--- loncom/lonnet/perl/lonnet.pm 2016/09/21 04:47:57 1.1322 +++ loncom/lonnet/perl/lonnet.pm 2018/12/08 17:38:47 1.1395 @@ -1,7 +1,7 @@ # The LearningOnline Network # TCP networking package # -# $Id: lonnet.pm,v 1.1322 2016/09/21 04:47:57 raeburn Exp $ +# $Id: lonnet.pm,v 1.1395 2018/12/08 17:38:47 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -71,10 +71,9 @@ delayed. package Apache::lonnet; use strict; -use LWP::UserAgent(); use HTTP::Date; use Image::Magick; - +use CGI::Cookie; use Encode; @@ -101,6 +100,7 @@ use LONCAPA qw(:DEFAULT :match); use LONCAPA::Configuration; use LONCAPA::lonmetadata; use LONCAPA::Lond; +use LONCAPA::LWPReq; use File::Copy; @@ -146,7 +146,7 @@ our @EXPORT = qw(%env); sub logtouch { my $execdir=$perlvar{'lonDaemons'}; unless (-e "$execdir/logs/lonnet.log") { - open(my $fh,">>$execdir/logs/lonnet.log"); + open(my $fh,">>","$execdir/logs/lonnet.log"); close $fh; } my ($wwwuid,$wwwgid)=(getpwnam('www'))[2,3]; @@ -158,7 +158,7 @@ sub logthis { my $execdir=$perlvar{'lonDaemons'}; my $now=time; my $local=localtime($now); - if (open(my $fh,">>$execdir/logs/lonnet.log")) { + if (open(my $fh,">>","$execdir/logs/lonnet.log")) { my $logstring = $local. " ($$): ".$message."\n"; # Keep any \'s in string. print $fh $logstring; close($fh); @@ -171,7 +171,7 @@ sub logperm { my $execdir=$perlvar{'lonDaemons'}; my $now=time; my $local=localtime($now); - if (open(my $fh,">>$execdir/logs/lonnet.perm.log")) { + if (open(my $fh,">>","$execdir/logs/lonnet.perm.log")) { print $fh "$now:$message:$local\n"; close($fh); } @@ -230,30 +230,38 @@ sub get_server_distarch { } sub get_servercerts_info { - my ($lonhost,$context) = @_; + my ($lonhost,$hostname,$context) = @_; + return if ($lonhost eq ''); + if ($hostname eq '') { + $hostname = &hostname($lonhost); + } + return if ($hostname eq ''); my ($rep,$uselocal); - if (grep { $_ eq $lonhost } ¤t_machine_ids()) { + if ($context eq 'install') { + $uselocal = 1; + } elsif (grep { $_ eq $lonhost } ¤t_machine_ids()) { $uselocal = 1; } - if (($context ne 'cgi') && ($uselocal)) { + if (($context ne 'cgi') && ($context ne 'install') && ($uselocal)) { my $distro = (split(/\:/,&get_server_distarch($lonhost)))[0]; - if ($distro =~ /^(?:centos|redhat|scientific)(\d+)$/) { + if ($distro eq '') { + $uselocal = 0; + } elsif ($distro =~ /^(?:centos|redhat|scientific)(\d+)$/) { if ($1 < 6) { $uselocal = 0; } + } elsif ($distro =~ /^(?:sles)(\d+)$/) { + if ($1 < 12) { + $uselocal = 0; + } } } if ($uselocal) { - $rep = LONCAPA::Lond::server_certs(\%perlvar); + $rep = LONCAPA::Lond::server_certs(\%perlvar,$lonhost,$hostname); } else { $rep=&reply('servercerts',$lonhost); } my ($result,%returnhash); - if (defined($lonhost)) { - if (!defined(&hostname($lonhost))) { - return; - } - } if (($rep=~/^(refused|rejected|error)/) || ($rep eq 'con_lost') || ($rep eq 'unknown_cmd')) { $result = $rep; @@ -303,13 +311,11 @@ sub get_server_loncaparev { $answer = &reply('serverloncaparev',$lonhost); if (($answer eq 'unknown_cmd') || ($answer eq 'con_lost')) { if ($caller eq 'loncron') { - my $ua=new LWP::UserAgent; - $ua->timeout(4); my $protocol = $protocol{$lonhost}; $protocol = 'http' if ($protocol ne 'https'); my $url = $protocol.'://'.&hostname($lonhost).'/adm/about.html'; my $request=new HTTP::Request('GET',$url); - my $response=$ua->request($request); + my $response=&LONCAPA::LWPReq::makerequest($lonhost,$request,'',\%perlvar,4,1); unless ($response->is_error()) { my $content = $response->content; if ($content =~ /
VERSION\:\s*([\w.\-]+)<\/p>/) {
@@ -481,7 +487,7 @@ sub reconlonc {
&logthis("Trying to reconnect lonc");
my $loncfile="$perlvar{'lonDaemons'}/logs/lonc.pid";
- if (open(my $fh,"<$loncfile")) {
+ if (open(my $fh,"<",$loncfile)) {
my $loncpid=<$fh>;
chomp($loncpid);
if (kill 0 => $loncpid) {
@@ -521,7 +527,7 @@ sub critical {
$dumpcount++;
{
my $dfh;
- if (open($dfh,">$dfilename")) {
+ if (open($dfh,">",$dfilename)) {
print $dfh "$cmd\n";
close($dfh);
}
@@ -530,7 +536,7 @@ sub critical {
my $wcmd='';
{
my $dfh;
- if (open($dfh,"<$dfilename")) {
+ if (open($dfh,"<",$dfilename)) {
$wcmd=<$dfh>;
close($dfh);
}
@@ -646,22 +652,52 @@ sub transfer_profile_to_env {
# ---------------------------------------------------- Check for valid session
sub check_for_valid_session {
- my ($r,$name,$userhashref) = @_;
+ my ($r,$name,$userhashref,$domref) = @_;
my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
- if ($name eq '') {
- $name = 'lonID';
- }
- my $lonid=$cookies{$name};
- return undef if (!$lonid);
-
- my $handle=&LONCAPA::clean_handle($lonid->value);
- my $lonidsdir;
+ my ($lonidsdir,$linkname,$pubname,$secure,$lonid);
if ($name eq 'lonDAV') {
$lonidsdir=$r->dir_config('lonDAVsessDir');
} else {
$lonidsdir=$r->dir_config('lonIDsDir');
+ if ($name eq '') {
+ $name = 'lonID';
+ }
+ }
+ if ($name eq 'lonID') {
+ $secure = 'lonSID';
+ $linkname = 'lonLinkID';
+ $pubname = 'lonPubID';
+ if (exists($cookies{$secure})) {
+ $lonid=$cookies{$secure};
+ } elsif (exists($cookies{$name})) {
+ $lonid=$cookies{$name};
+ } elsif (exists($cookies{$linkname})) {
+ $lonid=$cookies{$linkname};
+ } elsif (exists($cookies{$pubname})) {
+ $lonid=$cookies{$pubname};
+ }
+ } else {
+ $lonid=$cookies{$name};
+ }
+ return undef if (!$lonid);
+
+ my $handle=&LONCAPA::clean_handle($lonid->value);
+ if (-l "$lonidsdir/$handle.id") {
+ my $link = readlink("$lonidsdir/$handle.id");
+ if ((-e $link) && ($link =~ m{^\Q$lonidsdir\E/(.+)\.id$})) {
+ $handle = $1;
+ }
+ }
+ if (!-e "$lonidsdir/$handle.id") {
+ if ((ref($domref)) && ($name eq 'lonID') &&
+ ($handle =~ /^($match_username)\_\d+\_($match_domain)\_(.+)$/)) {
+ my ($possuname,$possudom,$possuhome) = ($1,$2,$3);
+ if ((&domain($possudom) ne '') && (&homeserver($possuname,$possudom) eq $possuhome)) {
+ $$domref = $possudom;
+ }
+ }
+ return undef;
}
- return undef if (!-e "$lonidsdir/$handle.id");
my $opened = open(my $idf,'+<',"$lonidsdir/$handle.id");
return undef if (!$opened);
@@ -675,13 +711,20 @@ sub check_for_valid_session {
if (!defined($disk_env{'user.name'})
|| !defined($disk_env{'user.domain'})) {
+ untie(%disk_env);
return undef;
}
if (ref($userhashref) eq 'HASH') {
$userhashref->{'name'} = $disk_env{'user.name'};
$userhashref->{'domain'} = $disk_env{'user.domain'};
+ $userhashref->{'lti'} = $disk_env{'request.lti.login'};
+ if ($userhashref->{'lti'}) {
+ $userhashref->{'ltitarget'} = $disk_env{'request.lti.target'};
+ $userhashref->{'ltiuri'} = $disk_env{'request.lti.uri'};
+ }
}
+ untie(%disk_env);
return $handle;
}
@@ -706,6 +749,37 @@ sub timed_flock {
}
}
+sub get_sessionfile_vars {
+ my ($handle,$lonidsdir,$storearr) = @_;
+ my %returnhash;
+ unless (ref($storearr) eq 'ARRAY') {
+ return %returnhash;
+ }
+ if (-l "$lonidsdir/$handle.id") {
+ my $link = readlink("$lonidsdir/$handle.id");
+ if ((-e $link) && ($link =~ m{^\Q$lonidsdir\E/(.+)\.id$})) {
+ $handle = $1;
+ }
+ }
+ if ((-e "$lonidsdir/$handle.id") &&
+ ($handle =~ /^($match_username)\_\d+\_($match_domain)\_(.+)$/)) {
+ my ($possuname,$possudom,$possuhome) = ($1,$2,$3);
+ if ((&domain($possudom) ne '') && (&homeserver($possuname,$possudom) eq $possuhome)) {
+ if (open(my $idf,'+<',"$lonidsdir/$handle.id")) {
+ flock($idf,LOCK_SH);
+ if (tie(my %disk_env,'GDBM_File',"$lonidsdir/$handle.id",
+ &GDBM_READER(),0640)) {
+ foreach my $item (@{$storearr}) {
+ $returnhash{$item} = $disk_env{$item};
+ }
+ untie(%disk_env);
+ }
+ }
+ }
+ }
+ return %returnhash;
+}
+
# ---------------------------------------------------------- Append Environment
sub appenv {
@@ -731,16 +805,19 @@ sub appenv {
$env{$key}=$newenv->{$key};
}
}
- my $opened = open(my $env_file,'+<',$env{'user.environment'});
- if ($opened
- && &timed_flock($env_file,LOCK_EX)
- &&
- tie(my %disk_env,'GDBM_File',$env{'user.environment'},
- (&GDBM_WRITER()|&GDBM_NOLOCK()),0640)) {
- while (my ($key,$value) = each(%{$newenv})) {
- $disk_env{$key} = $value;
- }
- untie(%disk_env);
+ my $lonids = $perlvar{'lonIDsDir'};
+ if ($env{'user.environment'} =~ m{^\Q$lonids/\E$match_username\_\d+\_$match_domain\_[\w\-.]+\.id$}) {
+ my $opened = open(my $env_file,'+<',$env{'user.environment'});
+ if ($opened
+ && &timed_flock($env_file,LOCK_EX)
+ &&
+ tie(my %disk_env,'GDBM_File',$env{'user.environment'},
+ (&GDBM_WRITER()|&GDBM_NOLOCK()),0640)) {
+ while (my ($key,$value) = each(%{$newenv})) {
+ $disk_env{$key} = $value;
+ }
+ untie(%disk_env);
+ }
}
}
return 'ok';
@@ -856,6 +933,7 @@ sub userload {
while ($filename=readdir(LONIDS)) {
next if ($filename eq '.' || $filename eq '..');
next if ($filename =~ /publicuser_\d+\.id/);
+ next if ($filename =~ /^[a-f0-9]+_linked\.id$/);
my ($mtime)=(stat($perlvar{'lonIDsDir'}.'/'.$filename))[9];
if ($curtime-$mtime < 1800) { $numusers++; }
}
@@ -984,6 +1062,75 @@ sub find_existing_session {
return;
}
+# check if user's browser sent load balancer cookie and server still has session
+# and is not overloaded.
+sub check_for_balancer_cookie {
+ my ($r,$update_mtime) = @_;
+ my ($otherserver,$cookie);
+ my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
+ if (exists($cookies{'balanceID'})) {
+ my $balid = $cookies{'balanceID'};
+ $cookie=&LONCAPA::clean_handle($balid->value);
+ my $balancedir=$r->dir_config('lonBalanceDir');
+ if ((-d $balancedir) && (-e "$balancedir/$cookie.id")) {
+ if ($cookie =~ /^($match_domain)_($match_username)_[a-f0-9]+$/) {
+ my ($possudom,$possuname) = ($1,$2);
+ my $has_session = 0;
+ if ((&domain($possudom) ne '') &&
+ (&homeserver($possuname,$possudom) ne 'no_host')) {
+ my $try_server;
+ my $opened = open(my $idf,'+<',"$balancedir/$cookie.id");
+ if ($opened) {
+ flock($idf,LOCK_SH);
+ while (my $line = <$idf>) {
+ chomp($line);
+ if (&hostname($line) ne '') {
+ $try_server = $line;
+ last;
+ }
+ }
+ close($idf);
+ if (($try_server) &&
+ (&has_user_session($try_server,$possudom,$possuname))) {
+ my $lowest_load = 30000;
+ ($otherserver,$lowest_load) =
+ &compare_server_load($try_server,undef,$lowest_load);
+ if ($otherserver ne '' && $lowest_load < 100) {
+ $has_session = 1;
+ } else {
+ undef($otherserver);
+ }
+ }
+ }
+ }
+ if ($has_session) {
+ if ($update_mtime) {
+ my $atime = my $mtime = time;
+ utime($atime,$mtime,"$balancedir/$cookie.id");
+ }
+ } else {
+ unlink("$balancedir/$cookie.id");
+ }
+ }
+ }
+ }
+ return ($otherserver,$cookie);
+}
+
+sub delbalcookie {
+ my ($cookie,$balancer) =@_;
+ if ($cookie =~ /^($match_domain)\_($match_username)\_[a-f0-9]{32}$/) {
+ my ($udom,$uname) = ($1,$2);
+ my $uprimary_id = &domain($udom,'primary');
+ my $uintdom = &internet_dom($uprimary_id);
+ my $intdom = &internet_dom($balancer);
+ my $serverhomedom = &host_domain($balancer);
+ if (($uintdom ne '') && ($uintdom eq $intdom)) {
+ return &reply("delbalcookie:$cookie",$balancer);
+ }
+ }
+}
+
# -------------------------------- ask if server already has a session for user
sub has_user_session {
my ($lonid,$udom,$uname) = @_;
@@ -1019,7 +1166,7 @@ sub choose_server {
if (ref($balancers) eq 'HASH') {
next if (exists($balancers->{$lonhost}));
}
- }
+ }
my $loginvia;
if ($checkloginvia) {
$loginvia = $domconfhash{$udom.'.login.loginvia_'.$lonhost};
@@ -1047,7 +1194,7 @@ sub choose_server {
if ($login_host ne '') {
$hostname = &hostname($login_host);
}
- return ($login_host,$hostname,$portal_path,$isredirect);
+ return ($login_host,$hostname,$portal_path,$isredirect,$lowest_load);
}
# --------------------------------------------- Try to change a user's password
@@ -1319,9 +1466,9 @@ sub get_lonbalancer_config {
}
sub check_loadbalancing {
- my ($uname,$udom) = @_;
+ my ($uname,$udom,$caller) = @_;
my ($is_balancer,$currtargets,$currrules,$dom_in_use,$homeintdom,
- $rule_in_effect,$offloadto,$otherserver);
+ $rule_in_effect,$offloadto,$otherserver,$setcookie,$dom_balancers);
my $lonhost = $perlvar{'lonHostID'};
my @hosts = ¤t_machine_ids();
my $uprimary_id = &Apache::lonnet::domain($udom,'primary');
@@ -1348,7 +1495,7 @@ sub check_loadbalancing {
}
}
if (ref($result) eq 'HASH') {
- ($is_balancer,$currtargets,$currrules) =
+ ($is_balancer,$currtargets,$currrules,$setcookie,$dom_balancers) =
&check_balancer_result($result,@hosts);
if ($is_balancer) {
if (ref($currrules) eq 'HASH') {
@@ -1409,7 +1556,7 @@ sub check_loadbalancing {
}
}
if (ref($result) eq 'HASH') {
- ($is_balancer,$currtargets,$currrules) =
+ ($is_balancer,$currtargets,$currrules,$setcookie,$dom_balancers) =
&check_balancer_result($result,@hosts);
if ($is_balancer) {
if (ref($currrules) eq 'HASH') {
@@ -1470,23 +1617,27 @@ sub check_loadbalancing {
}
}
}
- if (($otherserver ne '') && (grep(/^\Q$otherserver\E$/,@hosts))) {
- $is_balancer = 0;
- if ($uname ne '' && $udom ne '') {
- if (($env{'user.name'} eq $uname) && ($env{'user.domain'} eq $udom)) {
-
- &appenv({'user.loadbalexempt' => $lonhost,
- 'user.loadbalcheck.time' => time});
+ unless ($caller eq 'login') {
+ if (($otherserver ne '') && (grep(/^\Q$otherserver\E$/,@hosts))) {
+ $is_balancer = 0;
+ if ($uname ne '' && $udom ne '') {
+ if (($env{'user.name'} eq $uname) && ($env{'user.domain'} eq $udom)) {
+ &appenv({'user.loadbalexempt' => $lonhost,
+ 'user.loadbalcheck.time' => time});
+ }
}
}
}
+ unless ($homeintdom) {
+ undef($setcookie);
+ }
}
- return ($is_balancer,$otherserver);
+ return ($is_balancer,$otherserver,$setcookie,$offloadto,$dom_balancers);
}
sub check_balancer_result {
my ($result,@hosts) = @_;
- my ($is_balancer,$currtargets,$currrules);
+ my ($is_balancer,$currtargets,$currrules,$setcookie,$dom_balancers);
if (ref($result) eq 'HASH') {
if ($result->{'lonhost'} ne '') {
my $currbalancer = $result->{'lonhost'};
@@ -1495,19 +1646,24 @@ sub check_balancer_result {
$currtargets = $result->{'targets'};
$currrules = $result->{'rules'};
}
+ $dom_balancers = $currbalancer;
} else {
- foreach my $key (keys(%{$result})) {
- if (($key ne '') && (grep(/^\Q$key\E$/,@hosts)) &&
- (ref($result->{$key}) eq 'HASH')) {
- $is_balancer = 1;
- $currrules = $result->{$key}{'rules'};
- $currtargets = $result->{$key}{'targets'};
- last;
+ if (keys(%{$result})) {
+ foreach my $key (keys(%{$result})) {
+ if (($key ne '') && (grep(/^\Q$key\E$/,@hosts)) &&
+ (ref($result->{$key}) eq 'HASH')) {
+ $is_balancer = 1;
+ $currrules = $result->{$key}{'rules'};
+ $currtargets = $result->{$key}{'targets'};
+ $setcookie = $result->{$key}{'cookie'};
+ last;
+ }
}
+ $dom_balancers = join(',',sort(keys(%{$result})));
}
}
}
- return ($is_balancer,$currtargets,$currrules);
+ return ($is_balancer,$currtargets,$currrules,$setcookie,$dom_balancers);
}
sub get_loadbalancer_targets {
@@ -1579,6 +1735,101 @@ sub internet_dom_servers {
return %uniqservers;
}
+sub trusted_domains {
+ my ($cmdtype,$calldom) = @_;
+ my ($trusted,$untrusted);
+ if (&domain($calldom) eq '') {
+ return ($trusted,$untrusted);
+ }
+ unless ($cmdtype =~ /^(content|shared|enroll|coaurem|othcoau|domroles|catalog|reqcrs|msg)$/) {
+ return ($trusted,$untrusted);
+ }
+ my $callprimary = &domain($calldom,'primary');
+ my $intcalldom = &Apache::lonnet::internet_dom($callprimary);
+ if ($intcalldom eq '') {
+ return ($trusted,$untrusted);
+ }
+
+ my ($trustconfig,$cached)=&Apache::lonnet::is_cached_new('trust',$calldom);
+ unless (defined($cached)) {
+ my %domconfig = &Apache::lonnet::get_dom('configuration',['trust'],$calldom);
+ &Apache::lonnet::do_cache_new('trust',$calldom,$domconfig{'trust'},3600);
+ $trustconfig = $domconfig{'trust'};
+ }
+ if (ref($trustconfig)) {
+ my (%possexc,%possinc,@allexc,@allinc);
+ if (ref($trustconfig->{$cmdtype}) eq 'HASH') {
+ if (ref($trustconfig->{$cmdtype}->{'exc'}) eq 'ARRAY') {
+ map { $possexc{$_} = 1; } @{$trustconfig->{$cmdtype}->{'exc'}};
+ }
+ if (ref($trustconfig->{$cmdtype}->{'inc'}) eq 'ARRAY') {
+ $possinc{$intcalldom} = 1;
+ map { $possinc{$_} = 1; } @{$trustconfig->{$cmdtype}->{'inc'}};
+ }
+ }
+ if (keys(%possexc)) {
+ if (keys(%possinc)) {
+ foreach my $key (sort(keys(%possexc))) {
+ next if ($key eq $intcalldom);
+ unless ($possinc{$key}) {
+ push(@allexc,$key);
+ }
+ }
+ } else {
+ @allexc = sort(keys(%possexc));
+ }
+ }
+ if (keys(%possinc)) {
+ $possinc{$intcalldom} = 1;
+ @allinc = sort(keys(%possinc));
+ }
+ if ((@allexc > 0) || (@allinc > 0)) {
+ my %doms_by_intdom;
+ my %allintdoms = &all_host_intdom();
+ my %alldoms = &all_host_domain();
+ foreach my $key (%allintdoms) {
+ if (ref($doms_by_intdom{$allintdoms{$key}}) eq 'ARRAY') {
+ unless (grep(/^\Q$alldoms{$key}\E$/,@{$doms_by_intdom{$allintdoms{$key}}})) {
+ push(@{$doms_by_intdom{$allintdoms{$key}}},$alldoms{$key});
+ }
+ } else {
+ $doms_by_intdom{$allintdoms{$key}} = [$alldoms{$key}];
+ }
+ }
+ foreach my $exc (@allexc) {
+ if (ref($doms_by_intdom{$exc}) eq 'ARRAY') {
+ push(@{$untrusted},@{$doms_by_intdom{$exc}});
+ }
+ }
+ foreach my $inc (@allinc) {
+ if (ref($doms_by_intdom{$inc}) eq 'ARRAY') {
+ push(@{$trusted},@{$doms_by_intdom{$inc}});
+ }
+ }
+ }
+ }
+ return ($trusted,$untrusted);
+}
+
+sub will_trust {
+ my ($cmdtype,$domain,$possdom) = @_;
+ return 1 if ($domain eq $possdom);
+ my ($trustedref,$untrustedref) = &trusted_domains($cmdtype,$possdom);
+ my $willtrust;
+ if ((ref($trustedref) eq 'ARRAY') && (@{$trustedref} > 0)) {
+ if (grep(/^\Q$domain\E$/,@{$trustedref})) {
+ $willtrust = 1;
+ }
+ } elsif ((ref($untrustedref) eq 'ARRAY') && (@{$untrustedref} > 0)) {
+ unless (grep(/^\Q$domain\E$/,@{$untrustedref})) {
+ $willtrust = 1;
+ }
+ } else {
+ $willtrust = 1;
+ }
+ return $willtrust;
+}
+
# ---------------------- Find the homebase for a user from domain's lib servers
my %homecache;
@@ -1828,7 +2079,12 @@ sub get_dom {
}
}
if ($udom && $uhome && ($uhome ne 'no_host')) {
- my $rep=&reply("getdom:$udom:$namespace:$items",$uhome);
+ my $rep;
+ if ($namespace =~ /^enc/) {
+ $rep=&reply("encrypt:egetdom:$udom:$namespace:$items",$uhome);
+ } else {
+ $rep=&reply("getdom:$udom:$namespace:$items",$uhome);
+ }
my %returnhash;
if ($rep eq '' || $rep =~ /^error: 2 /) {
return %returnhash;
@@ -1872,7 +2128,11 @@ sub put_dom {
$items.=&escape($item).'='.&freeze_escape($$storehash{$item}).'&';
}
$items=~s/\&$//;
- return &reply("putdom:$udom:$namespace:$items",$uhome);
+ if ($namespace =~ /^enc/) {
+ return &reply("encrypt:putdom:$udom:$namespace:$items",$uhome);
+ } else {
+ return &reply("putdom:$udom:$namespace:$items",$uhome);
+ }
} else {
&logthis("put_dom failed - no homeserver and/or domain");
}
@@ -1963,13 +2223,23 @@ sub inst_directory_query {
my $homeserver = &domain($udom,'primary');
my $outcome;
if ($homeserver ne '') {
+ unless ($homeserver eq $perlvar{'lonHostID'}) {
+ if ($srch->{'srchby'} eq 'email') {
+ my $lcrev = &get_server_loncaparev(undef,$homeserver);
+ my ($major,$minor) = ($lcrev =~ /^\'?(\d+)\.(\d+)\.[\w.\-]+\'?$/);
+ if (($major eq '' && $minor eq '') || ($major < 2) ||
+ (($major == 2) && ($minor < 12))) {
+ return;
+ }
+ }
+ }
my $queryid=&reply("querysend:instdirsearch:".
&escape($srch->{'srchby'}).':'.
&escape($srch->{'srchterm'}).':'.
&escape($srch->{'srchtype'}),$homeserver);
my $host=&hostname($homeserver);
if ($queryid !~/^\Q$host\E\_/) {
- &logthis('instituional directory search invalid queryid: '.$queryid.' for host: '.$homeserver.'in domain '.$udom);
+ &logthis('institutional directory search invalid queryid: '.$queryid.' for host: '.$homeserver.' in domain '.$udom);
return;
}
my $response = &get_query_reply($queryid);
@@ -2004,6 +2274,14 @@ sub usersearch {
my $query = 'usersearch';
foreach my $tryserver (keys(%libserv)) {
if (&host_domain($tryserver) eq $dom) {
+ unless ($tryserver eq $perlvar{'lonHostID'}) {
+ if ($srch->{'srchby'} eq 'email') {
+ my $lcrev = &get_server_loncaparev(undef,$tryserver);
+ my ($major,$minor) = ($lcrev =~ /^\'?(\d+)\.(\d+)\.[\w.\-]+\'?$/);
+ next if (($major eq '' && $minor eq '') || ($major < 2) ||
+ (($major == 2) && ($minor < 12)));
+ }
+ }
my $host=&hostname($tryserver);
my $queryid=
&reply("querysend:".&escape($query).':'.
@@ -2243,7 +2521,7 @@ sub get_domain_defaults {
'coursedefaults','usersessions',
'requestauthor','selfenrollment',
'coursecategories','ssl','autoenroll',
- 'trust'],$domain);
+ 'trust','helpsettings'],$domain);
my @coursetypes = ('official','unofficial','community','textbook','placement');
if (ref($domconfig{'defaults'}) eq 'HASH') {
$domdefaults{'lang_def'} = $domconfig{'defaults'}{'lang_def'};
@@ -2252,6 +2530,9 @@ sub get_domain_defaults {
$domdefaults{'timezone_def'} = $domconfig{'defaults'}{'timezone_def'};
$domdefaults{'datelocale_def'} = $domconfig{'defaults'}{'datelocale_def'};
$domdefaults{'portal_def'} = $domconfig{'defaults'}{'portal_def'};
+ $domdefaults{'intauth_cost'} = $domconfig{'defaults'}{'intauth_cost'};
+ $domdefaults{'intauth_switch'} = $domconfig{'defaults'}{'intauth_switch'};
+ $domdefaults{'intauth_check'} = $domconfig{'defaults'}{'intauth_check'};
} else {
$domdefaults{'lang_def'} = &domain($domain,'lang_def');
$domdefaults{'auth_def'} = &domain($domain,'auth_def');
@@ -2319,6 +2600,9 @@ sub get_domain_defaults {
} elsif ($domconfig{'coursedefaults'}{'canclone'}) {
$domdefaults{'canclone'}=$domconfig{'coursedefaults'}{'canclone'};
}
+ if ($domconfig{'coursedefaults'}{'texengine'}) {
+ $domdefaults{'texengine'} = $domconfig{'coursedefaults'}{'texengine'};
+ }
}
if (ref($domconfig{'usersessions'}) eq 'HASH') {
if (ref($domconfig{'usersessions'}{'remote'}) eq 'HASH') {
@@ -2373,8 +2657,11 @@ sub get_domain_defaults {
if (ref($domconfig{'ssl'}{'replication'}) eq 'HASH') {
$domdefaults{'replication'} = $domconfig{'ssl'}{'replication'};
}
- if (ref($domconfig{'ssl'}{'connect'}) eq 'HASH') {
- $domdefaults{'connect'} = $domconfig{'ssl'}{'connect'};
+ if (ref($domconfig{'ssl'}{'connto'}) eq 'HASH') {
+ $domdefaults{'connect'} = $domconfig{'ssl'}{'connto'};
+ }
+ if (ref($domconfig{'ssl'}{'connfrom'}) eq 'HASH') {
+ $domdefaults{'connect'} = $domconfig{'ssl'}{'connfrom'};
}
}
if (ref($domconfig{'trust'}) eq 'HASH') {
@@ -2388,6 +2675,12 @@ sub get_domain_defaults {
if (ref($domconfig{'autoenroll'}) eq 'HASH') {
$domdefaults{'autofailsafe'} = $domconfig{'autoenroll'}{'autofailsafe'};
}
+ if (ref($domconfig{'helpsettings'}) eq 'HASH') {
+ $domdefaults{'submitbugs'} = $domconfig{'helpsettings'}{'submitbugs'};
+ if (ref($domconfig{'helpsettings'}{'adhoc'}) eq 'HASH') {
+ $domdefaults{'adhocroles'} = $domconfig{'helpsettings'}{'adhoc'};
+ }
+ }
&do_cache_new('domdefaults',$domain,\%domdefaults,$cachetime);
return %domdefaults;
}
@@ -2915,9 +3208,13 @@ sub repcopy {
mkdir($path,0777);
}
}
- my $ua=new LWP::UserAgent;
my $request=new HTTP::Request('GET',"$remoteurl");
- my $response=$ua->request($request,$transname);
+ my $response;
+ if ($remoteurl =~ m{/raw/}) {
+ $response=&LONCAPA::LWPReq::makerequest($home,$request,$transname,\%perlvar,'',0,1);
+ } else {
+ $response=&LONCAPA::LWPReq::makerequest($home,$request,$transname,\%perlvar,'',1);
+ }
if ($response->is_error()) {
unlink($transname);
my $message=$response->status_line;
@@ -2927,7 +3224,12 @@ sub repcopy {
} else {
if ($remoteurl!~/\.meta$/) {
my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');
- my $mresponse=$ua->request($mrequest,$filename.'.meta');
+ my $mresponse;
+ if ($remoteurl =~ m{/raw/}) {
+ $mresponse = &LONCAPA::LWPReq::makerequest($home,$mrequest,$filename.'.meta',\%perlvar,'',0,1);
+ } else {
+ $mresponse = &LONCAPA::LWPReq::makerequest($home,$mrequest,$filename.'.meta',\%perlvar,'',1);
+ }
if ($mresponse->is_error()) {
unlink($filename.'.meta');
&logthis(
@@ -2990,7 +3292,6 @@ sub absolute_url {
sub ssi {
my ($fn,%form)=@_;
- my $ua=new LWP::UserAgent;
my $request;
$form{'no_update_last_known'}=1;
@@ -3008,22 +3309,30 @@ sub ssi {
}
$request->header(Cookie => $ENV{'HTTP_COOKIE'});
- my $response= $ua->request($request);
- my $content = $response->content;
-
+ my $lonhost = $perlvar{'lonHostID'};
+ my $islocal;
+ if (($env{'request.course.id'}) &&
+ ($form{'grade_courseid'} eq $env{'request.course.id'}) &&
+ ($form{'grade_username'} ne '') && ($form{'grade_domain'} ne '') &&
+ ($form{'grade_symb'} ne '') &&
+ (&Apache::lonnet::allowed('mgr',$env{'request.course.id'}.
+ ($env{'request.course.sec'}?'/'.$env{'request.course.sec'}:'')))) {
+ $islocal = 1;
+ }
+ my $response= &LONCAPA::LWPReq::makerequest($lonhost,$request,'',\%perlvar,
+ '','','',$islocal);
if (wantarray) {
- return ($content, $response);
+ return ($response->content, $response);
} else {
- return $content;
+ return $response->content;
}
}
sub externalssi {
my ($url)=@_;
- my $ua=new LWP::UserAgent;
my $request=new HTTP::Request('GET',$url);
- my $response=$ua->request($request);
+ my $response = &LONCAPA::LWPReq::makerequest('',$request,'',\%perlvar);
if (wantarray) {
return ($response->content, $response);
} else {
@@ -3031,6 +3340,71 @@ sub externalssi {
}
}
+
+# If the local copy of a replicated resource is outdated, trigger a
+# connection from the homeserver to flush the delayed queue. If no update
+# happens, remove local copies of outdated resource (and corresponding
+# metadata file).
+
+sub remove_stale_resfile {
+ my ($url) = @_;
+ my $removed;
+ if ($url=~m{^/res/($match_domain)/($match_username)/}) {
+ my $audom = $1;
+ my $auname = $2;
+ unless (($url =~ /\.\d+\.\w+$/) || ($url =~ m{^/res/lib/templates/})) {
+ my $homeserver = &homeserver($auname,$audom);
+ unless (($homeserver eq 'no_host') ||
+ (grep { $_ eq $homeserver } ¤t_machine_ids())) {
+ my $fname = &filelocation('',$url);
+ if (-e $fname) {
+ my $protocol = $protocol{$homeserver};
+ $protocol = 'http' if ($protocol ne 'https');
+ my $hostname = &hostname($homeserver);
+ if ($hostname) {
+ my $uri = &declutter($url);
+ my $request=new HTTP::Request('HEAD',$protocol.'://'.$hostname.'/raw/'.$uri);
+ my $response = &LONCAPA::LWPReq::makerequest($homeserver,$request,'',\%perlvar,5,0,1);
+ if ($response->is_success()) {
+ my $remmodtime = &HTTP::Date::str2time( $response->header('Last-modified') );
+ my $locmodtime = (stat($fname))[9];
+ if ($locmodtime < $remmodtime) {
+ my $stale;
+ my $answer = &reply('pong',$homeserver);
+ if ($answer eq $homeserver.':'.$perlvar{'lonHostID'}) {
+ sleep(0.2);
+ $locmodtime = (stat($fname))[9];
+ if ($locmodtime < $remmodtime) {
+ my $posstransfer = $fname.'.in.transfer';
+ if ((-e $posstransfer) && ($remmodtime < (stat($posstransfer))[9])) {
+ $removed = 1;
+ } else {
+ $stale = 1;
+ }
+ } else {
+ $removed = 1;
+ }
+ } else {
+ $stale = 1;
+ }
+ if ($stale) {
+ unlink($fname);
+ if ($uri!~/\.meta$/) {
+ unlink($fname.'.meta');
+ }
+ &reply("unsub:$fname",$homeserver);
+ $removed = 1;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ return $removed;
+}
+
# -------------------------------- Allow a /uploaded/ URI to be vouched for
sub allowuploaded {
@@ -3169,7 +3543,7 @@ sub can_edit_resource {
$forceedit = 1;
}
$cfile = $resurl;
- } elsif ($resurl =~ m{^/adm/wrapper/adm/$cdom/$cnum/\d+/exttools?$}) {
+ } elsif ($resurl =~ m{^/adm/wrapper/adm/$cdom/$cnum/\d+/ext\.tool$}) {
$incourse = 1;
if ($env{'form.forceedit'}) {
$forceview = 1;
@@ -3201,7 +3575,7 @@ sub can_edit_resource {
$forceedit = 1;
}
$cfile = $resurl;
- } elsif (($resurl =~ m{^/adm/wrapper/adm/$cdom/$cnum/\d+/exttools?$}) && ($env{'form.folderpath'} =~ /^supplemental/)) {
+ } elsif (($resurl =~ m{^/adm/wrapper/adm/$cdom/$cnum/\d+/ext\.tool$}) && ($env{'form.folderpath'} =~ /^supplemental/)) {
$incourse = 1;
if ($env{'form.forceedit'}) {
$forceview = 1;
@@ -3219,7 +3593,7 @@ sub can_edit_resource {
} else {
$cfile = $env{'form.suppurl'};
my $escfile = &unescape($cfile);
- if ($escfile =~ m{^/adm/$cdom/$cnum/\d+/exttools?$}) {
+ if ($escfile =~ m{^/adm/$cdom/$cnum/\d+/ext\.tool$}) {
$cfile = '/adm/wrapper'.$escfile;
} else {
$escfile =~ s{^http://}{};
@@ -3380,7 +3754,7 @@ sub process_coursefile {
$home);
}
} elsif ($action eq 'uploaddoc') {
- open(my $fh,'>'.$filepath.'/'.$fname);
+ open(my $fh,'>',$filepath.'/'.$fname);
print $fh $env{'form.'.$source};
close($fh);
if ($parser eq 'parse') {
@@ -3438,7 +3812,7 @@ sub store_edited_file {
($fpath,$fname) = ($file =~ m|^(.*)/([^/]+)$|);
$fpath=$docudom.'/'.$docuname.'/'.$fpath;
my $filepath = &build_filepath($fpath);
- open(my $fh,'>'.$filepath.'/'.$fname);
+ open(my $fh,'>',$filepath.'/'.$fname);
print $fh $content;
close($fh);
my $home=&homeserver($docuname,$docudom);
@@ -3554,12 +3928,12 @@ sub userfileupload {
'_'.$env{'user.domain'}.'/pending';
} elsif (($context eq 'existingfile') || ($context eq 'canceloverwrite')) {
my ($docuname,$docudom);
- if ($destudom) {
+ if ($destudom =~ /^$match_domain$/) {
$docudom = $destudom;
} else {
$docudom = $env{'user.domain'};
}
- if ($destuname) {
+ if ($destuname =~ /^$match_username$/) {
$docuname = $destuname;
} else {
$docuname = $env{'user.name'};
@@ -3589,7 +3963,7 @@ sub userfileupload {
mkdir($fullpath,0777);
}
}
- open(my $fh,'>'.$fullpath.'/'.$fname);
+ open(my $fh,'>',$fullpath.'/'.$fname);
print $fh $env{'form.'.$formname};
close($fh);
if ($context eq 'existingfile') {
@@ -3664,7 +4038,7 @@ sub finishuserfileupload {
# Save the file
{
- if (!open(FH,'>'.$filepath.'/'.$file)) {
+ if (!open(FH,'>',$filepath.'/'.$file)) {
&logthis('Failed to create '.$filepath.'/'.$file);
print STDERR ('Failed to create '.$filepath.'/'.$file."\n");
return '/adm/notfound.html';
@@ -3722,7 +4096,8 @@ sub finishuserfileupload {
my $input = $filepath.'/'.$file;
my $output = $filepath.'/'.'tn-'.$file;
my $thumbsize = $thumbwidth.'x'.$thumbheight;
- system("convert -sample $thumbsize $input $output");
+ my @args = ('convert','-sample',$thumbsize,$input,$output);
+ system({$args[0]} @args);
if (-e $filepath.'/'.'tn-'.$file) {
$fetchthumb = 1;
}
@@ -4106,7 +4481,7 @@ sub flushcourselogs {
}
}
#
-# Reverse lookup of domain roles (dc, ad, li, sc, au)
+# Reverse lookup of domain roles (dc, ad, li, sc, dh, da, au)
#
my %domrolebuffer = ();
foreach my $entry (keys(%domainrolehash)) {
@@ -4121,10 +4496,19 @@ sub flushcourselogs {
delete $domainrolehash{$entry};
}
foreach my $dom (keys(%domrolebuffer)) {
- my %servers = &get_servers($dom,'library');
+ my %servers;
+ if (defined(&domain($dom,'primary'))) {
+ my $primary=&domain($dom,'primary');
+ my $hostname=&hostname($primary);
+ $servers{$primary} = $hostname;
+ } else {
+ %servers = &get_servers($dom,'library');
+ }
foreach my $tryserver (keys(%servers)) {
- unless (&reply('domroleput:'.$dom.':'.
- $domrolebuffer{$dom},$tryserver) eq 'ok') {
+ if (&reply('domroleput:'.$dom.':'.
+ $domrolebuffer{$dom},$tryserver) eq 'ok') {
+ last;
+ } else {
&logthis('Put of domain roles failed for '.$dom.' and '.$tryserver);
}
}
@@ -4244,7 +4628,7 @@ sub userrolelog {
{$trole.':'.$username.':'.$domain.':'.$env{'user.name'}.':'.$env{'user.domain'}.':'}
=$tend.':'.$tstart;
}
- if ($trole =~ /^(dc|ad|li|au|dg|sc)/ ) {
+ if ($trole =~ /^(dc|ad|li|au|dg|sc|dh|da)/ ) {
my (undef,$rudom,$runame,$rsec)=split(/\//,$area);
$domainrolehash
{$trole.':'.$username.':'.$domain.':'.$runame.':'.$rudom.':'.$rsec}
@@ -4471,6 +4855,195 @@ sub get_my_roles {
return %returnhash;
}
+sub get_all_adhocroles {
+ my ($dom) = @_;
+ my @roles_by_num = ();
+ my %domdefaults = &get_domain_defaults($dom);
+ my (%description,%access_in_dom,%access_info);
+ if (ref($domdefaults{'adhocroles'}) eq 'HASH') {
+ my $count = 0;
+ my %domcurrent = %{$domdefaults{'adhocroles'}};
+ my %ordered;
+ foreach my $role (sort(keys(%domcurrent))) {
+ my ($order,$desc,$access_in_dom);
+ if (ref($domcurrent{$role}) eq 'HASH') {
+ $order = $domcurrent{$role}{'order'};
+ $desc = $domcurrent{$role}{'desc'};
+ $access_in_dom{$role} = $domcurrent{$role}{'access'};
+ $access_info{$role} = $domcurrent{$role}{$access_in_dom{$role}};
+ }
+ if ($order eq '') {
+ $order = $count;
+ }
+ $ordered{$order} = $role;
+ if ($desc ne '') {
+ $description{$role} = $desc;
+ } else {
+ $description{$role}= $role;
+ }
+ $count++;
+ }
+ foreach my $item (sort {$a <=> $b } (keys(%ordered))) {
+ push(@roles_by_num,$ordered{$item});
+ }
+ }
+ return (\@roles_by_num,\%description,\%access_in_dom,\%access_info);
+}
+
+sub get_my_adhocroles {
+ my ($cid,$checkreg) = @_;
+ my ($cdom,$cnum,%info,@possroles,$description,$roles_by_num);
+ if ($env{'request.course.id'} eq $cid) {
+ $cdom = $env{'course.'.$cid.'.domain'};
+ $cnum = $env{'course.'.$cid.'.num'};
+ $info{'internal.coursecode'} = $env{'course.'.$cid.'.internal.coursecode'};
+ } elsif ($cid =~ /^($match_domain)_($match_courseid)$/) {
+ $cdom = $1;
+ $cnum = $2;
+ %info = &Apache::lonnet::get('environment',['internal.coursecode'],
+ $cdom,$cnum);
+ }
+ if (($info{'internal.coursecode'} ne '') && ($checkreg)) {
+ my $user = $env{'user.name'}.':'.$env{'user.domain'};
+ my %rosterhash = &get('classlist',[$user],$cdom,$cnum);
+ if ($rosterhash{$user} ne '') {
+ my $type = (split(/:/,$rosterhash{$user}))[5];
+ return ([],{}) if ($type eq 'auto');
+ }
+ }
+ if (($cdom ne '') && ($cnum ne '')) {
+ if (($env{"user.role.dh./$cdom/"}) || ($env{"user.role.da./$cdom/"})) {
+ my $then=$env{'user.login.time'};
+ my $update=$env{'user.update.time'};
+ if (!$update) {
+ $update = $then;
+ }
+ my @liveroles;
+ foreach my $role ('dh','da') {
+ if ($env{"user.role.$role./$cdom/"}) {
+ my ($tstart,$tend)=split(/\./,$env{"user.role.$role./$cdom/"});
+ my $limit = $update;
+ if ($env{'request.role'} eq "$role./$cdom/") {
+ $limit = $then;
+ }
+ my $activerole = 1;
+ if ($tstart && $tstart>$limit) { $activerole = 0; }
+ if ($tend && $tend <$limit) { $activerole = 0; }
+ if ($activerole) {
+ push(@liveroles,$role);
+ }
+ }
+ }
+ if (@liveroles) {
+ if (&homeserver($cnum,$cdom) ne 'no_host') {
+ my ($accessref,$accessinfo,%access_in_dom);
+ ($roles_by_num,$description,$accessref,$accessinfo) = &get_all_adhocroles($cdom);
+ if (ref($roles_by_num) eq 'ARRAY') {
+ if (@{$roles_by_num}) {
+ my %settings;
+ if ($env{'request.course.id'} eq $cid) {
+ foreach my $envkey (keys(%env)) {
+ if ($envkey =~ /^\Qcourse.$cid.\E(internal\.adhoc.+)$/) {
+ $settings{$1} = $env{$envkey};
+ }
+ }
+ } else {
+ %settings = &dump('environment',$cdom,$cnum,'internal\.adhoc');
+ }
+ my %setincrs;
+ if ($settings{'internal.adhocaccess'}) {
+ map { $setincrs{$_} = 1; } split(/,/,$settings{'internal.adhocaccess'});
+ }
+ my @statuses;
+ if ($env{'environment.inststatus'}) {
+ @statuses = split(/,/,$env{'environment.inststatus'});
+ }
+ my $user = $env{'user.name'}.':'.$env{'user.domain'};
+ if (ref($accessref) eq 'HASH') {
+ %access_in_dom = %{$accessref};
+ }
+ foreach my $role (@{$roles_by_num}) {
+ my ($curraccess,@okstatus,@personnel);
+ if ($setincrs{$role}) {
+ ($curraccess,my $rest) = split(/=/,$settings{'internal.adhoc.'.$role});
+ if ($curraccess eq 'status') {
+ @okstatus = split(/\&/,$rest);
+ } elsif (($curraccess eq 'exc') || ($curraccess eq 'inc')) {
+ @personnel = split(/\&/,$rest);
+ }
+ } else {
+ $curraccess = $access_in_dom{$role};
+ if (ref($accessinfo) eq 'HASH') {
+ if ($curraccess eq 'status') {
+ if (ref($accessinfo->{$role}) eq 'ARRAY') {
+ @okstatus = @{$accessinfo->{$role}};
+ }
+ } elsif (($curraccess eq 'exc') || ($curraccess eq 'inc')) {
+ if (ref($accessinfo->{$role}) eq 'ARRAY') {
+ @personnel = @{$accessinfo->{$role}};
+ }
+ }
+ }
+ }
+ if ($curraccess eq 'none') {
+ next;
+ } elsif ($curraccess eq 'all') {
+ push(@possroles,$role);
+ } elsif ($curraccess eq 'dh') {
+ if (grep(/^dh$/,@liveroles)) {
+ push(@possroles,$role);
+ } else {
+ next;
+ }
+ } elsif ($curraccess eq 'da') {
+ if (grep(/^da$/,@liveroles)) {
+ push(@possroles,$role);
+ } else {
+ next;
+ }
+ } elsif ($curraccess eq 'status') {
+ if (@okstatus) {
+ if (!@statuses) {
+ if (grep(/^default$/,@okstatus)) {
+ push(@possroles,$role);
+ }
+ } else {
+ foreach my $status (@okstatus) {
+ if (grep(/^\Q$status\E$/,@statuses)) {
+ push(@possroles,$role);
+ last;
+ }
+ }
+ }
+ }
+ } elsif (($curraccess eq 'exc') || ($curraccess eq 'inc')) {
+ if (grep(/^\Q$user\E$/,@personnel)) {
+ if ($curraccess eq 'exc') {
+ push(@possroles,$role);
+ }
+ } elsif ($curraccess eq 'inc') {
+ push(@possroles,$role);
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ unless (ref($description) eq 'HASH') {
+ if (ref($roles_by_num) eq 'ARRAY') {
+ my %desc;
+ map { $desc{$_} = $_; } (@{$roles_by_num});
+ $description = \%desc;
+ } else {
+ $description = {};
+ }
+ }
+ return (\@possroles,$description);
+}
+
# ----------------------------------------------------- Frontpage Announcements
#
#
@@ -4484,7 +5057,7 @@ sub postannounce {
sub getannounce {
- if (open(my $fh,$perlvar{'lonDocRoot'}.'/announcement.txt')) {
+ if (open(my $fh,"<",$perlvar{'lonDocRoot'}.'/announcement.txt')) {
my $announcement='';
while (my $line = <$fh>) { $announcement .= $line; }
close($fh);
@@ -4711,6 +5284,21 @@ sub get_domain_roles {
return %personnel;
}
+sub get_active_domroles {
+ my ($dom,$roles) = @_;
+ return () unless (ref($roles) eq 'ARRAY');
+ my $now = time;
+ my %dompersonnel = &get_domain_roles($dom,$roles,$now,$now);
+ my %domroles;
+ foreach my $server (keys(%dompersonnel)) {
+ foreach my $user (sort(keys(%{$dompersonnel{$server}}))) {
+ my ($trole,$uname,$udom,$runame,$rudom,$rsec) = split(/:/,$user);
+ $domroles{$uname.':'.$udom} = $dompersonnel{$server}{$user};
+ }
+ }
+ return %domroles;
+}
+
# ----------------------------------------------------------- Interval timing
{
@@ -4766,7 +5354,12 @@ sub set_first_access {
}
$cachedkey='';
my $firstaccess=&get_first_access($type,$symb,$map);
- if (!$firstaccess) {
+ if ($firstaccess) {
+ &logthis("First access time already set ($firstaccess) when attempting ".
+ "to set new value (type: $type, extent: $res) for $uname:$udom ".
+ "in $courseid");
+ return 'already_set';
+ } else {
my $start = time;
my $putres = &put('firstaccesstimes',{"$courseid\0$res"=>$start},
$udom,$uname);
@@ -4779,6 +5372,12 @@ sub set_first_access {
'course.'.$courseid.'.timerinterval.'.$res => $interval,
}
);
+ if (($cachedtime) && (abs($start-$cachedtime) < 5)) {
+ $cachedtimes{"$courseid\0$res"} = $start;
+ }
+ } elsif ($putres ne 'refused') {
+ &logthis("Result: $putres when attempting to set first access time ".
+ "(type: $type, extent: $res) for $uname:$udom in $courseid");
}
return $putres;
}
@@ -5565,9 +6164,10 @@ sub rolesinit {
}
}
- @userroles{'user.author', 'user.adv'} = &set_userprivs(\%userroles,
- \%allroles, \%allgroups);
+ @userroles{'user.author','user.adv','user.rar'} = &set_userprivs(\%userroles,
+ \%allroles, \%allgroups);
$env{'user.adv'} = $userroles{'user.adv'};
+ $env{'user.rar'} = $userroles{'user.rar'};
return (\%userroles,\%firstaccenv,\%timerintenv);
}
@@ -5603,6 +6203,10 @@ sub custom_roleprivs {
$$allroles{$spec.'./'.$tdomain.'/'}.=':'.$dompriv;
}
if (($trest ne '') && (defined($coursepriv))) {
+ if ($trole =~ m{^cr/$tdomain/$tdomain\Q-domainconfig\E/([^/]+)$}) {
+ my $rolename = $1;
+ $coursepriv = &course_adhocrole_privs($rolename,$tdomain,$trest,$coursepriv);
+ }
$$allroles{'cm.'.$area}.=':'.$coursepriv;
$$allroles{$spec.'.'.$area}.=':'.$coursepriv;
}
@@ -5611,6 +6215,48 @@ sub custom_roleprivs {
}
}
+sub course_adhocrole_privs {
+ my ($rolename,$cdom,$cnum,$coursepriv) = @_;
+ my %overrides = &get('environment',["internal.adhocpriv.$rolename"],$cdom,$cnum);
+ if ($overrides{"internal.adhocpriv.$rolename"}) {
+ my (%currprivs,%storeprivs);
+ foreach my $item (split(/:/,$coursepriv)) {
+ my ($priv,$restrict) = split(/\&/,$item);
+ $currprivs{$priv} = $restrict;
+ }
+ my (%possadd,%possremove,%full);
+ foreach my $item (split(/\:/,$Apache::lonnet::pr{'cr:c'})) {
+ my ($priv,$restrict)=split(/\&/,$item);
+ $full{$priv} = $restrict;
+ }
+ foreach my $item (split(/,/,$overrides{"internal.adhocpriv.$rolename"})) {
+ next if ($item eq '');
+ my ($rule,$rest) = split(/=/,$item);
+ next unless (($rule eq 'off') || ($rule eq 'on'));
+ foreach my $priv (split(/:/,$rest)) {
+ if ($priv ne '') {
+ if ($rule eq 'off') {
+ $possremove{$priv} = 1;
+ } else {
+ $possadd{$priv} = 1;
+ }
+ }
+ }
+ }
+ foreach my $priv (sort(keys(%full))) {
+ if (exists($currprivs{$priv})) {
+ unless (exists($possremove{$priv})) {
+ $storeprivs{$priv} = $currprivs{$priv};
+ }
+ } elsif (exists($possadd{$priv})) {
+ $storeprivs{$priv} = $full{$priv};
+ }
+ }
+ $coursepriv = ':'.join(':',map { $_.'&'.$storeprivs{$_}; } sort(keys(%storeprivs)));
+ }
+ return $coursepriv;
+}
+
sub group_roleprivs {
my ($allgroups,$area,$group_privs,$tend,$tstart) = @_;
my $access = 1;
@@ -5645,6 +6291,7 @@ sub set_userprivs {
my ($userroles,$allroles,$allgroups,$groups_roles) = @_;
my $author=0;
my $adv=0;
+ my $rar=0;
my %grouproles = ();
if (keys(%{$allgroups}) > 0) {
my @groupkeys;
@@ -5692,6 +6339,7 @@ sub set_userprivs {
$thesepriv{$privilege}.=$restrictions;
}
if ($thesepriv{'adv'} eq 'F') { $adv=1; }
+ if ($thesepriv{'rar'} eq 'F') { $rar=1; }
}
}
my $thesestr='';
@@ -5700,7 +6348,7 @@ sub set_userprivs {
}
$userroles->{'user.priv.'.$role} = $thesestr;
}
- return ($author,$adv);
+ return ($author,$adv,$rar);
}
sub role_status {
@@ -5745,9 +6393,10 @@ sub role_status {
push(@rolecodes,$$role);
&standard_roleprivs(\%allroles,$$role,$tdomain,$spec,$trest,$$where);
}
- my ($author,$adv)= &set_userprivs(\%userroles,\%allroles,\%allgroups,\%groups_roles);
+ my ($author,$adv,$rar)= &set_userprivs(\%userroles,\%allroles,\%allgroups,
+ \%groups_roles);
&appenv(\%userroles,\@rolecodes);
- &log($env{'user.domain'},$env{'user.name'},$env{'user.home'},"Role ".$role);
+ &log($env{'user.domain'},$env{'user.name'},$env{'user.home'},"Role ".$spec);
}
}
$$tstatus = 'is';
@@ -5823,39 +6472,56 @@ sub delete_env_groupprivs {
}
sub check_adhoc_privs {
- my ($cdom,$cnum,$update,$refresh,$now,$checkrole,$caller) = @_;
+ my ($cdom,$cnum,$update,$refresh,$now,$checkrole,$caller,$sec) = @_;
my $cckey = 'user.role.'.$checkrole.'./'.$cdom.'/'.$cnum;
+ if ($sec) {
+ $cckey .= '/'.$sec;
+ }
my $setprivs;
if ($env{$cckey}) {
my ($role,$where,$trolecode,$tstart,$tend,$tremark,$tstatus,$tpstart,$tpend);
&role_status($cckey,$update,$refresh,$now,\$role,\$where,\$trolecode,\$tstatus,\$tstart,\$tend);
unless (($tstatus eq 'is') || ($tstatus eq 'will_not')) {
- &set_adhoc_privileges($cdom,$cnum,$checkrole,$caller);
+ &set_adhoc_privileges($cdom,$cnum,$checkrole,$caller,$sec);
$setprivs = 1;
}
} else {
- &set_adhoc_privileges($cdom,$cnum,$checkrole,$caller);
+ &set_adhoc_privileges($cdom,$cnum,$checkrole,$caller,$sec);
$setprivs = 1;
}
return $setprivs;
}
sub set_adhoc_privileges {
-# role can be cc or ca
- my ($dcdom,$pickedcourse,$role,$caller) = @_;
+# role can be cc, ca, or cr/