unam,$courseid)=@_; |
| |
$courseid=~s/\_/\//g; |
| |
$courseid=~s/^(\w)/\/$1/; |
| |
map { |
| |
my ($key,$value)=split(/\=/,$_); |
| |
$key=&unescape($key); |
| |
if ($key=~/^$courseid(?:\/)*(\w+)*\_st$/) { |
| |
my $section=$1; |
| |
if ($key eq $courseid.'_st') { $section=''; } |
| |
my ($dummy,$end,$start)=split(/\_/,&unescape($value)); |
| |
my $now=time; |
| |
my $notactive=0; |
| |
if ($start) { |
| |
if ($now<$start) { $notactive=1; } |
| |
} |
| |
if ($end) { |
| |
if ($now>$end) { $notactive=1; } |
| |
} |
| |
unless ($notactive) { return $section; } |
| |
} |
| |
} split(/\&/,&reply('dump:'.$udom.':'.$unam.':roles', |
| |
&homeserver($unam,$udom))); |
| |
return '-1'; |
| |
} |
| |
|
| |
# ------------------------------------- Read an entry from a user's environment |
| |
|
| |
sub userenvironment { |
| |
my ($udom,$unam,@what)=@_; |
| |
my %returnhash=(); |
| |
my @answer=split(/\&/, |
| |
&reply('get:'.$udom.':'.$unam.':environment:'.join('&',@what), |
| |
&homeserver($unam,$udom))); |
| |
my $i; |
| |
for ($i=0;$i<=$#what;$i++) { |
| |
$returnhash{$what[$i]}=&unescape($answer[$i]); |
| |
} |
| |
return %returnhash; |
| |
} |
| |
|
| # ----------------------------- Subscribe to a resource, return URL if possible |
# ----------------------------- Subscribe to a resource, return URL if possible |
| |
|
| sub subscribe { |
sub subscribe { |
|
Line 339 sub subscribe {
|
Line 487 sub subscribe {
|
| return 'not_found'; |
return 'not_found'; |
| } |
} |
| my $answer=reply("sub:$fname",$home); |
my $answer=reply("sub:$fname",$home); |
| |
if (($answer eq 'con_lost') || ($answer eq 'rejected')) { |
| |
$answer.=' by '.$home; |
| |
} |
| return $answer; |
return $answer; |
| } |
} |
| |
|
|
Line 350 sub repcopy {
|
Line 501 sub repcopy {
|
| my $transname="$filename.in.transfer"; |
my $transname="$filename.in.transfer"; |
| if ((-e $filename) || (-e $transname)) { return OK; } |
if ((-e $filename) || (-e $transname)) { return OK; } |
| my $remoteurl=subscribe($filename); |
my $remoteurl=subscribe($filename); |
| if ($remoteurl eq 'con_lost') { |
if ($remoteurl =~ /^con_lost by/) { |
| &logthis("Subscribe returned con_lost: $filename"); |
&logthis("Subscribe returned $remoteurl: $filename"); |
| return HTTP_SERVICE_UNAVAILABLE; |
return HTTP_SERVICE_UNAVAILABLE; |
| } elsif ($remoteurl eq 'not_found') { |
} elsif ($remoteurl eq 'not_found') { |
| &logthis("Subscribe returned not_found: $filename"); |
&logthis("Subscribe returned not_found: $filename"); |
| return HTTP_NOT_FOUND; |
return HTTP_NOT_FOUND; |
| } elsif ($remoteurl eq 'rejected') { |
} elsif ($remoteurl =~ /^rejected by/) { |
| &logthis("Subscribe returned rejected: $filename"); |
&logthis("Subscribe returned $remoteurl: $filename"); |
| return FORBIDDEN; |
return FORBIDDEN; |
| } elsif ($remoteurl eq 'directory') { |
} elsif ($remoteurl eq 'directory') { |
| return OK; |
return OK; |
|
Line 481 sub restore {
|
Line 632 sub restore {
|
| my ($name,$value)=split(/\=/,$_); |
my ($name,$value)=split(/\=/,$_); |
| $returnhash{&unescape($name)}=&unescape($value); |
$returnhash{&unescape($name)}=&unescape($value); |
| } split(/\&/,$answer); |
} split(/\&/,$answer); |
| map { |
my $version; |
| $returnhash{$_}=$returnhash{$returnhash{'version'}.':'.$_}; |
for ($version=1;$version<=$returnhash{'version'};$version++) { |
| } split(/\:/,$returnhash{$returnhash{'version'}.':keys'}); |
map { |
| |
$returnhash{$_}=$returnhash{$version.':'.$_}; |
| |
} split(/\:/,$returnhash{$version.':keys'}); |
| |
} |
| return %returnhash; |
return %returnhash; |
| } |
} |
| |
|
|
Line 498 sub coursedescription {
|
Line 652 sub coursedescription {
|
| if ($chome ne 'no_host') { |
if ($chome ne 'no_host') { |
| my $rep=reply("dump:$cdomain:$cnum:environment",$chome); |
my $rep=reply("dump:$cdomain:$cnum:environment",$chome); |
| if ($rep ne 'con_lost') { |
if ($rep ne 'con_lost') { |
| my %cachehash=(); |
my $normalid=$courseid; |
| |
$normalid=~s/\//\_/g; |
| |
my %envhash=(); |
| my %returnhash=('home' => $chome, |
my %returnhash=('home' => $chome, |
| 'domain' => $cdomain, |
'domain' => $cdomain, |
| 'num' => $cnum); |
'num' => $cnum); |
|
Line 507 sub coursedescription {
|
Line 663 sub coursedescription {
|
| $name=&unescape($name); |
$name=&unescape($name); |
| $value=&unescape($value); |
$value=&unescape($value); |
| $returnhash{$name}=$value; |
$returnhash{$name}=$value; |
| if ($name eq 'description') { |
$envhash{'course.'.$normalid.'.'.$name}=$value; |
| $cachehash{$courseid}=$value; |
|
| } |
|
| } split(/\&/,$rep); |
} split(/\&/,$rep); |
| $returnhash{'url'}='/res/'.declutter($returnhash{'url'}); |
$returnhash{'url'}='/res/'.declutter($returnhash{'url'}); |
| $returnhash{'fn'}=$perlvar{'lonDaemons'}.'/tmp/'. |
$returnhash{'fn'}=$perlvar{'lonDaemons'}.'/tmp/'. |
| $ENV{'user.name'}.'_'.$cdomain.'_'.$cnum; |
$ENV{'user.name'}.'_'.$cdomain.'_'.$cnum; |
| put ('coursedescriptions',%cachehash); |
$envhash{'course.'.$normalid.'.last_cache'}=time; |
| |
$envhash{'course.'.$normalid.'.home'}=$chome; |
| |
$envhash{'course.'.$normalid.'.domain'}=$cdomain; |
| |
$envhash{'course.'.$normalid.'.num'}=$cnum; |
| |
&appenv(%envhash); |
| return %returnhash; |
return %returnhash; |
| } |
} |
| } |
} |
|
Line 552 sub rolesinit {
|
Line 710 sub rolesinit {
|
| } |
} |
| } |
} |
| if (($area ne '') && ($trole ne '')) { |
if (($area ne '') && ($trole ne '')) { |
| |
my $spec=$trole.'.'.$area; |
| my ($tdummy,$tdomain,$trest)=split(/\//,$area); |
my ($tdummy,$tdomain,$trest)=split(/\//,$area); |
| if ($trole =~ /^cr\//) { |
if ($trole =~ /^cr\//) { |
| my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole); |
my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole); |
|
Line 563 sub rolesinit {
|
Line 722 sub rolesinit {
|
| if (($roledef ne 'con_lost') && ($roledef ne '')) { |
if (($roledef ne 'con_lost') && ($roledef ne '')) { |
| my ($syspriv,$dompriv,$coursepriv)= |
my ($syspriv,$dompriv,$coursepriv)= |
| split(/\_/,unescape($roledef)); |
split(/\_/,unescape($roledef)); |
| $allroles{'/'}.=':'.$syspriv; |
$allroles{'cm./'}.=':'.$syspriv; |
| |
$allroles{$spec.'./'}.=':'.$syspriv; |
| if ($tdomain ne '') { |
if ($tdomain ne '') { |
| $allroles{'/'.$tdomain.'/'}.=':'.$dompriv; |
$allroles{'cm./'.$tdomain.'/'}.=':'.$dompriv; |
| |
$allroles{$spec.'./'.$tdomain.'/'}.=':'.$dompriv; |
| if ($trest ne '') { |
if ($trest ne '') { |
| $allroles{$area}.=':'.$coursepriv; |
$allroles{'cm.'.$area}.=':'.$coursepriv; |
| |
$allroles{$spec.'.'.$area}.=':'.$coursepriv; |
| } |
} |
| } |
} |
| } |
} |
| } |
} |
| } else { |
} else { |
| $allroles{'/'}.=':'.$pr{$trole.':s'}; |
$allroles{'cm./'}.=':'.$pr{$trole.':s'}; |
| |
$allroles{$spec.'./'}.=':'.$pr{$trole.':s'}; |
| if ($tdomain ne '') { |
if ($tdomain ne '') { |
| $allroles{'/'.$tdomain.'/'}.=':'.$pr{$trole.':d'}; |
$allroles{'cm./'.$tdomain.'/'}.=':'.$pr{$trole.':d'}; |
| |
$allroles{$spec.'./'.$tdomain.'/'}.=':'.$pr{$trole.':d'}; |
| if ($trest ne '') { |
if ($trest ne '') { |
| $allroles{$area}.=':'.$pr{$trole.':c'}; |
$allroles{'cm.'.$area}.=':'.$pr{$trole.':c'}; |
| |
$allroles{$spec.'.'.$area}.=':'.$pr{$trole.':c'}; |
| } |
} |
| } |
} |
| } |
} |
|
Line 707 sub eget {
|
Line 872 sub eget {
|
| |
|
| sub allowed { |
sub allowed { |
| my ($priv,$uri)=@_; |
my ($priv,$uri)=@_; |
| $uri=~s/^\/res//; |
$uri=&declutter($uri); |
| $uri=~s/^\///; |
|
| |
|
| # Free bre access to adm resources |
# Free bre access to adm and meta resources |
| |
|
| if (($uri=~/^adm\//) && ($priv eq 'bre')) { |
if ((($uri=~/^adm\//) || ($uri=~/\.meta$/)) && ($priv eq 'bre')) { |
| return 'F'; |
return 'F'; |
| } |
} |
| |
|
| # Gather priviledges over system and domain |
|
| |
|
| my $thisallowed=''; |
my $thisallowed=''; |
| if ($ENV{'user.priv./'}=~/$priv\&([^\:]*)/) { |
my $statecond=0; |
| |
my $courseprivid=''; |
| |
|
| |
# Course |
| |
|
| |
if ($ENV{'user.priv.'.$ENV{'request.role'}.'./'}=~/$priv\&([^\:]*)/) { |
| $thisallowed.=$1; |
$thisallowed.=$1; |
| } |
} |
| if ($ENV{'user.priv./'.(split(/\//,$uri))[0].'/'}=~/$priv\&([^\:]*)/) { |
|
| |
# Domain |
| |
|
| |
if ($ENV{'user.priv.'.$ENV{'request.role'}.'./'.(split(/\//,$uri))[0].'/'} |
| |
=~/$priv\&([^\:]*)/) { |
| $thisallowed.=$1; |
$thisallowed.=$1; |
| } |
} |
| |
|
| # Full access at system or domain level? Exit. |
# Course: uri itself is a course |
| |
my $courseuri=$uri; |
| |
$courseuri=~s/\_(\d)/\/$1/; |
| |
if ($ENV{'user.priv.'.$ENV{'request.role'}.'./'.$courseuri} |
| |
=~/$priv\&([^\:]*)/) { |
| |
$thisallowed.=$1; |
| |
} |
| |
|
| |
# Full access at system, domain or course-wide level? Exit. |
| |
|
| if ($thisallowed=~/F/) { |
if ($thisallowed=~/F/) { |
| return 'F'; |
return 'F'; |
| } |
} |
| |
|
| # The user does not have full access at system or domain level |
# If this is generating or modifying users, exit with special codes |
| # Course level access control |
|
| |
|
| # uri itself refering to a course? |
if (':csu:cdc:ccc:cin:cta:cep:ccr:cst:cad:cli:cau:cdg:'=~/\:$priv\:/) { |
| |
return $thisallowed; |
| if ($uri=~/\.course$/) { |
} |
| if ($ENV{'user.priv./'.$uri}=~/$priv\&([^\:]*)/) { |
# |
| $thisallowed.=$1; |
# Gathered so far: system, domain and course wide priviledges |
| |
# |
| |
# Course: See if uri or referer is an individual resource that is part of |
| |
# the course |
| |
|
| |
if ($ENV{'request.course.id'}) { |
| |
$courseprivid=$ENV{'request.course.id'}; |
| |
if ($ENV{'request.course.sec'}) { |
| |
$courseprivid.='/'.$ENV{'request.course.sec'}; |
| } |
} |
| # Full access on course level? Exit. |
$courseprivid=~s/\_/\//; |
| if ($thisallowed=~/F/) { |
my $checkreferer=1; |
| return 'F'; |
my @uriparts=split(/\//,$uri); |
| |
my $filename=$uriparts[$#uriparts]; |
| |
my $pathname=$uri; |
| |
$pathname=~s/\/$filename$//; |
| |
if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$pathname}=~ |
| |
/\&$filename\:([\d\|]+)\&/) { |
| |
$statecond=$1; |
| |
if ($ENV{'user.priv.'.$ENV{'request.role'}.'./'.$courseprivid} |
| |
=~/$priv\&([^\:]*)/) { |
| |
$thisallowed.=$1; |
| |
$checkreferer=0; |
| |
} |
| } |
} |
| |
|
| # uri is refering to an individual resource; user needs to be in a course |
if (($ENV{'HTTP_REFERER'}) && ($checkreferer)) { |
| |
my $refuri=$ENV{'HTTP_REFERER'}; |
| |
$refuri=~s/^http\:\/\/$ENV{'request.host'}//i; |
| |
$refuri=&declutter($refuri); |
| |
my @uriparts=split(/\//,$refuri); |
| |
my $filename=$uriparts[$#uriparts]; |
| |
my $pathname=$refuri; |
| |
$pathname=~s/\/$filename$//; |
| |
my @filenameparts=split(/\./,$uri); |
| |
if (&fileembstyle($filenameparts[$#filenameparts]) ne 'ssi') { |
| |
if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$pathname}=~ |
| |
/\&$filename\:([\d\|]+)\&/) { |
| |
my $refstatecond=$1; |
| |
if ($ENV{'user.priv.'.$ENV{'request.role'}.'./'.$courseprivid} |
| |
=~/$priv\&([^\:]*)/) { |
| |
$thisallowed.=$1; |
| |
$uri=$refuri; |
| |
$statecond=$refstatecond; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| |
|
| } else { |
# |
| |
# Gathered now: all priviledges that could apply, and condition number |
| |
# |
| |
# |
| |
# Full or no access? |
| |
# |
| |
|
| unless(defined($ENV{'request.course.id'})) { |
if ($thisallowed=~/F/) { |
| return '1'; |
return 'F'; |
| } |
} |
| |
|
| # Get access priviledges for course |
unless ($thisallowed) { |
| |
return ''; |
| |
} |
| |
|
| if ($ENV{'user.priv./'.$ENV{'request.course.id'}}=~/$priv\&([^\:]*)/) { |
# Restrictions exist, deal with them |
| $thisallowed.=$1; |
# |
| } |
# C:according to course preferences |
| |
# R:according to resource settings |
| |
# L:unless locked |
| |
# X:according to user session state |
| |
# |
| |
|
| # See if resource or referer is part of this course |
# Possibly locked functionality, check all courses |
| |
# Locks might take effect only after 10 minutes cache expiration for other |
| my @uriparts=split(/\//,$uri); |
# courses, and 2 minutes for current course |
| my $urifile=$uriparts[$#uriparts]; |
|
| $urifile=~/\.(\w+)$/; |
my $envkey; |
| my $uritype=$1; |
if ($thisallowed=~/L/) { |
| $#uriparts--; |
foreach $envkey (keys %ENV) { |
| my $uripath=join('/',@uriparts); |
if ($envkey=~/^user\.role\.(st|ta)\.([^\.]*)/) { |
| my $uricond=-1; |
my $courseid=$2; |
| if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~ |
my $roleid=$1.'.'.$2; |
| /\&$urifile\:(\d+)\&/) { |
my $expiretime=600; |
| $uricond=$1; |
if ($ENV{'request.role'} eq $roleid) { |
| } elsif (($fe{$uritype} eq 'emb') || ($fe{$uritype} eq 'img')) { |
$expiretime=120; |
| my $refuri=$ENV{'HTTP_REFERER'}; |
} |
| $refuri=~s/^\/res//; |
my ($cdom,$cnum,$csec)=split(/\//,$courseid); |
| $refuri=~s/^\///; |
my $prefix='course.'.$cdom.'_'.$cnum.'.'; |
| @uriparts=split(/\//,$refuri); |
if ((time-$ENV{$prefix.'last_cache'})>$expiretime) { |
| $urifile=$uriparts[$#uriparts]; |
&coursedescription($courseid); |
| $#uriparts--; |
} |
| $uripath=join('/',@uriparts); |
if (($ENV{$prefix.'res.'.$uri.'.lock.sections'}=~/\,$csec\,/) |
| if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~ |
|| ($ENV{$prefix.'res.'.$uri.'.lock.sections'} eq 'all')) { |
| /\&$urifile\:(\d+)\&/) { |
if ($ENV{$prefix.'res.'.$uri.'.lock.expire'}>time) { |
| $uricond=$1; |
&log($ENV{'user.domain'},$ENV{'user.name'}, |
| } |
$ENV{'user.host'}, |
| |
'Locked by res: '.$priv.' for '.$uri.' due to '. |
| |
$cdom.'/'.$cnum.'/'.$csec.' expire '. |
| |
$ENV{$prefix.'priv.'.$priv.'.lock.expire'}); |
| |
return ''; |
| |
} |
| |
} |
| |
if (($ENV{$prefix.'priv.'.$priv.'.lock.sections'}=~/\,$csec\,/) |
| |
|| ($ENV{$prefix.'priv.'.$priv.'.lock.sections'} eq 'all')) { |
| |
if ($ENV{'priv.'.$priv.'.lock.expire'}>time) { |
| |
&log($ENV{'user.domain'},$ENV{'user.name'}, |
| |
$ENV{'user.host'}, |
| |
'Locked by priv: '.$priv.' for '.$uri.' due to '. |
| |
$cdom.'/'.$cnum.'/'.$csec.' expire '. |
| |
$ENV{$prefix.'priv.'.$priv.'.lock.expire'}); |
| |
return ''; |
| |
} |
| |
} |
| |
} |
| } |
} |
| |
} |
| |
|
| |
# |
| |
# Rest of the restrictions depend on selected course |
| |
# |
| |
|
| if ($uricond>=0) { |
unless ($ENV{'request.course.id'}) { |
| |
return '1'; |
| |
} |
| |
|
| # The resource is part of the course |
# |
| # If user had full access on course level, go ahead |
# Now user is definitely in a course |
| |
# |
| |
|
| if ($thisallowed=~/F/) { |
|
| return 'F'; |
|
| } |
|
| |
|
| # Restricted by state? |
# Course preferences |
| |
|
| if ($thisallowed=~/X/) { |
if ($thisallowed=~/C/) { |
| if (&condval($uricond)) { |
my $rolecode=(split(/\./,$ENV{'request.role'}))[0]; |
| return '2'; |
if ($ENV{'course.'.$ENV{'request.course.id'}.'.'.$priv.'.roles.denied'} |
| } else { |
=~/\,$rolecode\,/) { |
| return ''; |
&log($ENV{'user.domain'},$ENV{'user.name'},$ENV{'user.host'}, |
| } |
'Denied by role: '.$priv.' for '.$uri.' as '.$rolecode.' in '. |
| |
$ENV{'request.course.id'}); |
| |
return ''; |
| |
} |
| |
} |
| |
|
| |
# Resource preferences |
| |
|
| |
if ($thisallowed=~/R/) { |
| |
my $rolecode=(split(/\./,$ENV{'request.role'}))[0]; |
| |
my $filename=$perlvar{'lonDocRoot'}.'/res/'.$uri.'.meta'; |
| |
if (-e $filename) { |
| |
my @content; |
| |
{ |
| |
my $fh=Apache::File->new($filename); |
| |
@content=<$fh>; |
| } |
} |
| |
if (join('',@content)=~ |
| |
/\<roledeny[^\>]*\>[^\<]*$rolecode[^\<]*\<\/roledeny\>/) { |
| |
&log($ENV{'user.domain'},$ENV{'user.name'},$ENV{'user.host'}, |
| |
'Denied by role: '.$priv.' for '.$uri.' as '.$rolecode); |
| |
return ''; |
| |
|
| |
} |
| } |
} |
| } |
} |
| return $thisallowed; |
|
| } |
|
| |
|
| # ---------------------------------------------------------- Refresh State Info |
# Restricted by state? |
| |
|
| sub refreshstate { |
if ($thisallowed=~/X/) { |
| |
if (&condval($statecond)) { |
| |
return '2'; |
| |
} else { |
| |
return ''; |
| |
} |
| |
} |
| |
|
| |
return 'F'; |
| } |
} |
| |
|
| # ----------------------------------------------------------------- Define Role |
# ----------------------------------------------------------------- Define Role |
|
Line 872 sub fileembstyle {
|
Line 1153 sub fileembstyle {
|
| |
|
| # ------------------------------------------------------------ Description Text |
# ------------------------------------------------------------ Description Text |
| |
|
| sub filedecription { |
sub filedescription { |
| my $ending=shift; |
my $ending=shift; |
| return $fd{$ending}; |
return $fd{$ending}; |
| } |
} |
|
Line 993 sub directcondval {
|
Line 1274 sub directcondval {
|
| sub condval { |
sub condval { |
| my $condidx=shift; |
my $condidx=shift; |
| my $result=0; |
my $result=0; |
| |
my $allpathcond=''; |
| |
map { |
| |
if (defined($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$_})) { |
| |
$allpathcond.= |
| |
'('.$ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$_}.')|'; |
| |
} |
| |
} split(/\|/,$condidx); |
| |
$allpathcond=~s/\|$//; |
| if ($ENV{'request.course.id'}) { |
if ($ENV{'request.course.id'}) { |
| if (defined($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx})) { |
if ($allpathcond) { |
| my $operand='|'; |
my $operand='|'; |
| my @stack; |
my @stack; |
| map { |
map { |
|
Line 1017 sub condval {
|
Line 1306 sub condval {
|
| $result=$result>$new?$result:$new; |
$result=$result>$new?$result:$new; |
| } |
} |
| } |
} |
| } ($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx}=~ |
} ($allpathcond=~/(\d+|\(|\)|\&|\|)/g); |
| /(\d+|\(|\)|\&|\|)/g); |
|
| } |
} |
| } |
} |
| return $result; |
return $result; |
|
Line 1026 sub condval {
|
Line 1314 sub condval {
|
| |
|
| # --------------------------------------------------------- Value of a Variable |
# --------------------------------------------------------- Value of a Variable |
| |
|
| sub varval { |
sub EXT { |
| my $varname=shift; |
my $varname=shift; |
| |
unless ($varname) { return ''; } |
| my ($realm,$space,$qualifier,@therest)=split(/\./,$varname); |
my ($realm,$space,$qualifier,@therest)=split(/\./,$varname); |
| my $rest; |
my $rest; |
| if ($therest[0]) { |
if ($therest[0]) { |
|
Line 1035 sub varval {
|
Line 1324 sub varval {
|
| } else { |
} else { |
| $rest=''; |
$rest=''; |
| } |
} |
| |
my $qualifierrest=$qualifier; |
| |
if ($rest) { $qualifierrest.='.'.$rest; } |
| |
my $spacequalifierrest=$space; |
| |
if ($qualifierrest) { $spacequalifierrest.='.'.$qualifierrest; } |
| if ($realm eq 'user') { |
if ($realm eq 'user') { |
| # --------------------------------------------------------------- user.resource |
# --------------------------------------------------------------- user.resource |
| if ($space eq 'resource') { |
if ($space eq 'resource') { |
| |
my %restored=&restore; |
| |
return $restored{$qualifierrest}; |
| # ----------------------------------------------------------------- user.access |
# ----------------------------------------------------------------- user.access |
| } elsif ($space eq 'access') { |
} elsif ($space eq 'access') { |
| return &allowed($qualifier,$rest); |
return &allowed($qualifier,$rest); |
| # ------------------------------------------ user.preferences, user.environment |
# ------------------------------------------ user.preferences, user.environment |
| } elsif (($space eq 'preferences') || ($space eq 'environment')) { |
} elsif (($space eq 'preferences') || ($space eq 'environment')) { |
| return $ENV{join('.',('environment',$qualifier,$rest))}; |
return $ENV{join('.',('environment',$qualifierrest))}; |
| # ----------------------------------------------------------------- user.course |
# ----------------------------------------------------------------- user.course |
| } elsif ($space eq 'course') { |
} elsif ($space eq 'course') { |
| return $ENV{join('.',('request.course',$qualifier))}; |
return $ENV{join('.',('request.course',$qualifier))}; |
|
Line 1071 sub varval {
|
Line 1366 sub varval {
|
| # ------------------------------------------------------------- request.browser |
# ------------------------------------------------------------- request.browser |
| if ($space eq 'browser') { |
if ($space eq 'browser') { |
| return $ENV{'browser.'.$qualifier}; |
return $ENV{'browser.'.$qualifier}; |
| } elsif ($space eq 'filename') { |
# ------------------------------------------------------------ request.filename |
| return $ENV{'request.filename'}; |
} else { |
| |
return $ENV{'request.'.$spacequalifierrest}; |
| } |
} |
| } elsif ($realm eq 'course') { |
} elsif ($realm eq 'course') { |
| # ---------------------------------------------------------- course.description |
# ---------------------------------------------------------- course.description |
| if ($space eq 'description') { |
my $section=''; |
| my %reply=&coursedescription($ENV{'request.course.id'}); |
if ($ENV{'request.course.sec'}) { |
| return $reply{'description'}; |
$section='_'.$ENV{'request.course.sec'}; |
| # ------------------------------------------------------------------- course.id |
} |
| } elsif ($space eq 'id') { |
return $ENV{'course.'.$ENV{'request.course.id'}.$section.'.'. |
| return $ENV{'request.course.id'}; |
$spacequalifierrest}; |
| # -------------------------------------------------- Any other course namespace |
} elsif ($realm eq 'resource') { |
| } else { |
if ($ENV{'request.course.id'}) { |
| my ($cdom,$cnam)=split(/\_/,$ENV{'request.course.id'}); |
# ----------------------------------------------------- Cascading lookup scheme |
| my $chome=&homeserver($cnam,$cdom); |
my $symbp=&symbread(); |
| my $item=join('.',($qualifier,$rest)); |
my $mapp=(split(/\_\_\_/,$symbp))[0]; |
| return &unescape |
|
| (&reply('get:'.$cdom.':'.$cnam.':'.&escape($space).':'. |
my $symbparm=$symbp.'.'.$spacequalifierrest; |
| &escape($item),$chome)); |
my $mapparm=$mapp.'___(all).'.$spacequalifierrest; |
| |
|
| |
my $seclevel= |
| |
$ENV{'request.course.id'}.'.['. |
| |
$ENV{'request.course.sec'}.'].'.$spacequalifierrest; |
| |
my $seclevelr= |
| |
$ENV{'request.course.id'}.'.['. |
| |
$ENV{'request.course.sec'}.'].'.$symbparm; |
| |
my $seclevelm= |
| |
$ENV{'request.course.id'}.'.['. |
| |
$ENV{'request.course.sec'}.'].'.$mapparm; |
| |
|
| |
my $courselevel= |
| |
$ENV{'request.course.id'}.'.'.$spacequalifierrest; |
| |
my $courselevelr= |
| |
$ENV{'request.course.id'}.'.'.$symbparm; |
| |
my $courselevelm= |
| |
$ENV{'request.course.id'}.'.'.$mapparm; |
| |
|
| |
|
| |
# ----------------------------------------------------------- first, check user |
| |
my %resourcedata=get('resourcedata', |
| |
($courselevelr,$courselevelm,$courselevel)); |
| |
if ($resourcedata{$courselevelr}!~/^error\:/) { |
| |
|
| |
if ($resourcedata{$courselevelr}) { |
| |
return $resourcedata{$courselevelr}; } |
| |
if ($resourcedata{$courselevelm}) { |
| |
return $resourcedata{$courselevelm}; } |
| |
if ($resourcedata{$courselevel}) { return $resourcedata{$courselevel}; } |
| |
|
| |
} |
| |
# -------------------------------------------------------- second, check course |
| |
my $section=''; |
| |
if ($ENV{'request.course.sec'}) { |
| |
$section='_'.$ENV{'request.course.sec'}; |
| } |
} |
| } elsif ($realm eq 'userdata') { |
my $reply=&reply('get:'. |
| my $uhome=&homeserver($qualifier,$space); |
$ENV{'course.'.$ENV{'request.course.id'}.$section.'.domain'}.':'. |
| # ----------------------------------------------- userdata.domain.name.resource |
$ENV{'course.'.$ENV{'request.course.id'}.$section.'.num'}. |
| |
':resourcedata:'. |
| |
escape($seclevelr).':'.escape($seclevelm).':'.escape($seclevel).':'. |
| |
escape($courselevelr).':'.escape($courselevelm).':'.escape($courselevel), |
| |
$ENV{'course.'.$ENV{'request.course.id'}.$section.'.home'}); |
| |
if ($reply!~/^error\:/) { |
| |
map { |
| |
my ($name,$value)=split(/\=/,$_); |
| |
$resourcedata{unescape($name)}=unescape($value); |
| |
} split(/\&/,$reply); |
| |
|
| |
if ($resourcedata{$seclevelr}) { return $resourcedata{$seclevelr}; } |
| |
if ($resourcedata{$seclevelm}) { return $resourcedata{$seclevelm}; } |
| |
if ($resourcedata{$seclevel}) { return $resourcedata{$seclevel}; } |
| |
|
| |
if ($resourcedata{$courselevelr}) { |
| |
return $resourcedata{$courselevelr}; } |
| |
if ($resourcedata{$courselevelm}) { |
| |
return $resourcedata{$courselevelm}; } |
| |
if ($resourcedata{$courselevel}) { return $resourcedata{$courselevel}; } |
| |
|
| |
} |
| |
|
| |
# ------------------------------------------------------ third, check map parms |
| |
my %parmhash=(); |
| |
my $thisparm=''; |
| |
if (tie(%parmhash,'GDBM_File', |
| |
$ENV{'request.course.fn'}.'_parms.db',&GDBM_READER,0640)) { |
| |
$thisparm=$parmhash{$symbparm}; |
| |
untie(%parmhash); |
| |
} |
| |
if ($thisparm) { return $thisparm; } |
| |
} |
| |
|
| |
# --------------------------------------------- last, look in resource metadata |
| |
|
| |
my $metadata=&metadata($ENV{'request.filename'},$spacequalifierrest); |
| |
if ($metadata) { return $metadata; } |
| |
|
| # ---------------------------------------------------- Any other user namespace |
# ---------------------------------------------------- Any other user namespace |
| } elsif ($realm eq 'environment') { |
} elsif ($realm eq 'environment') { |
| # ----------------------------------------------------------------- environment |
# ----------------------------------------------------------------- environment |
| return $ENV{join('.',($space,$qualifier,$rest))}; |
return $ENV{$spacequalifierrest}; |
| } elsif ($realm eq 'system') { |
} elsif ($realm eq 'system') { |
| # ----------------------------------------------------------------- system.time |
# ----------------------------------------------------------------- system.time |
| if ($space eq 'time') { |
if ($space eq 'time') { |
|
Line 1107 sub varval {
|
Line 1476 sub varval {
|
| return ''; |
return ''; |
| } |
} |
| |
|
| |
# ---------------------------------------------------------------- Get metadata |
| |
|
| |
sub metadata { |
| |
my ($uri,$what)=@_; |
| |
$uri=&declutter($uri); |
| |
my $filename=$uri; |
| |
$uri=~s/\.meta$//; |
| |
unless ($metacache{$uri.':keys'}) { |
| |
unless ($filename=~/\.meta$/) { $filename.='.meta'; } |
| |
my $metastring=&getfile($perlvar{'lonDocRoot'}.'/res/'.$filename); |
| |
my $parser=HTML::TokeParser->new(\$metastring); |
| |
my $token; |
| |
while ($token=$parser->get_token) { |
| |
if ($token->[0] eq 'S') { |
| |
my $entry=$token->[1]; |
| |
my $unikey=$entry; |
| |
if (defined($token->[2]->{'part'})) { |
| |
$unikey.='_'.$token->[2]->{'part'}; |
| |
} |
| |
if (defined($token->[2]->{'name'})) { |
| |
$unikey.='_'.$token->[2]->{'name'}; |
| |
} |
| |
if ($metacache{$uri.':keys'}) { |
| |
$metacache{$uri.':keys'}.=','.$unikey; |
| |
} else { |
| |
$metacache{$uri.':keys'}=$unikey; |
| |
} |
| |
map { |
| |
$metacache{$uri.':'.$unikey.'.'.$_}=$token->[2]->{$_}; |
| |
} @{$token->[3]}; |
| |
$metacache{$uri.':'.$unikey}=$parser->get_text('/'.$entry); |
| |
} |
| |
} |
| |
} |
| |
return $metacache{$uri.':'.$what}; |
| |
} |
| |
|
| # ------------------------------------------------- Update symbolic store links |
# ------------------------------------------------- Update symbolic store links |
| |
|
| sub symblist { |
sub symblist { |
|
Line 1159 sub symbread {
|
Line 1565 sub symbread {
|
| &GDBM_READER,0640)) { |
&GDBM_READER,0640)) { |
| # ---------------------------------------------- Get ID(s) for current resource |
# ---------------------------------------------- Get ID(s) for current resource |
| my $ids=$bighash{'ids_/res/'.$thisfn}; |
my $ids=$bighash{'ids_/res/'.$thisfn}; |
| |
unless ($ids) { |
| |
$ids=$bighash{'ids_/'.$thisfn}; |
| |
} |
| if ($ids) { |
if ($ids) { |
| # ------------------------------------------------------------------- Has ID(s) |
# ------------------------------------------------------------------- Has ID(s) |
| my @possibilities=split(/\,/,$ids); |
my @possibilities=split(/\,/,$ids); |
|
Line 1186 sub symbread {
|
Line 1595 sub symbread {
|
| untie(%bighash) |
untie(%bighash) |
| } |
} |
| } |
} |
| if ($syval) { return $syval.'___'.$thisfn; } |
if ($syval) { |
| |
return $syval.'___'.$thisfn; |
| |
} |
| } |
} |
| &appenv('request.ambiguous' => $thisfn); |
&appenv('request.ambiguous' => $thisfn); |
| return ''; |
return ''; |
|
Line 1237 sub filelocation {
|
Line 1648 sub filelocation {
|
| my ($dir,$file) = @_; |
my ($dir,$file) = @_; |
| my $location; |
my $location; |
| $file=~ s/^\s*(\S+)\s*$/$1/; ## strip off leading and trailing spaces |
$file=~ s/^\s*(\S+)\s*$/$1/; ## strip off leading and trailing spaces |
| $file=~s/^$perlvar{'lonDocRoot'}//; |
if ($file=~m:^/~:) { # is a contruction space reference |
| $file=~s:^/*res::; |
$location = $file; |
| if ( !( $file =~ m:^/:) ) { |
$location =~ s:/~(.*?)/(.*):/home/$1/public_html/$2:; |
| $location = $dir. '/'.$file; |
|
| } else { |
} else { |
| $location = '/home/httpd/html/res'.$file; |
$file=~s/^$perlvar{'lonDocRoot'}//; |
| |
$file=~s:^/*res::; |
| |
if ( !( $file =~ m:^/:) ) { |
| |
$location = $dir. '/'.$file; |
| |
} else { |
| |
$location = '/home/httpd/html/res'.$file; |
| |
} |
| } |
} |
| $location=~s://+:/:g; # remove duplicate / |
$location=~s://+:/:g; # remove duplicate / |
| while ($location=~m:/\.\./:) {$location=~ s:/[^/]+/\.\./:/:g;} #remove dir/.. |
while ($location=~m:/\.\./:) {$location=~ s:/[^/]+/\.\./:/:g;} #remove dir/.. |
|
Line 1362 if ($readit ne 'done') {
|
Line 1778 if ($readit ne 'done') {
|
| } |
} |
| } |
} |
| |
|
| |
%metacache=(); |
| |
|
| $readit='done'; |
$readit='done'; |
| &logthis('<font color=yellow>INFO: Read configuration</font>'); |
&logthis('<font color=yellow>INFO: Read configuration</font>'); |
![[BACK]](/icons/back.gif){kind=icon}
Return to lonnet.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / lonnet / perl