--- loncom/lonnet/perl/lonnet.pm 2000/10/07 10:09:53 1.39 +++ loncom/lonnet/perl/lonnet.pm 2000/10/30 22:45:21 1.55 @@ -25,27 +25,33 @@ # revokecustomrole (udom,uname,url,rdom,rnam,rolename) : Revoke a custom role # appenv(hash) : adds hash to session environment # store(hash) : stores hash permanently for this url +# cstore(hash) : critical store # restore : returns hash for this url # eget(namesp,array) : returns hash with keys from array filled in from namesp # get(namesp,array) : returns hash with keys from array filled in from namesp # del(namesp,array) : deletes keys out of array from namesp # put(namesp,hash) : stores hash in namesp +# cput(namesp,hash) : critical put # dump(namesp) : dumps the complete namespace into a hash # ssi(url,hash) : does a complete request cycle on url to localhost, posts # hash # coursedescription(id) : returns and caches course description for id # repcopy(filename) : replicate file # dirlist(url) : gets a directory listing +# directcondval(index) : reading condition value of single condition from +# state string # condval(index) : value of condition index based on state # varval(name) : value of a variable # refreshstate() : refresh the state information string # symblist(map,hash) : Updates symbolic storage links -# symbread(filename) : returns the data handle +# symbread([filename]) : returns the data handle (filename optional) # rndseed() : returns a random seed # getfile(filename) : returns the contents of filename, or a -1 if it can't # be found, replicates and subscribes to the file # filelocation(dir,file) : returns a farily clean absolute reference to file # from the directory dir +# hreflocation(dir,file) : same as filelocation, but for hrefs +# log(domain,user,home,msg) : write to permanent log for user # # 6/1/99,6/2,6/10,6/11,6/12,6/14,6/26,6/28,6/29,6/30, # 7/1,7/2,7/9,7/10,7/12,7/14,7/15,7/19, @@ -60,7 +66,8 @@ # 08/22,08/28,08/31,09/01,09/02,09/04,09/05,09/25,09/28,09/30 Gerd Kortemeyer # 10/04 Gerd Kortemeyer # 10/04 Guy Albertelli -# 10/06 Gerd Kortemeyer +# 10/06,10/09,10/10,10/11,10/14,10/20,10/23,10/25,10/26,10/27,10/28,10/29, +# 10/30 Gerd Kortemeyer package Apache::lonnet; @@ -421,7 +428,7 @@ sub ssi { sub log { my ($dom,$nam,$hom,$what)=@_; - return reply("log:$dom:$nam:$what",$hom); + return critical("log:$dom:$nam:$what",$hom); } # ----------------------------------------------------------------------- Store @@ -429,7 +436,7 @@ sub log { sub store { my %storehash=@_; my $symb; - unless ($symb=escape(&symbread($ENV{'request.filename'}))) { return ''; } + unless ($symb=escape(&symbread())) { return ''; } my $namespace; unless ($namespace=$ENV{'request.course.id'}) { return ''; } my $namevalue=''; @@ -442,11 +449,29 @@ sub store { "$ENV{'user.home'}"); } +# -------------------------------------------------------------- Critical Store + +sub cstore { + my %storehash=@_; + my $symb; + unless ($symb=escape(&symbread())) { return ''; } + my $namespace; + unless ($namespace=$ENV{'request.course.id'}) { return ''; } + my $namevalue=''; + map { + $namevalue.=escape($_).'='.escape($storehash{$_}).'&'; + } keys %storehash; + $namevalue=~s/\&$//; + return critical( + "store:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$symb:$namevalue", + "$ENV{'user.home'}"); +} + # --------------------------------------------------------------------- Restore sub restore { my $symb; - unless ($symb=escape(&symbread($ENV{'request.filename'}))) { return ''; } + unless ($symb=escape(&symbread())) { return ''; } my $namespace; unless ($namespace=$ENV{'request.course.id'}) { return ''; } my $answer=reply( @@ -468,12 +493,15 @@ sub restore { sub coursedescription { my $courseid=shift; $courseid=~s/^\///; + $courseid=~s/\_/\//g; my ($cdomain,$cnum)=split(/\//,$courseid); my $chome=homeserver($cnum,$cdomain); if ($chome ne 'no_host') { my $rep=reply("dump:$cdomain:$cnum:environment",$chome); if ($rep ne 'con_lost') { - my %cachehash=(); + my $normalid=$courseid; + $normalid=~s/\//\_/g; + my %envhash=(); my %returnhash=('home' => $chome, 'domain' => $cdomain, 'num' => $cnum); @@ -482,14 +510,13 @@ sub coursedescription { $name=&unescape($name); $value=&unescape($value); $returnhash{$name}=$value; - if ($name eq 'description') { - $cachehash{$courseid}=$value; - } + $envhash{'course.'.$normalid.'.'.$name}=$value; } split(/\&/,$rep); $returnhash{'url'}='/res/'.declutter($returnhash{'url'}); $returnhash{'fn'}=$perlvar{'lonDaemons'}.'/tmp/'. $ENV{'user.name'}.'_'.$cdomain.'_'.$cnum; - put ('coursedescriptions',%cachehash); + $envhash{'course.'.$normalid.'.last_cache'}=time; + &appenv(%envhash); return %returnhash; } } @@ -527,6 +554,7 @@ sub rolesinit { } } if (($area ne '') && ($trole ne '')) { + my $spec=$trole.'.'.$area; my ($tdummy,$tdomain,$trest)=split(/\//,$area); if ($trole =~ /^cr\//) { my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole); @@ -538,21 +566,27 @@ sub rolesinit { if (($roledef ne 'con_lost') && ($roledef ne '')) { my ($syspriv,$dompriv,$coursepriv)= split(/\_/,unescape($roledef)); - $allroles{'/'}.=':'.$syspriv; + $allroles{'cm./'}.=':'.$syspriv; + $allroles{$spec.'./'}.=':'.$syspriv; if ($tdomain ne '') { - $allroles{'/'.$tdomain.'/'}.=':'.$dompriv; + $allroles{'cm./'.$tdomain.'/'}.=':'.$dompriv; + $allroles{$spec.'./'.$tdomain.'/'}.=':'.$dompriv; if ($trest ne '') { - $allroles{$area}.=':'.$coursepriv; + $allroles{'cm.'.$area}.=':'.$coursepriv; + $allroles{$spec.'.'.$area}.=':'.$coursepriv; } } } } } else { - $allroles{'/'}.=':'.$pr{$trole.':s'}; + $allroles{'cm./'}.=':'.$pr{$trole.':s'}; + $allroles{$spec.'./'}.=':'.$pr{$trole.':s'}; if ($tdomain ne '') { - $allroles{'/'.$tdomain.'/'}.=':'.$pr{$trole.':d'}; + $allroles{'cm./'.$tdomain.'/'}.=':'.$pr{$trole.':d'}; + $allroles{$spec.'./'.$tdomain.'/'}.=':'.$pr{$trole.':d'}; if ($trest ne '') { - $allroles{$area}.=':'.$pr{$trole.':c'}; + $allroles{'cm.'.$area}.=':'.$pr{$trole.':c'}; + $allroles{$spec.'.'.$area}.=':'.$pr{$trole.':c'}; } } } @@ -594,10 +628,11 @@ sub get { $ENV{'user.home'}); my @pairs=split(/\&/,$rep); my %returnhash=(); + my $i=0; map { - my ($key,$value)=split(/=/,$_); - $returnhash{unescape($key)}=unescape($value); - } @pairs; + $returnhash{$_}=unescape($pairs[$i]); + $i++; + } @storearr; return %returnhash; } @@ -642,6 +677,20 @@ sub put { $ENV{'user.home'}); } +# ------------------------------------------------------ critical put interface + +sub cput { + my ($namespace,%storehash)=@_; + my $items=''; + map { + $items.=escape($_).'='.escape($storehash{$_}).'&'; + } keys %storehash; + $items=~s/\&$//; + return critical + ("put:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items", + $ENV{'user.home'}); +} + # -------------------------------------------------------------- eget interface sub eget { @@ -655,10 +704,11 @@ sub eget { $ENV{'user.home'}); my @pairs=split(/\&/,$rep); my %returnhash=(); + my $i=0; map { - my ($key,$value)=split(/=/,$_); - $returnhash{unescape($key)}=unescape($value); - } @pairs; + $returnhash{$_}=unescape($pairs[$i]); + $i++; + } @storearr; return %returnhash; } @@ -666,106 +716,220 @@ sub eget { sub allowed { my ($priv,$uri)=@_; - $uri=~s/^\/res//; - $uri=~s/^\///; + $uri=&declutter($uri); -# Free bre access to adm resources +# Free bre access to adm and meta resources - if (($uri=~/^adm\//) && ($priv eq 'bre')) { + if ((($uri=~/^adm\//) || ($uri=~/\.meta$/)) && ($priv eq 'bre')) { return 'F'; } -# Gather priviledges over system and domain - my $thisallowed=''; - if ($ENV{'user.priv./'}=~/$priv\&([^\:]*)/) { + my $statecond=0; + my $courseprivid=''; + +# Course + + if ($ENV{'user.priv.'.$ENV{'request.role'}.'./'}=~/$priv\&([^\:]*)/) { $thisallowed.=$1; } - if ($ENV{'user.priv./'.(split(/\//,$uri))[0].'/'}=~/$priv\&([^\:]*)/) { + +# Domain + + if ($ENV{'user.priv.'.$ENV{'request.role'}.'./'.(split(/\//,$uri))[0].'/'} + =~/$priv\&([^\:]*)/) { $thisallowed.=$1; } -# Full access at system or domain level? Exit. +# Course: uri itself is a course + + if ($ENV{'user.priv.'.$ENV{'request.role'}.'./'.$uri} + =~/$priv\&([^\:]*)/) { + $thisallowed.=$1; + } + +# Full access at system, domain or course-wide level? Exit. if ($thisallowed=~/F/) { return 'F'; } -# The user does not have full access at system or domain level -# Course level access control +# If this is generating or modifying users, exit with special codes -# uri itself refering to a course? - - if ($uri=~/\.course$/) { - if ($ENV{'user.priv./'.$uri}=~/$priv\&([^\:]*)/) { - $thisallowed.=$1; + if (':csu:cdc:ccc:cin:cta:cep:ccr:cst:cad:cli:cau:cdg:'=~/\:$priv\:/) { + return $thisallowed; + } +# +# Gathered so far: system, domain and course wide priviledges +# +# Course: See if uri or referer is an individual resource that is part of +# the course + + if ($ENV{'request.course.id'}) { + $courseprivid=$ENV{'request.course.id'}; + if ($ENV{'request.course.sec'}) { + $courseprivid.='/'.$ENV{'request.course.sec'}; } -# Full access on course level? Exit. - if ($thisallowed=~/F/) { - return 'F'; + $courseprivid=~s/\_/\//; + my $checkreferer=1; + my @uriparts=split(/\//,$uri); + my $filename=$uriparts[$#uriparts]; + my $pathname=$uri; + $pathname=~s/\/$filename$//; + if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$pathname}=~ + /\&$filename\:([\d\|]+)\&/) { + $statecond=$1; + if ($ENV{'user.priv.'.$ENV{'request.role'}.'./'.$courseprivid} + =~/$priv\&([^\:]*)/) { + $thisallowed.=$1; + $checkreferer=0; + } } -# uri is refering to an individual resource; user needs to be in a course + if (($ENV{'HTTP_REFERER'}) && ($checkreferer)) { + my $refuri=$ENV{'HTTP_REFERER'}; + $refuri=~s/^http\:\/\/$ENV{'request.host'}//i; + $refuri=&declutter($refuri); + my @uriparts=split(/\//,$refuri); + my $filename=$uriparts[$#uriparts]; + my $pathname=$refuri; + $pathname=~s/\/$filename$//; + my @filenameparts=split(/\./,$uri); + if (&fileembstyle($filenameparts[$#filenameparts]) ne 'ssi') { + if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$pathname}=~ + /\&$filename\:([\d\|]+)\&/) { + my $refstatecond=$1; + if ($ENV{'user.priv.'.$ENV{'request.role'}.'./'.$courseprivid} + =~/$priv\&([^\:]*)/) { + $thisallowed.=$1; + $uri=$refuri; + $statecond=$refstatecond; + } + } + } + } + } - } else { +# +# Gathered now: all priviledges that could apply, and condition number +# +# +# Full or no access? +# - unless(defined($ENV{'request.course.id'})) { - return '1'; - } + if ($thisallowed=~/F/) { + return 'F'; + } -# Get access priviledges for course + unless ($thisallowed) { + return ''; + } + +# Restrictions exist, deal with them +# +# C:according to course preferences +# R:according to resource settings +# L:unless locked +# X:according to user session state +# - if ($ENV{'user.priv./'.$ENV{'request.course.id'}}=~/$priv\&([^\:]*)/) { - $thisallowed.=$1; +# Possibly locked functionality, check all courses +# Locks might take effect only after 10 minutes cache expiration for other +# courses, and 2 minutes for current course + + my $envkey; + if ($thisallowed=~/L/) { + foreach $envkey (keys %ENV) { + if ($envkey=~/^user\.role\.(st|ta)\.([^\.]*)/) { + my $courseid=$2; + my $roleid=$1.'.'.$2; + my $expiretime=600; + if ($ENV{'request.role'} eq $roleid) { + $expiretime=120; + } + my ($cdom,$cnum,$csec)=split(/\//,$courseid); + my $prefix='course.'.$cdom.'_'.$cnum.'.'; + if ((time-$ENV{$prefix.'last_cache'})>$expiretime) { + &coursedescription($courseid); + } + if (($ENV{$prefix.'res.'.$uri.'.lock.sections'}=~/\,$csec\,/) + || ($ENV{$prefix.'res.'.$uri.'.lock.sections'} eq 'all')) { + if ($ENV{$prefix.'res.'.$uri.'.lock.expire'}>time) { + &log('Locked by res: '.$priv.' for '.$uri.' due to '. + $cdom.'/'.$cnum.'/'.$csec.' expire '. + $ENV{$prefix.'priv.'.$priv.'.lock.expire'}); + return ''; + } + } + if (($ENV{$prefix.'priv.'.$priv.'.lock.sections'}=~/\,$csec\,/) + || ($ENV{$prefix.'priv.'.$priv.'.lock.sections'} eq 'all')) { + if ($ENV{'priv.'.$priv.'.lock.expire'}>time) { + &log('Locked by priv: '.$priv.' for '.$uri.' due to '. + $cdom.'/'.$cnum.'/'.$csec.' expire '. + $ENV{$prefix.'priv.'.$priv.'.lock.expire'}); + return ''; + } + } + } } + } + +# +# Rest of the restrictions depend on selected course +# -# See if resource or referer is part of this course - - my @uriparts=split(/\//,$uri); - my $urifile=$uriparts[$#uriparts]; - $urifile=~/\.(\w+)$/; - my $uritype=$1; - $#uriparts--; - my $uripath=join('/',@uriparts); - my $uricond=-1; - if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~ - /\&$urifile\:(\d+)\&/) { - $uricond=$1; - } elsif (($fe{$uritype} eq 'emb') || ($fe{$uritype} eq 'img')) { - my $refuri=$ENV{'HTTP_REFERER'}; - $refuri=~s/^\/res//; - $refuri=~s/^\///; - @uriparts=split(/\//,$refuri); - $urifile=$uriparts[$#uriparts]; - $#uriparts--; - $uripath=join('/',@uriparts); - if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~ - /\&$urifile\:(\d+)\&/) { - $uricond=$1; - } + unless ($ENV{'request.course.id'}) { + return '1'; + } + +# +# Now user is definitely in a course +# + + +# Course preferences + + if ($thisallowed=~/C/) { + my $rolecode=(split(/\./,$ENV{'request.role'}))[0]; + if ($ENV{'course.'.$ENV{'request.course.id'}.'.'.$priv.'.roles.denied'} + =~/\,$rolecode\,/) { + &log('Denied by role: '.$priv.' for '.$uri.' as '.$rolecode.' in '. + $ENV{'request.course.id'}); + return ''; } + } - if ($uricond>=0) { +# Resource preferences -# The resource is part of the course -# If user had full access on course level, go ahead + if ($thisallowed=~/R/) { + my $rolecode=(split(/\./,$ENV{'request.role'}))[0]; + my $filename=$perlvar{'lonDocRoot'}.'/res/'.$uri.'.meta'; + if (-e $filename) { + my @content; + { + my $fh=Apache::File->new($filename); + @content=<$fh>; + } + if (join('',@content)=~ + /\]*\>[^\<]*$rolecode[^\<]*\<\/roledeny\>/) { + &log('Denied by role: '.$priv.' for '.$uri.' as '.$rolecode); + return ''; - if ($thisallowed=~/F/) { - return 'F'; } + } + } # Restricted by state? - if ($thisallowed=~/X/) { - if (&condval($uricond)>1) { - return '2'; - } else { - return ''; - } - } - } - } - return $thisallowed; + if ($thisallowed=~/X/) { + if (&condval($statecond)) { + return '2'; + } else { + return ''; + } + } + + return 'F'; } # ---------------------------------------------------------- Refresh State Info @@ -940,11 +1104,28 @@ sub dirlist { # -------------------------------------------------------- Value of a Condition +sub directcondval { + my $number=shift; + if ($ENV{'user.state.'.$ENV{'request.course.id'}}) { + return substr($ENV{'user.state.'.$ENV{'request.course.id'}},$number,1); + } else { + return 2; + } +} + sub condval { my $condidx=shift; my $result=0; + my $allpathcond=''; + map { + if (defined($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$_})) { + $allpathcond.= + '('.$ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$_}.')|'; + } + } split(/\|/,$condidx); + $allpathcond=~s/\|$//; if ($ENV{'request.course.id'}) { - if (defined($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx})) { + if ($allpathcond) { my $operand='|'; my @stack; map { @@ -960,16 +1141,14 @@ sub condval { } elsif (($_ eq '&') || ($_ eq '|')) { $operand=$_; } else { - my $new= - substr($ENV{'user.state.'.$ENV{'request.course.id'}},$_,1); + my $new=directcondval($_); if ($operand eq '&') { $result=$result>$new?$new:$result; } else { $result=$result>$new?$result:$new; } } - } ($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx}=~ - /(\d+|\(|\)|\&|\|)/g); + } ($allpathcond=~/(\d+|\(|\)|\&|\|)/g); } } return $result; @@ -978,20 +1157,84 @@ sub condval { # --------------------------------------------------------- Value of a Variable sub varval { - my ($realm,$space,@components)=split(/\./,shift); - my $value=''; + my $varname=shift; + my ($realm,$space,$qualifier,@therest)=split(/\./,$varname); + my $rest; + if ($therest[0]) { + $rest=join('.',@therest); + } else { + $rest=''; + } if ($realm eq 'user') { - if ($space=~/^resource/) { - $space=~s/^resource\[//; - $space=~s/\]$//; - +# --------------------------------------------------------------- user.resource + if ($space eq 'resource') { +# ----------------------------------------------------------------- user.access + } elsif ($space eq 'access') { + return &allowed($qualifier,$rest); +# ------------------------------------------ user.preferences, user.environment + } elsif (($space eq 'preferences') || ($space eq 'environment')) { + return $ENV{join('.',('environment',$qualifier,$rest))}; +# ----------------------------------------------------------------- user.course + } elsif ($space eq 'course') { + return $ENV{join('.',('request.course',$qualifier))}; +# ------------------------------------------------------------------- user.role + } elsif ($space eq 'role') { + my ($role,$where)=split(/\./,$ENV{'request.role'}); + if ($qualifier eq 'value') { + return $role; + } elsif ($qualifier eq 'extent') { + return $where; + } +# ----------------------------------------------------------------- user.domain + } elsif ($space eq 'domain') { + return $ENV{'user.domain'}; +# ------------------------------------------------------------------- user.name + } elsif ($space eq 'name') { + return $ENV{'user.name'}; +# ---------------------------------------------------- Any other user namespace } else { + my $item=($rest)?$qualifier.'.'.$rest:$qualifier; + my %reply=&get($space,$item); + return $reply{$item}; + } + } elsif ($realm eq 'request') { +# ------------------------------------------------------------- request.browser + if ($space eq 'browser') { + return $ENV{'browser.'.$qualifier}; + } elsif ($space eq 'filename') { + return $ENV{'request.filename'}; } } elsif ($realm eq 'course') { - } elsif ($realm eq 'session') { +# ---------------------------------------------------------- course.description + if ($space eq 'description') { + my %reply=&coursedescription($ENV{'request.course.id'}); + return $reply{'description'}; +# ------------------------------------------------------------------- course.id + } elsif ($space eq 'id') { + return $ENV{'request.course.id'}; +# -------------------------------------------------- Any other course namespace + } else { + my ($cdom,$cnam)=split(/\_/,$ENV{'request.course.id'}); + my $chome=&homeserver($cnam,$cdom); + my $item=join('.',($qualifier,$rest)); + return &unescape + (&reply('get:'.$cdom.':'.$cnam.':'.&escape($space).':'. + &escape($item),$chome)); + } + } elsif ($realm eq 'userdata') { + my $uhome=&homeserver($qualifier,$space); +# ----------------------------------------------- userdata.domain.name.resource +# ---------------------------------------------------- Any other user namespace + } elsif ($realm eq 'environment') { +# ----------------------------------------------------------------- environment + return $ENV{join('.',($space,$qualifier,$rest))}; } elsif ($realm eq 'system') { +# ----------------------------------------------------------------- system.time + if ($space eq 'time') { + return time; + } } - return $value; + return ''; } # ------------------------------------------------- Update symbolic store links @@ -1017,11 +1260,15 @@ sub symblist { # ------------------------------------------------------ Return symb list entry sub symbread { - my $thisfn=declutter(shift); + my $thisfn=shift; + unless ($thisfn) { + $thisfn=$ENV{'request.filename'}; + } + $thisfn=declutter($thisfn); my %hash; my %bighash; my $syval=''; - if (($ENV{'request.course.fn'}) && ($ENV{'request.filename'})) { + if (($ENV{'request.course.fn'}) && ($thisfn)) { if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db', &GDBM_READER,0640)) { $syval=$hash{$thisfn}; @@ -1031,6 +1278,7 @@ sub symbread { if ($syval) { unless ($syval=~/\_\d+$/) { unless ($ENV{'form.request.prefix'}=~/\.(\d+)\_$/) { + &appenv('request.ambiguous' => $thisfn); return ''; } $syval.=$1; @@ -1070,6 +1318,7 @@ sub symbread { } if ($syval) { return $syval.'___'.$thisfn; } } + &appenv('request.ambiguous' => $thisfn); return ''; } @@ -1089,7 +1338,7 @@ sub numval { sub rndseed { my $symb; - unless ($symb=&symbread($ENV{'request.filename'})) { return ''; } + unless ($symb=&symbread()) { return time; } my $symbchck=unpack("%32C*",$symb); my $symbseed=numval($symb)%$symbchck; my $namechck=unpack("%32C*",$ENV{'user.name'}); @@ -1126,11 +1375,21 @@ sub filelocation { $location = '/home/httpd/html/res'.$file; } $location=~s://+:/:g; # remove duplicate / - while ($location=~m:/../:) {$location=~ s:/[^/]+/\.\./:/:g;} #remove dir/.. - + while ($location=~m:/\.\./:) {$location=~ s:/[^/]+/\.\./:/:g;} #remove dir/.. return $location; } +sub hreflocation { + my ($dir,$file)=@_; + unless (($_=~/^http:\/\//i) || ($_=~/^\//)) { + my $finalpath=filelocation($dir,$file); + $finalpath=~s/^\/home\/httpd\/html//; + return $finalpath; + } else { + return $file; + } +} + # ------------------------------------------------------------- Declutters URLs sub declutter {