--- loncom/lonnet/perl/lonnet.pm	2023/03/19 16:05:48	1.1504
+++ loncom/lonnet/perl/lonnet.pm	2023/05/22 21:10:55	1.1510
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.1504 2023/03/19 16:05:48 raeburn Exp $
+# $Id: lonnet.pm,v 1.1510 2023/05/22 21:10:55 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -415,6 +415,60 @@ sub remote_devalidate_cache {
     return $response;
 }
 
+sub sign_lti {
+    my ($cdom,$cnum,$crstool,$url,$idx,$keynum,$post,$paramsref,$inforef) = @_;
+    my $chome;
+    if (&domain($cdom) ne '') {
+        if ($crstool) {
+            $chome = &homeserver($cnum,$cdom);
+        } else {
+            $chome = &domain($cdom,'primary');
+        }
+    }
+    if ($cdom && $chome && ($chome ne 'no_host')) {
+        if ((ref($paramsref) eq 'HASH') &&
+            (ref($inforef) eq 'HASH')) {
+            my $rep;
+            if (grep { $_ eq $chome } &current_machine_ids()) {
+                # domain information is hosted on this machine
+                $rep =
+                    &LONCAPA::Lond::sign_params($cdom,$cnum,$crstool,$url,
+                                                $idx,$keynum,$post,
+                                                $perlvar{'lonVersion'},
+                                                $paramsref,$inforef);
+                if ($rep ne '') {
+                    return ('ok',$rep);
+                }
+            } else {
+                my ($escurl,$params,$info);
+                $escurl = &escape($url);
+                if (ref($paramsref) eq 'HASH') {
+                    $params = &freeze_escape($paramsref);
+                }
+                if (ref($inforef) eq 'HASH') {
+                    $info = &freeze_escape($inforef);
+                }
+                $rep=&reply("encrypt:signlti:$cdom:$cnum:$crstool:$escurl:$idx:$keynum:$post:$params:$info",$chome);
+            }
+            if (($rep eq '') || ($rep =~ /^con_lost|error|no_such_host|unknown_cmd/i)) {
+                return ();
+            } else {
+                my %returnhash;
+                foreach my $item (split(/\&/,$rep)) {
+                    my ($name,$value)=split(/\=/,$item);
+                    $returnhash{&unescape($name)}=&thaw_unescape($value);
+                }
+                return('ok',\%returnhash);
+            }
+        } else {
+            return ();
+        }
+    } else {
+        return ();
+        &logthis("sign_lti failed - no homeserver and/or domain ($cdom) ($chome)");
+    }
+}
+
 # -------------------------------------------------- Non-critical communication
 sub subreply {
     my ($cmd,$server)=@_;
@@ -2699,7 +2753,8 @@ sub get_domain_defaults {
                                   'requestauthor','selfenrollment',
                                   'coursecategories','ssl','autoenroll',
                                   'trust','helpsettings','wafproxy',
-                                  'ltisec','toolsec'],$domain);
+                                  'ltisec','toolsec','domexttool',
+                                  'exttool'],$domain);
     my @coursetypes = ('official','unofficial','community','textbook','placement');
     if (ref($domconfig{'defaults'}) eq 'HASH') {
         $domdefaults{'lang_def'} = $domconfig{'defaults'}{'lang_def'}; 
@@ -2771,6 +2826,16 @@ sub get_domain_defaults {
                         $domconfig{'coursedefaults'}{'postsubmit'}{'timeout'}{$type}; 
                 }
             }
+            if (ref($domconfig{'coursedefaults'}{'domexttool'}) eq 'HASH') {
+                $domdefaults{$type.'domexttool'} = $domconfig{'coursedefaults'}{'domexttool'}{$type};
+            } else {
+                $domdefaults{$type.'domexttool'} = 1;
+            }
+            if (ref($domconfig{'coursedefaults'}{'exttool'}) eq 'HASH') {
+                $domdefaults{$type.'exttool'} = $domconfig{'coursedefaults'}{'exttool'}{$type};
+            } else {
+                $domdefaults{$type.'exttool'} = 0;
+            }
         }
         if (ref($domconfig{'coursedefaults'}{'canclone'}) eq 'HASH') {
             if (ref($domconfig{'coursedefaults'}{'canclone'}{'instcode'}) eq 'ARRAY') {
@@ -3869,10 +3934,15 @@ sub can_edit_resource {
                     return;
                 }
             } elsif (!$crsedit) {
+                if ($env{'request.role'} =~ m{^st\./$cdom/$cnum}) {
 #
 # No edit allowed where CC has switched to student role.
 #
-                return;
+                    return;
+                } elsif (($resurl !~ m{^/res/$match_domain/$match_username/}) ||
+                         ($resurl =~ m{^/res/lib/templates/})) {
+                    return;
+                }
             }
         }
     }
@@ -3898,7 +3968,7 @@ sub can_edit_resource {
                     $forceedit = 1;
                 }
                 $cfile = $resurl;
-            } elsif (($resurl ne '') && (&is_on_map($resurl))) { 
+            } elsif (($resurl ne '') && (&is_on_map($resurl))) {
                 if ($resurl =~ m{^/adm/$match_domain/$match_username/\d+/smppg|bulletinboard$}) {
                     $incourse = 1;
                     if ($env{'form.forceedit'}) {
@@ -5140,7 +5210,7 @@ sub flushcourselogs {
 # Typo in rev. 1.458 (2003/12/09)??
 # These should likely by $env{'course.'.$cid.'.domain'} and $env{'course.'.$cid.'.num'}
 #
-# While these ramain as  $env{'request.'.$cid.'.domain'} and $env{'request.'.$cid.'.num'}
+# While these remain as $env{'request.'.$cid.'.domain'} and $env{'request.'.$cid.'.num'}
 # $dom and $name will always be null, so the &inc() call will default to storing this data
 # in a nohist_accesscount.db file for the user rather than the course.
 #
@@ -8969,13 +9039,8 @@ sub constructaccess {
        if (exists($env{'user.priv.au./'.$ownerdomain.'/./'})) {
           return ($ownername,$ownerdomain,$ownerhome);
        }
-    } else {
-# Co-author for this?
-        if (exists($env{'user.priv.ca./'.$ownerdomain.'/'.$ownername.'./'}) ||
-            exists($env{'user.priv.aa./'.$ownerdomain.'/'.$ownername.'./'}) ) {
-            $ownerhome = &homeserver($ownername,$ownerdomain);
-            return ($ownername,$ownerdomain,$ownerhome);
-        }
+    } elsif (&is_course($ownerdomain,$ownername)) {
+# Course Authoring Space?
         if ($env{'request.course.id'}) {
             if (($ownername eq $env{'course.'.$env{'request.course.id'}.'.num'}) &&
                 ($ownerdomain eq $env{'course.'.$env{'request.course.id'}.'.domain'})) {
@@ -8985,6 +9050,14 @@ sub constructaccess {
                 }
             }
         }
+        return '';
+    } else {
+# Co-author for this?
+        if (exists($env{'user.priv.ca./'.$ownerdomain.'/'.$ownername.'./'}) ||
+            exists($env{'user.priv.aa./'.$ownerdomain.'/'.$ownername.'./'}) ) {
+            $ownerhome = &homeserver($ownername,$ownerdomain);
+            return ($ownername,$ownerdomain,$ownerhome);
+        }
     }
 
 # We don't have any access right now. If we are not possibly going to do anything about this,
@@ -12105,6 +12178,7 @@ sub stat_file {
 #             files which have a matching extension will be ignored.
 # $nonemptydir - if true, will only populate $fileshashref hash entry for a particular
 #             directory with first file found (with acceptable extension).
+# $addtopdir - if true, set $dirhashref->{'/'} = 1 
 # $toppath - Top level directory (i.e., /res/$dom/$uname or /priv/$dom/$uname
 # $relpath - Current path (relative to top level).
 # $dirhashref - reference to hash to populate with URLs of directories (Required)
@@ -12121,7 +12195,7 @@ sub stat_file {
 #
 
 sub recursedirs {
-    my ($is_home,$recurse,$include,$exclude,$nonemptydir,$toppath,$relpath,$dirhashref,$filehashref) = @_;
+    my ($is_home,$recurse,$include,$exclude,$nonemptydir,$addtopdir,$toppath,$relpath,$dirhashref,$filehashref) = @_;
     return unless (ref($dirhashref) eq 'HASH');
     my $docroot = $perlvar{'lonDocRoot'};
     my $currpath = $docroot.$toppath;
@@ -12139,7 +12213,7 @@ sub recursedirs {
         $checkexc = 1;
     }
     if ($is_home) {
-        if (opendir(my $dirh,$currpath)) {
+        if ((-e $currpath) && (opendir(my $dirh,$currpath))) {
             my $filecount = 0;
             foreach my $item (sort { lc($a) cmp lc($b) } grep(!/^\.+$/,readdir($dirh))) {
                 next if ($item eq '');
@@ -12152,7 +12226,7 @@ sub recursedirs {
                     }
                     $dirhashref->{&Apache::lonlocal::js_escape($newpath)} = 1;
                     if ($recurse) {
-                        &recursedirs($is_home,$recurse,$include,$exclude,$nonemptydir,$toppath,$newpath,$dirhashref,$filehashref);
+                        &recursedirs($is_home,$recurse,$include,$exclude,$nonemptydir,$addtopdir,$toppath,$newpath,$dirhashref,$filehashref);
                     }
                 } elsif (($savefile) || ($relpath eq '')) {
                     next if ($nonemptydir && $filecount);
@@ -12165,7 +12239,7 @@ sub recursedirs {
                             next if ($extension && $exclude->{$extension});
                         }
                     }
-                    if (($relpath eq '') && (!exists($dirhashref->{'/'})))  {
+                    if (($relpath eq '') && (!exists($dirhashref->{'/'}))) {
                         $dirhashref->{'/'} = 1;
                     }
                     if ($savefile) {
@@ -12206,7 +12280,7 @@ sub recursedirs {
                     }
                     $dirhashref->{&Apache::lonlocal::js_escape($newpath)} = 1;
                     if ($recurse) {
-                        &recursedirs($is_home,$recurse,$include,$exclude,$nonemptydir,$toppath,$newpath,$dirhashref,$filehashref);
+                        &recursedirs($is_home,$recurse,$include,$exclude,$nonemptydir,$addtopdir,$toppath,$newpath,$dirhashref,$filehashref);
                     }
                 } elsif (($savefile) || ($relpath eq '')) {
                     next if ($nonemptydir && $filecount);
@@ -12234,6 +12308,11 @@ sub recursedirs {
             }
         }
     }
+    if ($addtopdir) {
+        if (($relpath eq '') && (!exists($dirhashref->{'/'}))) {
+            $dirhashref->{'/'} = 1;
+        }
+    }
     return;
 }
 
@@ -12513,20 +12592,29 @@ sub get_domain_lti {
 }
 
 sub get_course_lti {
-    my ($cnum,$cdom) = @_;
+    my ($cnum,$cdom,$context) = @_;
+    my ($name,$cachename,%lti);
+    if ($context eq 'consumer') {
+        $name = 'ltitools';
+        $cachename = 'courseltitools';
+    } elsif ($context eq 'provider') {
+        $name = 'lti';
+        $cachename = 'courselti';
+    } else {
+        return %lti;
+    }
     my $hashid=$cdom.'_'.$cnum;
-    my %courselti;
-    my ($result,$cached)=&is_cached_new('courselti',$hashid);
+    my ($result,$cached)=&is_cached_new($cachename,$hashid);
     if (defined($cached)) {
         if (ref($result) eq 'HASH') {
-            %courselti = %{$result};
+            %lti = %{$result};
         }
     } else {
-        %courselti = &dump('lti',$cdom,$cnum,undef,undef,undef,1);
+        %lti = &dump($name,$cdom,$cnum,undef,undef,undef,1);
         my $cachetime = 24*60*60;
-        &do_cache_new('courselti',$hashid,\%courselti,$cachetime);
+        &do_cache_new($cachename,$hashid,\%lti,$cachetime);
     }
-    return %courselti;
+    return %lti;
 }
 
 sub courselti_itemid {